WSJ: "Forget Passwords. It’s Time for Passphrases."



iStock-806861356Mr. Henry Williams is a deputy editor for The Wall Street Journal in New York, and he reported on something we just also recommended. Here is an excerpt with a link to the full article at the end. You should forward this to your C-suite:
 

Two researchers say they have come up with a system that makes passphrases more secure and practical

We all know the drill: When signing up at a website, you’re told to choose a password. It has to be at least a certain number of characters. It must contain letters and at least one number and perhaps at least one special character. Oh, but some special characters aren’t acceptable.

The death of complicated passwords—which are both hard to remember and not that secure—has been forecast for years, but reality hasn’t quite caught up yet.

Now, however, two researchers have developed an idea for replacing passwords with more-secure passphrases that people will actually remember and use.  

Kevin Juang, a former doctoral student at Clemson University, and his co-author and adviser, Joel Greenstein, have created a working prototype of an online system for websites and their registered users to replace passwords with randomly generated passphrases that in theory, in combination with other cues, will be much easier to remember and to enter accurately.

Passphrases have been discussed in online-security research for over 30 years, but most websites and apps still use passwords. Partly, that’s because long passphrases are harder to type, leading to more log-in failures, but it’s also because users tend to pick phrases from common sources, likes song lyrics, making them easy for hackers to figure out. People also sometimes use a passphrase on more than one website, or use a certain word repeatedly to make the passphrase even easier to remember. Here is the link to the WSJ Article.

https://www.wsj.com/articles/forget-passwords-its-time-for-passphrases-1537322580

KnowBe4 recently also recommended the very same thing. And we showed how fast a complex password can be cracked. How Fast Can Your Domain Admin Password Be Cracked?

WATCH THIS VIDEO THAT SHOWS HOW FAST PASSWORDS CAN BE CRACKED

 


wpt-contest-nintendo-switch

Are your user’s passwords…P@ssw0rd? Verizon's Data Breach Report showed that 81% of hacking-related breaches used either stolen and/or weak passwords. Employees are the weakest link in your network security, using weak passwords and falling for phishing and social engineering attacks.

KnowBe4's Weak Password Test checks your Active Directory for 10 different types of weak password related threats and reports any fails so that you can take action. Plus, you’ll be entered to win a Nintendo Switch! 

WPT gives you a quick look at the effectiveness of your password policies and any fails so that you can take action. WPT tests against 10 types of weak password related threats for example; Weak, Duplicate, Empty, Never Expires, plus 6 more.

wpt02Here's how Weak Password Test works:

checkmark Reports on the accounts that are affected

checkmark Tests against 10 types of weak password related threats

checkmark Does not show/report on the actual passwords of accounts

checkmark Just download the install and run it  

checkmark Results in a few minutes! 


This will take you 5 minutes and may give you some insights you never expected. By the way, this is a free tool!

Get Your Weak Password Test Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://info.knowbe4.com/wpt-sweepstakes-092018


Topics: Passwords

Subscribe To Our Blog


2019 National Cybersecurity Awareness Month Resource Kit




Get the latest about social engineering

Subscribe to CyberheistNews