Two researchers say they have come up with a system that makes passphrases more secure and practical
We all know the drill: When signing up at a website, you’re told to choose a password. It has to be at least a certain number of characters. It must contain letters and at least one number and perhaps at least one special character. Oh, but some special characters aren’t acceptable.
The death of complicated passwords—which are both hard to remember and not that secure—has been forecast for years, but reality hasn’t quite caught up yet.
Now, however, two researchers have developed an idea for replacing passwords with more-secure passphrases that people will actually remember and use.
Kevin Juang, a former doctoral student at Clemson University, and his co-author and adviser, Joel Greenstein, have created a working prototype of an online system for websites and their registered users to replace passwords with randomly generated passphrases that in theory, in combination with other cues, will be much easier to remember and to enter accurately.
Passphrases have been discussed in online-security research for over 30 years, but most websites and apps still use passwords. Partly, that’s because long passphrases are harder to type, leading to more log-in failures, but it’s also because users tend to pick phrases from common sources, likes song lyrics, making them easy for hackers to figure out. People also sometimes use a passphrase on more than one website, or use a certain word repeatedly to make the passphrase even easier to remember. Here is the link to the WSJ Article.
https://www.wsj.com/articles/forget-passwords-its-time-for-passphrases-1537322580
KnowBe4 recently also recommended the very same thing. And we showed how fast a complex password can be cracked. How Fast Can Your Domain Admin Password Be Cracked?
WATCH THIS VIDEO THAT SHOWS HOW FAST PASSWORDS CAN BE CRACKED