Two researchers say they have come up with a system that makes passphrases more secure and practical
We all know the drill: When signing up at a website, you’re told to choose a password. It has to be at least a certain number of characters. It must contain letters and at least one number and perhaps at least one special character. Oh, but some special characters aren’t acceptable.
The death of complicated passwords—which are both hard to remember and not that secure—has been forecast for years, but reality hasn’t quite caught up yet.
Now, however, two researchers have developed an idea for replacing passwords with more-secure passphrases that people will actually remember and use.
Kevin Juang, a former doctoral student at Clemson University, and his co-author and adviser, Joel Greenstein, have created a working prototype of an online system for websites and their registered users to replace passwords with randomly generated passphrases that in theory, in combination with other cues, will be much easier to remember and to enter accurately.
Passphrases have been discussed in online-security research for over 30 years, but most websites and apps still use passwords. Partly, that’s because long passphrases are harder to type, leading to more log-in failures, but it’s also because users tend to pick phrases from common sources, likes song lyrics, making them easy for hackers to figure out. People also sometimes use a passphrase on more than one website, or use a certain word repeatedly to make the passphrase even easier to remember. Here is the link to the WSJ Article.
KnowBe4 recently also recommended the very same thing. And we showed how fast a complex password can be cracked. How Fast Can Your Domain Admin Password Be Cracked?
WATCH THIS VIDEO THAT SHOWS HOW FAST PASSWORDS CAN BE CRACKED
Are your user’s passwords…P@ssw0rd? Verizon's Data Breach Report showed that 81% of hacking-related breaches used either stolen and/or weak passwords. Employees are the weakest link in your network security, using weak passwords and falling for phishing and social engineering attacks.
KnowBe4's Weak Password Test checks your Active Directory for 10 different types of weak password related threats and reports any fails so that you can take action. Plus, you’ll be entered to win a Nintendo Switch!
WPT gives you a quick look at the effectiveness of your password policies and any fails so that you can take action. WPT tests against 10 types of weak password related threats for example; Weak, Duplicate, Empty, Never Expires, plus 6 more.
Here's how Weak Password Test works:
Reports on the accounts that are affected
Tests against 10 types of weak password related threats
Does not show/report on the actual passwords of accounts
Just download the install and run it
Results in a few minutes!
This will take you 5 minutes and may give you some insights you never expected. By the way, this is a free tool!
PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser: