Its a simple concept a shared piece of information kept secret between individuals and used to prove identity.
Passwords in an IT contextemerged in the 1960swithmainframecomputers large centrally operated computers with remote terminals for user access.
But why do we need to prove our identity to the systems we access?
And why are passwords so hard to get right?
What makes a good password?
But we now have minimum length guidelines.
This is because of entropy.
40% off TNW Conference!
By including uppercase letters, we increase our password space to 52 potential passwords.
[Read:Are EVs too expensive?
Making a password longer or more complex greatly increases the potential password space.
More password space means a more secure password.
The more complex the password, the more attempts needed to guess it.
Last year, arecord was setfor a computer trying to generate every conceivable password.
It achieved a rate faster than 100,000,000,000 guesses per second.
It also drives a lucrative online market selling passwords, some of which come with email addresses and/or usernames.
you could purchase almost 600 million passwords online for just AU$14!
How are passwords stored on websites?
Website passwords are usually stored in a protected manner using a mathematical algorithm calledhashing.
A hashed password is unrecognizable and cant be turned back into the password (an irreversible process).
This process is repeated each time you get in.
it’s possible for you to simply search for the hash to reveal the corresponding password.
This has grown to include more than 10 billion account details.
Is more complexity the solution?
You would think with so many password breaches occurring daily, we would have improved our password selection practices.
Unfortunately, last years annualSplashData password surveyhas shown little change over five years.
The 2019 annual SplashData password survey revealed the most common passwords from 2015 to 2019.
As computing capabilities increase, the solution would appear to be increased complexity.
But as humans, we are not skilled at (nor motivated to) remember highly complex passwords.
Weve also passed the point where we use only two or three systems needing a password.
A recent survey suggests there are, on average,70-80 passwords per person.
The good news is there are tools to address these issues.
This wont prevent a password from being stolen from a vulnerable website.
There are of course vulnerabilities in these solutions too, but perhaps thats a story for another day.
