SoylentNews is people
SoylentNews
from the isn't-it-about-time-to-move-on dept.
Submitted via IRC for TheMightyBuzzard
A global study from IBM Security examining consumer perspectives around digital identity and authentication today, found that people now prioritize security over convenience when logging into applications and devices.
Generational differences also emerged showing that younger adults are putting less care into traditional password hygiene, yet are more likely to use biometrics, multifactor authentication and password managers to improve their personal security.
With millennials quickly becoming the largest generation in today's workforce, these trends may impact how employers and technology companies provide access to devices and applications in the near future. Overall, respondents recognized the benefits of biometric technologies like fingerprint readers, facial scans and voice recognition, as threats to their digital identity continue to mount.
Source: https://www.helpnetsecurity.com/2018/01/29/authentication-today/
(Score: 1) by anubi on Tuesday January 30 2018, @09:00AM (4 children)
I was thinking of something that was easy for ME to remember... I may remember a lengthy Bible verse much easier than even 16 bytes of something meaningless to me. And, to save typing, cut and paste. And longer, if I deliberately wanted to obfuscate, or it could be just one character.
If I wanted, I could make a "password generator" that predigests a "master password" into the MD5, and base all my "stored passwords" off of that, so even if my password generator was compromised, it has no idea of the "master password" that was digested first - still rendering someone with a lot of work to do. Nothing saying I can't send them my MD5, and they MD5 that again for their database.
I am trying to think of basing my encryption off of little things I know or can recreate.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by xorsyst on Tuesday January 30 2018, @09:44AM (1 child)
I think what you're after is basically supergenpass - it's a javascript applet / phone app that combines the site's domain name and a master password you specify, MD5s them, and generates a 10 character password for the site.
(Score: 1) by anubi on Tuesday January 30 2018, @10:00AM
Yes... that's the ticket!
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by DannyB on Tuesday January 30 2018, @05:48PM
I remember (quotable aloud) Romans 6, 7, 8, 12. The book of Philippians (4 chapters), and the first 3 chapters of 1 John (letter, not gospel of). I also have encyclopedic knowledge of The Revelation. I can almost quote large passages of it. But I know the text and events described better than I know the Star Trek canon. (And I don't try to read anything into the text.) Then I happen to additionally know many other scattered verses here and there.
I would say that I have a fair amount of material I could use as password material, with a few digits and symbols sprinkled in.
You could also form passwords from meaningful combinations of words like David Bathsheba Uriiah.
The lower I set my standards the more accomplishments I have.
(Score: 3, Informative) by pipedwho on Wednesday January 31 2018, @02:20AM
Using the Bible as your input dictionary to a simple function with an offset and length, the total search space is about 33 bits. There are about 785,000 words in the bible which are relatively unique if taken in blocks of at least 5 or 6 words. The total length of your 'snippet' is likely to want to be below about 10,000 words to avoid too much heavy duty copy and pasting from your external bible source.
So your offset and length taken together become the entropy input to your final password. So with about 19.6 bits + 13.3 bits of input choice, you have a brute forceable search space of around 33 bits if someone is actively attacking your password with the bible as a known dictionary source.
You could improve this by having a huge library of books that you also pick from. Say you pick randomly from 100,000 books at your disposal. That gives you another 16.6 bits of input. Now you're at 49+ bits. That's a bit better.
But, that's a lot of work to go through when for even better memorisable entropy you could just take 4 or 5 randomly selected words from a dictionary of 10,000 words and commit those to memory.
Oh yeah, I completely agree with the sites storing hashes instead of ridiculous password limitations and requirements. They should just require at least 8 characters of any type with no limits on length or content.