Submitted via IRC for TheMightyBuzzard
A global study from IBM Security examining consumer perspectives around digital identity and authentication today, found that people now prioritize security over convenience when logging into applications and devices.
Generational differences also emerged showing that younger adults are putting less care into traditional password hygiene, yet are more likely to use biometrics, multifactor authentication and password managers to improve their personal security.
With millennials quickly becoming the largest generation in today's workforce, these trends may impact how employers and technology companies provide access to devices and applications in the near future. Overall, respondents recognized the benefits of biometric technologies like fingerprint readers, facial scans and voice recognition, as threats to their digital identity continue to mount.
Source: https://www.helpnetsecurity.com/2018/01/29/authentication-today/
(Score: 3, Informative) by pipedwho on Wednesday January 31 2018, @02:20AM
Using the Bible as your input dictionary to a simple function with an offset and length, the total search space is about 33 bits. There are about 785,000 words in the bible which are relatively unique if taken in blocks of at least 5 or 6 words. The total length of your 'snippet' is likely to want to be below about 10,000 words to avoid too much heavy duty copy and pasting from your external bible source.
So your offset and length taken together become the entropy input to your final password. So with about 19.6 bits + 13.3 bits of input choice, you have a brute forceable search space of around 33 bits if someone is actively attacking your password with the bible as a known dictionary source.
You could improve this by having a huge library of books that you also pick from. Say you pick randomly from 100,000 books at your disposal. That gives you another 16.6 bits of input. Now you're at 49+ bits. That's a bit better.
But, that's a lot of work to go through when for even better memorisable entropy you could just take 4 or 5 randomly selected words from a dictionary of 10,000 words and commit those to memory.
Oh yeah, I completely agree with the sites storing hashes instead of ridiculous password limitations and requirements. They should just require at least 8 characters of any type with no limits on length or content.