It goes on to talk about a machine that IBM built (the Cracken) that can crack any password up to 14 characters in 5 minutes or less. This is irrespective of using special characters or not. Please read the article and then realize you must choose to deploy your own best practices. Key highlights in the article highlight that our current system of using Username Password logins is “deeply flawed”. So how do we achieve fewer hacks?
The recommendations from the article are that you “GO LONG” meaning it is asking al of us to create Passwords longer than 14 characters now. This is an encumbrance on all of us as we have to remember use and store these now very lengthy passwords.
It goes on to discuss Password Managers. The perceived benefit of these is that you no longer have to remember the lengthy passwords. The program just auto-fills them for you. The issue is that now you have one master password protecting all your accounts and if it gets compromised they are all now at risk. It also tends to create a false sense of protection as using one tends to lead to less changes of the ones that matter most.
The next recommendation is to use multi-factor authentication. By now you should be aware of MFA. It is a import aspect of strengthening you login. However this typically adds complication to the login for most MFA solutions use some method of a one time passcode (OTP) that you are required to enter. Another flaw with them is in the way that One time passcode (OTP) is delivered can be vulnerable to man in the middle attacks. Mostly it is just a frustrating addition to your already frustrating login.
Now the article goes on to talk about needing a variety of Passwords. With most users having anywhere from 70 to 100+ logins this becomes another burden to the individual. This leads individuals to using variations of the same password if not the same password. I am personally guilty.
See the article for more info. In short it says we should lie when answering security questions. This makes it harder to guess your answers.
Part of the solution
All of the above is what lead to the creation of TraitWare a Simple Secure Login. TraitWare achieves all the recommendations above while reducing the friction for the individual. The article in CNBC states there is no on perfect solution and that there is a need for multiple layers. We believe TraitWare helps to improve the security and simplicity at the most important location. It was created with User experience at the forefront and has very strong Multi-factor Authentication. Available now for WordPress websites and for Enterprise business solutions such as GSUITES, Office365, and more.