- Dec 30, 2012
- 4,809
Better password security and usability may be possible, thanks to GOTPass authentication. Read why researchers say the system is difficult to hack.
"Humans suck at choosing passwords," writes security pundit Graham Cluley. That is hard to argue according to SplashData (TeamsID), which reported on 2015's worst passwords, with 123456 and password ranking as the most commonly used passwords.
"In SplashData's fifth annual report, compiled from more than 2 million leaked passwords during the year, some new and longer passwords made their debut — perhaps showing an effort by both websites and web users to be more secure," mentions Morgan Sloan, CEO of SplashData. "However, the longer passwords are so simple as to make their extra length virtually worthless as a security measure."
To get humans out of the password-creating business, Cluley writes, "I recommend that people invest in a password management tool, capable of generating truly random, impossible to guess passwords, and then doing the important job of remembering them for you, so you don't need to reuse them for every site you access."
However, password managers are not perfect. For example, the popular LastPass password manager may be secure, but it has issues.
"On Saturday, January 16, security researcher Sean Cassidy gave a presentation at hacker convention Shmoocon demonstrating a phishing attack against LastPass," writes a spokesperson from LastPass. "In this attack, a user is directed to a malicious website, and the page generates a notification that looks like a LastPass notification. The fake notification tricks the user into thinking they were logged out of LastPass, then directs them to log in again by entering their master password, and their two-factor authentication data if they have it turned on."
The spokesperson then adds that this is not a vulnerability in LastPass. The company has published how to mitigate any risk of this particular attack.
What is the answer?
Further reading
"Humans suck at choosing passwords," writes security pundit Graham Cluley. That is hard to argue according to SplashData (TeamsID), which reported on 2015's worst passwords, with 123456 and password ranking as the most commonly used passwords.
"In SplashData's fifth annual report, compiled from more than 2 million leaked passwords during the year, some new and longer passwords made their debut — perhaps showing an effort by both websites and web users to be more secure," mentions Morgan Sloan, CEO of SplashData. "However, the longer passwords are so simple as to make their extra length virtually worthless as a security measure."
To get humans out of the password-creating business, Cluley writes, "I recommend that people invest in a password management tool, capable of generating truly random, impossible to guess passwords, and then doing the important job of remembering them for you, so you don't need to reuse them for every site you access."
However, password managers are not perfect. For example, the popular LastPass password manager may be secure, but it has issues.
"On Saturday, January 16, security researcher Sean Cassidy gave a presentation at hacker convention Shmoocon demonstrating a phishing attack against LastPass," writes a spokesperson from LastPass. "In this attack, a user is directed to a malicious website, and the page generates a notification that looks like a LastPass notification. The fake notification tricks the user into thinking they were logged out of LastPass, then directs them to log in again by entering their master password, and their two-factor authentication data if they have it turned on."
The spokesperson then adds that this is not a vulnerability in LastPass. The company has published how to mitigate any risk of this particular attack.
What is the answer?
Further reading