[Updated, 2020-05-14] Mr. Henry Williams is a deputy editor for The Wall Street Journal in New York, and he reported on something we just also recommended. Here is an excerpt with a link to the full article at the end. You should forward this to your C-suite: Two researchers say they have come up with a system that makes passphrases more secure and practical. We all know the drill: When signing up at a website, you’re told to choose a password. It has to be at least a certain number of characters. It must contain letters and at least one number and perhaps at least one special character. Oh, but some special characters aren’t acceptable.
The death of complicated passwords—which are both hard to remember and not that secure—has been forecast for years, but reality hasn’t quite caught up yet. Now, however, two researchers have developed an idea for replacing passwords with more-secure passphrases that people will actually remember and use. Kevin Juang, a former doctoral student at Clemson University, and his co-author and adviser, Joel Greenstein, have created a working prototype of an online system for websites and their registered users to replace passwords with randomly generated passphrases that in theory, in combination with other cues, will be much easier to remember and to enter accurately. Passphrases have been discussed in online-security research for over 30 years, but most websites and apps still use passwords. Partly, that’s because long passphrases are harder to type, leading to more log-in failures, but it’s also because users tend to pick phrases from common sources, likes song lyrics, making them easy for hackers to figure out. People also sometimes use a passphrase on more than one website, or use a certain word repeatedly to make the passphrase even easier to remember. Williams, Henry. “Forget Passwords. It’s time for Passphrases” The Wall Street Journal.
Wall Street Journal Article: “Forget Passwords It’s time for Passwords”
This is only one aspect of our layered security strategy that our cybersecurity team has been recommending to our customers. To see how fast any of your complex passwords can be cracked, go to www.passfault.com. A good place to start is to see if your employees credentials (email and password combinations) are on the Dark Web. Right now, we are offering a complementary Dark Web Scan for your business’s email domain. This report will immediately reveal if you or any of your employees have been compromised within the last 36 months. If nothing turns up, you’ll have peace of mind and you can take preventative actions to make sure it stays that way. On the other hand, if the report reveals a compromise, you are in the best position to take the next logical step towards protecting your business! You can always contact us at [email protected] or by calling (732) 780-8615 if you have any questions about what you can be doing to put your business in the best position to avoid a cyber security breach