In the lines of Mark Twain, the reports of the demise of the password are greatly exaggerated. For the moment, predicating the approaching decease of the ubiquitous password is aspirational thinking, as they are likely to be around for an undetermined time to come.
Currently, there is a host of authentication methods that are becoming prevalent by the day. These include biometric fingerprinting, multifactor authentication and other forms of certifications. But, passwords will continue to remain a universal form of validation, which brings us to the point on focusing efforts to improve their efficacy, not replace them.
Way back in 1960, when passwords were first employed at MIT, they constituted alphabets, figures and punctuation characters from the American Standard Code for Information Interchange (ASCII) character coding. In spite of its long lifespan, ASCII continues to persist as the prevailing source for password characters across the globe.
However, the key significant disadvantage of traditional passwords is the fixed count of allowed attributes from ASCII characters. For a password with ‘x’ attributes inferred from ‘y’ permitted attributes, there are ‘xy‘ password sequences. Throughout its history, most passwords have been confined to the prescribed set of the ASCII characters, however, today no sufficient grounds persists for disallowing a blank space or any other “exceptional” attribute in a password. Nonetheless, these detrimental restrictions exist, thus hampering the evolution of passwords as a robust data security feature.
Cyber terrorists, hackers, analysts and penetration examiners employ exceptionally advanced password cracking processes to breach passwords in a myriad of ways. It is seen that the best way to attack passwords is to load the advanced password-cracking tools with a dictionary containing innumerable passwords swiped from preceding exploits, classified with the most dominant passwords at the top.
The solution would be to go beyond the ASCII system and also include the Unicode system. A Unicode-empowered arrangement would also allow a variety of symbols to be employed, additionally boost the password. Making use of even one non-ASCII character in a password can make the exhaustive key search, also known as generating and test, as well as dictionary attacks impracticable. One of the functional properties of Unicode is that all 256-byte values are employed because of the sheer count of encrypted attributes.
In 2016 alone, billions of passwords were exploited and laid exposed by hackers and cyber terrorists. If decisive action is not taken in 2017 and beyond, the situation will get worse with greater compromise. Although there might be development in terms of looking at various aspects of resolving the password dilemma, authorizing the discretionary usage of Unicode in passwords would be the singular most significant step that can be taken to steady the playing field against cyber terrorists.
The decisive point here is that passwords are still a significant safety facet in digital life. Acknowledged, that dealing with passwords for numerous activities can be a long-winded, weary chore, but the complexity of passwords is the need of the hour, now more than ever, particularly now that even the length of passphrases can be cracked through sophisticated methods.
This article was contributed on behalf of Locklizard, a digital rights management company producing document encryption products. Visit website www.locklizard.com for more information.