As more and more companies are faced with the growing threat posed by cybercriminals, precautions are being taken to ensure security breaches such as what happened at Equifax and Yahoo! don’t happen again. Despite their best attempts, however, online users are still threatened by cybercriminals and, in some cases, the threat is growing even more mostly because of the technology itself.
In previous years, password guessing programs like John the Ripper and hashCat used automated techniques to work through all possible combinations of words and letters (AAAAA, AAAAB, AAAAC) until they got the correct combination, but this technique became intensive and relied too heavily on relatively basic algorithms and manual coding.
Is Machine Learning the Answer to Password Security?
With the help of artificial intelligence, researchers at the Stevens Institute and the New York Institute of Technology have created a program that can guess the passwords of nearly 11 million LinkedIn users. This technique trained the software to predict passwords that people are either using right now or will use in the future based on what users have done in the past.
If the results inspire you to think twice about choosing your next password, that’s the point. Machine learning is one of the most interesting developments in password security and could eventually assist in beating cybercriminals at their own game .
Machine Learning Enhances Password Complexity
Password guessing attacks are a new threat that’s difficult to predict, let alone withstand. It requires innovative methods of protection and quick response. However, thanks to machine learning, criminal activity is being detected in amazing ways. Machine learning algorithms help to check the complexity of your passwords and may even provide you with suggestions for stronger and more secure passwords. Machine learning is a highly effective approach that has been developed by experienced teams for years to protect you from modern password guessing attacks.
Best Practices to Protect Against Password Guessing Attacks
When you know cybercriminals have the technology to start guessing passwords, it becomes painfully obvious that it’s time to start getting innovative when it comes to choosing your new password. Here a few ways you can best protect yourself moving forward.
In 2017, the U.S. National Institute of Standards and Technology (NIST) updated their Special Publication 800-63 Digital Identity Guidelines and recommended users create passwords that consist of more than eight characters and spaces that create pass-phrases in combination. The NIST also recommends that users don’t use passwords that either often used or have previously been compromised.
Another common practice is multi-factor authentication. Most commonly, two-factor authentication requires users to enter a unique code that is sent to a mobile phone or shown on a personalized USB token. For any confidential account and especially remote accounts, two-factor authentication should at least be used.
Password Encryption and Masking
End-to-end password encryption ensures that your passwords are securely stored and transmitted over the network so you don’t have to worry about password database files being left unprotected. Also, when passwords are being displayed on any screen, it’s more secure to hide passwords under asterisks (*).
Restrain from Mandatory Password Changes
Commonly debated, regular password changes is something that the NIST recommends that although a mandatory policy of password changes is effective, regularly changing passwords usually ends up forcing users to choose weak passwords. Changing your password every six months is good practice, but not at the risk of compromising strong passwords.
At TED Systems, our goal is to keep your physical business and the information inside as secure as possible. If you have any questions regarding access control please contact us today.