Saturday, December 7, 2013

Two Passwords Are More Secure Than One

(I mean two passwords where either one can be used to log in.)

Most people know that they should change their passwords often. So why don’t they?

One reason is that it is easy to make a mistake while changing passwords. “password” fields which don’t show the characters entered invite mistakes. Password managers, such as LastPass, but also those of Chrome and Apple, plus two-factor authentication add levels of complexity and uncertainty. People who rarely change their password must spend time reviewing rules.

But the main reason is that there is a serious penalty for changing your password and not recording the new password properly: You can be locked out of an account. This is an urgent, critical problem on a key account.

Strategy: Reduce the penalty for making an error in changing a password. Specifically: websites should enable two passwords to be active at the same time on an account.

With this approach you can set a new password, then test it. If the new password works, then trash the old password. If testing the new password fails, then log in with the old password and trash the new password, and try again.

This approach reduces the fear associated with changing a password and the time penalty to correct an error while changing the password.

Having two passwords doubles the odds that a hacker can guess one of your password by brute force. So you are half as secure, right? Technically, on average, yes. But you are far, far more secure from password misappropriation.

Actually, you increase the odds of a successful brute force attack only if your passwords are taken while you have two passwords active. If you change your password monthly and have two passwords active for only a few minutes per month, then the real increase in risk is not a factor of 2.0 but is something like 1.0002.

Conclusion: enabling two active passwords per account improves security.

No comments:

Post a Comment