Password are used everywhere. While they can be used to ensure secure authentication, there are many things that can diminish their usefulness to the point that they are useless. Here are a few problems with passwords:
- Short passwords: Short passwords are easy to remember but also easy to crack. Currently the minimum length of a "secure" password is considered to be eight characters if it contains upper case, lower case, numbers, and special characters. However, as computing power increases, the length of time that it takes to crack an eight password decreases. For this reason, more and more organizations are starting to push for 10 character passwords while others are moving to even longer passphrases.
- Too many passwords: Passwords are used everywhere. The average person has so many passwords, they find it very difficult to remember them all. As a result, users often make poor security choices such as:
- Reusing the same password: When the same password is used for multiple applications, a single compromise can put many other systems at risk. This is bad enough when the same password is used for applications at the same security level, such as personal email and social media accounts. However, it is much worse when applications are at different security levels. For example, if users use the same password for their social networking site login and their corporate VPN account.
- Writing passwords down: When overwhelmed with numerous passwords, some users start writing them down or putting them in insecure files that can be easily accessed by others.
- Failing to change them regularly: Unchanged passwords can allow unauthorzed users to have long-term access to systems.
- Using a highly predictable pattern to create new passwords: Similar to reusing passwords and writing passwords down, using the same simple pattern to create passwords can allow attackers to gain access to multiple systems and retain that access indefinitely.
- Multiple devices: Multiple devices complicate password management. Many applications have the option to remember a user's password. For example, email clients and web browsers often do so. However, when users have multiple devices, changing passwords becomes a real nuisance since the password needs to be manually synchronized and changed in multiple places.
- Insecure password storage: While many application will store users' passwords, they often do little to protect them and are easily compromised.
To help address these and other issues associated with password management, we created TheVault.