-
Notifications
You must be signed in to change notification settings - Fork 0
Human Authentication
Thomas Orlando edited this page Jul 5, 2020
·
5 revisions
Strong traditional passwords are generally hard to remember, which incentivises human users to pick weaker ones, or to reuse their passwords across multiple authentication instances. To avoid this, information about the potential benefits of using a passphrase instead of a traditional password should be provided by the human interface to your system (e.g. when being asked to create a password for a new account). Always assume a user doesn't know much about authentication; relying on users being educated before they use your system is a recipe for weak passwords.
- At least 12 characters: There's no widely agreed-upon minimum password length, but traditional passwords should be at least 12–14 characters long. Of course, longer passwords are always better.
- Numbers, symbols, capital letters and lower-case letters: Different character types should be mixed to make passwords harder to crack. However, when mixing character types one should be careful to use...
-
No obvious substitutions: For example,
H0use, or evenH0u$3isn't very strong, since this kind of substitution is obvious. In general, anything that is a part of basic leetspeak should be avoided. -
No easy to guess patterns: Even if a password uses more than 20 characters, it can still be vulnerable if it contains patterns (repetitions, enumerations, etc.) like
1234567891011121314,109876543210,hEl10$_hEl10$_hEl10$_hEl10$_,$arX37$arX37.
Titan is able to detect some of these weak passwords. [Further Explanation Required]
- Authentication - Wikipedia (if you want to learn more about authentication in general)