A simple way to convert a weak password into 100 super strong passwords


 

In the current epoch, an average user has over 100 online accounts and is required by employers, businesses, organizations and governments to have strong and different passwords for these accounts, which should be also periodically changed by the user.

This creates inconveniences and stresses for users, who prefer simplicity and convenience.

The US Office of the Inspector General audited the Department of the Interior to judge the security of its accounts. The results were not encouraging, as auditors found that more than 20% of passwords were weak and could be cracked (see [1]).

In a recent study (see [2]), which analyzed over 18 million of passwords, it was found that the most popular passwords are weak passwords. Top 10 passwords, according to the report, used in the world are:

  • 123456

  • password

  • 123456789

  • 12345

  • 12345678

  • qwerty

  • 1234567

  • 111111

  • 1234567890

  • 123123

As we can see, anyone who would test the most used passwords on any website would be able to compromise online accounts of users, who use such or similar passwords.

How to resolve this contradiction (security for businesses vs simplicity and convenience for users)?

In this post we consider a simple way to convert a weak password, like “qwerty” or “12345” into 100 super strong passwords.

First of all, we go to https://www.passwordmonster.com/ and test this password “qwerty”.

p1

As we can see this password can be cracked in less than 44 seconds.
Now, we use a private dynamical password generator (DPG) to generate 100 super strong passwords using “qwerty” as a key and “2/2/2022” as a date.

p2

100 super strong passwords will be generated after we click on the “Go” button.

p3

 

If we test the generated passwords we will see that they are super strong and secure.

 

p4

These passwords are unique for each private DPG. In other words any two different private DPGs will generate different passwords for the same keys and dates.

To change quickly all passwords, the user needs only to change a date. In this way, the user will be able to generate new 100 super strong passwords every day. If it will be restrictions on symbols to use in passwords then the user can delete these symbols from the generated passwords.

 

As we can see this approach has the main advantage -simplicity.

The second advantage of these passwords is that users do not need to save them in any place, therefore they can not be hacked, broken, stolen, damaged, confiscated, etc. as passwords stored in encrypted files (see [3]). Users can generate the passwords when they need them.

The third advantage of these passwords is that they can not be hacked by quantum computers, because they do not rely on encryption algorithms.

The fourth advantage of these passwords is that users can copy/paste them into login forms, not type them on keyboards. Therefore, these passwords can not be intercepted by key-loggers or other types of malware or spyware.

Statistically, over 10% of users forget or lose their passwords or private keys for encrypted data. This is not a big problem if there is a password or private key recovery option, but it becomes a disaster when there is no a way to recover the lost or forgotten password or private key. According to cryptocurrency data firm Chainalysis, over three million bitcoins are considered lost due to forgotten passwords. Stefan Thomas, San Francisco-based investor became famous when he revealed that he lost his private key to the hardware based cryptowallet IronKey, which holds 7,002 bitcoins (see [4]). If a user uses the described method the risk to repeat Stefan Thomas’s fate will be reduced.

As we can see, any big organization or business has users, who use weak passwords. Via these weak passwords hackers can get access to the organization/business digital or financial assets by means of testing different combinations from lists of weak passwords. To prevent such hacks each user should have a tool to convert weak passwords into strong passwords.

 

References:

[1] US Federal Agency Employees Use Weak Passwords that Can be Cracked or Guessed Quickly, Audit Finds

https://www.bitdefender.com/blog/hotforsecurity/us-federal-agency-employees-use-weak-passwords-that-can-be-cracked-or-guessed-quickly-audit-finds/

[2] 20 Most Hacked Passwords in 2023: Is Yours Here?

https://www.safetydetectives.com/blog/the-most-hacked-passwords-in-the-world/

[3] Why You Should Stop Using LastPass After New Hack Method Update
https://www.forbes.com/sites/daveywinder/2023/03/03/why-you-should-stop-using-lastpass-after-new-hack-method-update/

[4] Lost Passwords Lock Millionaires Out of Their Bitcoin Fortunes.

https://www.nytimes.com/2021/01/12/technology/bitcoin-passwords-wallets-fortunes.html

 

 

 

 

 

 

 

 

 

 

 

How do you rate this article?

24


I_g_o_r
I_g_o_r

I am curious about science, technologies and their applications to solving real problems.


Simple solutions to complex problems
Simple solutions to complex problems

Each post is devoted to a simple solution to a complex problem.

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.