More threads by Practic

Practic

Member
Joined
Nov 29, 2022
Messages
89
According to the recent report (see [1]), businesses, organizations, and governments spent over 10 billion USD on cyber security training, each year since 2019. Despite such significant efforts and costs over 30% of employees still use weak passwords or reuse old passwords (see [2, 5]). Among the reasons cited, people name complexity and inconvenience of suggested to them methods.

Even so these people forms a minority, this fact does not help to eliminate cyber security vulnerabilities, because even a single employee with a weak, reused or compromised password is enough to break the cyber security of her/his employer.

An ideal solution for such persons is a tool, which can generate multiple passwords with a single click and also to change all passwords very easy (with a single click).

A free tool dynpass.online (public DPG) allows to generate 20 strong passwords with a single click and also to change all passwords with a single click. Additional advantages of dynamical passwords generators (DPGs) are:

-no logins;

-no installations, synchronizations, updating, upgrading, etc.;

-no master passwords;

-not saved in any place;

-with a click generate many strong passwords for many online accounts (20 for public DPGs, 100 for private DPGs);

-ability to create unhackable passwords (see [3]);

-ability to create multi factor authentication (MFA see [4]);

-for a single key generate a unique sequence of different strong passwords, which can be changed even on daily basis;

-accessible from any device connected to internet via a web browser.


“There are two kinds of companies in the world: those that have been breached by criminals, and those that have been breached and don’t know it yet.”

Source https://securityintelligence.com/posts/how-to-keep-secrets-safe-password-primer/



References:


1 Cyber security training market report 2022

Cyber Security Training market Report 2022 - Research with Future Trends


2 Cost of credential stuffing attacks

The Full Economic Cost of Credential Stuffing Attacks

Security: Credential Stuffing vs. Password Spraying | Baeldung on Computer Science


3 Unhackable passwords

https://www.publish0x.com/simple-so...ate-unhackable-passwords-xeenglp?a=pnelxGQjeK


4 MFA with DPGs

https://www.publish0x.com/simple-so...authentication-with-dyna-xgjeplq?a=pnelxGQjeK


5 Password reuse problem

What is password reuse, and why is it a security problem?

How to Prevent Password Reuse in your Organization

What is a Password Reuse attack? | Security Encyclopedia

Dangers of reusing passwords – Know why is it bad and how you can avoid it

Password Reuse Problems Persist Despite Known Risks
 

Practic

Member
Joined
Nov 29, 2022
Messages
89
There are serious problems with strong passwords and the traditional ways to manage them.



Problem 1. Passwords fatigue (see https://www.publish0x.com/simple-so...to-solve-the-password-fatigue-problem-xjdjqpv



Annoyed by Passwords? Research Shows It's Not Just You)



Problem 2. Strong passwords, usually, are managed with passwords managers, which require a single master password to access all other passwords. This create a serious vulnerability and security risk, because it concentrates the risks (put all eggs into one basket) and violates the main axiom of risk management ( do not put all eggs into a single basket).



Problem 3. Saving passwords in encrypted files, which are stored on some computer 24 hours per day 7 days per week is not secure, because these files can be hacked, damaged, stolen, broken, confiscated, etc. (see Struggling LastPass Suffers New Data Breach. Is Your Account at Risk? ). Distributed storage does not reduce this risk because on modern computers it is easy to loop over multiple computers (IP addresses) and hack files on different computers. It only slightly increase time to accomplish the task.



Problem 4. Storing passwords in encrypted files is a security risk, because modern quantum computers can break this encryption. See https://dynpass.online/pqc.html Quantum computing could break the internet. This is how



Dynamical passwords generators (DPGs) do not have these problems.
 
Top Bottom