State of Passwords and Authentication
How can we securely log in to websites today and in the future?
A few days ago, it was World Password Day!
What is the current state of passwords?
Short passwords are easy to crack
Even is vendors store passwords in a hashed form, short and common passwords can easily be restored using Rainbow Tables.
What is the remedy?
1️⃣ Level 1: Use a long password. Use an entire sentence. If you use a password manager, you can choose any length of your password. Why not choose 25 characters? Why not 50 caracters? Why not 100 characters? There is no additional time or effort if you use a password manager.
2️⃣ Level 2: Use Two-Factor Authentication (2FA, MFA). This can be based on SMS (less secure) or a Time-based One-Time Password (TOTP) (more secure).
3️⃣ Level 3: Use a FIDO2 device, which is an additional hardware device for authentication, usually USB-based.
➡️ Next Levels: I am looking forward to broader adoption of Apple Passkeys (Link 1, Link 2) or similar technologies. They use secure asymmetric private-public key pairs, one for each site. When the private keys are securely shared between devices, this looks like to most secure solution. Even though probably not Quantum-safe, but for the time being, better than the usual passwords.
What I read
This is separate section of this newsletter. I will list some of the best articles I read on the internet. They may or may not be related to the topic of this article. I will keep a list of the best articles (currently >650) at https://www.digital-product-management.com. These are today’s picks:
Metrics Overview: A list of useful metrics for Acquisition, Referrals, Activation, Engagement, Retention, and Revenue.
Mistakes to Avoid as an Advisor: An advisor is an individual offering expertise to help others make informed decisions or achieve specific goals. Here are five mistakes not to make.
Situational Leadership: 4 different categories of behaviours that are either high or low in either direction or supportive styles.