Several high profile breaches so far this year have brought some much needed attention back around to the topic of password security. Odd that in the years since the World Wide Web was first founded, the username password paradigm remains relatively unchanged. Technologies, browsers, design and usability have all evolved exponentially, and yet the same authentication methodologies have persisted for nearly two decades.
In some ways, we are almost regressing in our ability to protect our private information online. Security questions based on public data, linked accounts which can be recovered through basic social engineering tricks, and password reuse have all served to further destabilize an already flawed system.Attempts at educating users on proper password policy has been limited to a fuzzy stream of seemingly over complicated policies, oversimplified “rules”, and increasing characters, symbols and numbers, without much consideration for the implications of a poor password choice.