Password generator?
Idea shared by Matthew Titley - 1/26/2017 at 8:43 AM
Hi all,
I can't recall if this has been suggested or not but a great tool to increase security would be to include the simple logic to offer auto-generation of passwords on account creation or on the password change screen for users. This might go a long way toward eliminating passwords like P@ssword1234! or similar weak passwords which meet the bare minimum requirements but are obviously weak. Along those lines, the logic which performs password analysis as you type a new password (very weak to very strong) might be helpful as well. Also a bad password dictionary might be helpful which would cross check new password choices with known dictionary attack items.
I can't imagine this would be difficult to implement.

1 Reply

Reply to Thread
My point is that when I audit passwords, frequently I've seen that users are sitting at their keyboards trying to devise a new password and then they use some stream of consciousness selection like "coffee" or "yankees" but since "coffee" itself won't work they'll add digits to get to get to the minimum. At that point they realize they have to add a special character, so they tack on an exclamation point or a dollar sign just to get it done. I see it all the time.
So, if a hacker knows that twelve characters with numbers and specials are required they can set their algorithms accordingly.
This is also the reason why I want to see better security tools. We all get SMTP abuse attempts which block an IP for some defined period of time. I'd like to get a report if a particular account is the repeated target of an attack. So, after so many separate and subsequent attacks either there is a special notification or the temp IP ban gets converted to a permanent ban, along with a special notification.
Tools and reports like this might have saved Jon Podesta some embarrassment?

Reply to Thread