Are Emojis the Answer to Stronger Passwords?

Emojis - Identity

Are Emojis the Answer to Stronger Passwords?

As I’ve stated before, passwords are like cockroaches. No matter how hard the identity community tries, they keep scuttling out of the corners – another SaaS new app here, another new mobile app there. And though federation adoption is increasing, legitimate concerns over relying parties being given more data than they require are impacting the consumer market.

So passwords aren’t going away. Once we acknowledge that, it’s time to also acknowledge that common wisdom about what makes a password secure is also outdated. Research on how password attacks are actually performed and how passwords are often successfully obtained by other methods, and resulting updated guidelines from NIST and Microsoft, indicate that it’s time we change password policies to acknowledge these realities.

One interesting finding of this research is that despite strong password guidelines, the human brain can only handle so much complexity. When confronted with a draconian password policy, we tend to fall into predictable patterns. (How many of us have appended a “1, “2”, then “3” on successive passwords? Okay, perhaps not this audience. But certainly your aunts do.) And hackers know how to exploit these patterns to crack your password. As a result, one recommendation is that authentication systems get smarter to reduce the burden on the user.

For example, why not allow spaces or even emoji in a password? Users have been programmed to not use these patterns, but there’s no reason that authenticators can’t be updated to handle these Unicode characters.

Since they have potentially such a wide impact, password policies are slowly and carefully updated. But as identity and security professionals, it’s our job to embrace the world as it is and adapt our policies to combat what’s really happening out there in the wild.

By Sean Deuby, Identity Architect, Edgile

 

View More Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Excited to be leading such a great Enterprise Identity Track lineup at this year's @Identiverse where we will have fantastic talks from Tejas Dharami, Will Rose, @GoneSecuring, Namitha Krishna, @bpuhl, & @krobert7. Hope to see you in DC in June! https://t.co/C2BLJ6hmQ3

Put the candy hearts away. We have something you’re really going to love! With 4 months to go, we can’t think of a better way to share the love this #ValentinesDay than giving the gift of #Identiverse! Use code: "identiverselove" by Feb 16 to get 50% off! https://t.co/qgjYZR0vJ2

As the @FIDOAlliance continues to strive for a stronger #authentication world w/o #passwords, the rapid adoption of the #FIDO2 standard is showing a lot of promise. Read this #Identiverse blog for FIDO2 specs & how it’s enabling deployment at scale. https://t.co/KD5RehxToS

Identity pros - find the DC area @WomeninID you work with and encourage them to come meet their industry peers next week. A little bit of time spent could have great results! https://t.co/WRJ8cZdoGn

Many people have asked how #Identiverse continually produces an identity industry conference agenda that sets the bar so high. So from our CFPs to committee review to speakers taking the stage, here’s how it works. @andrewhindle https://t.co/hTVcrnEyDL

Load More...

Enter your details to receive email updates from Identiverse