Blog Home > Uncategorized > Dynamic Passwords – The Future of Authentication

Dynamic Passwords – The Future of Authentication

| 3 Comments

dynamic passwordIn our last post we talked a lot about the static password and some of the benefits to ditching them for a fluid, dynamic password instead. Of course, we also discussed a specific authority figure in the world of technology who boldly declared that passwords “just don’t meet the challenge for anything you really want to secure.” The person who quipped this? His name is Bill Gates, and he’s not wrong. But then again, here we are, years later, and the password is still the cornerstone of authentication for many websites, applications, etc. So, if the password as a concept is going to stubbornly refuse to be left in the ash heap of computer history, we should probably talk about how we can make the password a little bit better with the benefits of the dynamic password.

Getting Away from the Static Password: Part II – The Dynamic Password

Chances are, what you use today would be referred to as a “static password.” A static password is simply that: a password that, once set, is left unchanged.  Hacking static passwords is not a difficult task for even your typical attacker – commonly used methods such as dictionary or brute force attacks is often enough to get the job done. If your password is left unchanged, it really is only a matter of time before it can be cracked (though there has been some new research on password expiration that puts that question directly into the limelight). While this bit of info is disconcerting, you can take measures on your own to protect the information and other data that is important to you. A good step in the right direction would be to use a dynamic password

What is a Dynamic Password?

Let’s talk a bit more about the dynamic password. Firstly, what is a dynamic password? The basic definition of a dynamic password is a password that does not remain constant – except that it is constantly changing.

Now you may be thinking, “That’s a huge inconvenience. A constantly changing password? Does that mean I have to change my password every day? That’s just inconvenient! I mean, who could possibly guess my password $$$!!!garybusey?”(Busey Pic here)

Now, I agree: the thought of changing your password constantly is an enormous hassle. Luckily, that’s not what a dynamic password entails. In fact, you may already be a user of dynamics passwords. One Time Passwords (OTPs) are a commonly used type of dynamic password – a machine generated, random string that is used once to authenticate. Every time an end user wants to login, instead of entering their usual static password every time, they would simply input a unique, machine generated password. This dynamic password can be received on a mobile phone or made by a dedicated security token. Dynamic passwords are convenient because they don’t have to be remembered, and because the password is never the same, they serve as a major roadblock for hackers who may be looking to break into user accounts.

It is time for the naysayers and the lovers of static passwords to begin to face the facts – the static password will become extinct. Whether it is an easy and quiet slip into the history books or whether we have to drag it kicking and screaming out the door, the static password is going to go away. The FIDO alliance (whose members include tech heavyweights such as Microsoft, Google, and others) has published a report for a system to eliminate the static password for good. I’ll admit it, I do see a bit of an appeal for a static password – set a password once, and forget about it – but, we are at an age where too much is protected behind a simple string of never changing characters. We should begin to embrace the dynamic password, and with it, say farewell to password resets, changes, and hacker attacks.

 

 

 

 

Please follow and like us:
0

3 Comments

  1. Hi, I Have a beautiful idea about dynamic passwords.. it work perfectly on any web servers and clients, I have tested it and I built a prototype edition. I don’t know where to discuss, I think it will be the next generation of authentication on every electronic devices. I need some advice to what should I do…
    thanks a lot

  2. Nice article, Spenser.

    Just a few things to bear in mind. A “password” is typically referred to as an embodiment of a knowledge factor -something you know, something you can keep hidden in your brain. The credential you are referring to is a randomly generated key, and is only generated because you entered your username and password to into the system that generated that key in the first place.

    There is a ton of misinformation coming from companies, even security companies, and perpetuated by the media, about this.

    Generating a random OTP is a great idea, but that process typically relies upon a physical token of some kind or access to a system that can generate it, again probably accessed via password or worse (PIN).

    The reason we categorize the three factors the way we do (token, shared secret, biometric) is because each presents a distinctly different challenge to a criminal, which is why it makes much more sense to incorporate multiple factors instead of piling on more of the same factor.

    Keep writing!

  3. I see a lot of action on dynamic passwords. Dynamicpassword.con

Leave a Reply

Required fields are marked *.


Main menu