‘Improvised’ 2-factor authentication everyone can deploy right now at no cost
We would like to make a suggestion to extract an extra power from the ubiquitous legacy password systems.
It might take some more years before Expanded Password System we advocate becomes readily available to every citizen on the globe. As a stopgap measure for security-conscious citizens, we would suggest an 'improvised' two-factor authentication that everyone can deploy right now at no cost.
Combine a 'remembered password' (what we know) and a 'memo with a long password written on it' (what we possess). That's all. The combined password sent out to the authentication server, if properly hashed, has the much higher entropy that might well stand a rainbow attack and very fierce brute force attacks. Citizens would not have to worry so desperately if their hash data got leaked.
All that citizens need to do is take a small trouble of combining a remembered password and a memo with a long password written on it. Economically it absolutely costs nothing to both service providers and citizens. It can be started right now at any password accounts anywhere in the world. The global cyber space would be not a little safer than it is now depending on how quickly this suggestion spreads out.
#identity #authentication #password #security #safety #biometrics #ethic #privacy #civilrights #democracy