What did shock me thought is that there were as many as 13. How many of you use the tried and tested pattern for creating a password that begins with a capital letter at the start of a memorable word, followed by a memorable number and ending in an exclamation mark? My guess is that it is the majority of you!
It may seem to make sense that fewer structures inevitably make it easier for hackers to decipher passwords and therefore organisations should have policies for ‘strong’ passwords enforced upon them to avoid the obvious, and make it harder. However, the fact of the matter is even if there were double, quadruple or even ten times the number of structures being used, all it would do to a determined cybercriminal is slow them down a little, forcing them to use a wider variety of tools and tactics in their arsenal. It certainly would not stop or deter them.
My answer to the problem is simple. If people like using patterns to create passwords and those passwords are not secure, then remove the password from the equation altogether and use the pattern. This the foundation upon which PINgrid is based.
Of course, the obvious question to ask is what is to stop the professional cybercriminal or opportunist from simply guessing, or identifying patterns? After all, surely that is easier that passwords! So, here is the clever part. Unlike passwords the user never discloses the pattern that they have chosen.
Using PINgrid, when the user logs in they simply type in the numbers (0-5 digits used in the grid) displayed in their memorable pattern. And, because these numbers are constantly changing it creates a huge range of possibilities. So, in a standard 6x6 configuration, PINgrid provides 2.1 billion unique pattern possibilities, scale that up to 8x8 (0-7 digits used in the grid) and the number grows to an incredible 68.7 billion.
Author: Alissa Lang, Winfrasoft