As computer processing power increases the security of traditional passwords decreases due to vulnerability to what is known as dictionary attacks or brute force attacks. These are attacks where an attacker computer puts together a set of passwords and tries them out until your account is compromised. To face this threat the concept of password hardening has appeared.
Password hardening is a technique used to make passwords more secure and less susceptible to attacks in a number of ways:
- Tokens: For many accounts like Facebook for example, you can change your security options in such a way that just knowing your password is not enough to log in to your account on a public computer. This is known as two factor authentication. By this way, Facebook makes sure it is you logging into your account not just by asking for your password but also through something else like a code sent to your mobile device. There is a number of ways that various companies look at two factor authentication.
- Biometrics: Another concept used in password hardening is to rely on biological properties that you posses and are unique to you like your fingerprint or retina scan or even the way you walk (gait). This has been traditionally used on laptops, some smart phones, and in various high tech companies.
- A company called Bharosa developed a method of password hardening that presents the user with a random image of a scrambled keyboard for each login. The user clicks password characters with the mouse. This method protects users against malicious keyloggers.
- The most traditional way of password hardening remains to implement a policy on your system which doesn’t accept passwords that are weak or easy to compromise. After all a system is as weak as its weakest link