I’m sure you’ve heard the password mantra–don’t use details from your personal life, don’t use any word that can actually be found in a dictionary, make the password long, use multiple character types, etc. The problem is that the more secure and complex the password is, the more difficult it is to remember. Security that has the same odds of locking out the legitimate user as it does for preventing unauthorized access is not effective. Instead, users choose simple passwords, or write the complex passwords down on a sticky note for easy recall.
Security researchers in Germany are proposing a new twist on the password dilemma that could change things, though. The scientists from the Max Planck Institute for Physics of Complex Systems are at work on a method that breaks a strong, complex password into two parts. The first part is a simple password that is easy for the user to recall, and the second part is converted to a CAPTCHA-like image based on a chaotic lattice system algorithm.
The net result would be a more secure password that amounts to a sort of variation on two-factor authentication. What do you think? Can this password strategy work? Would you use it? Or, is that sticky note method working out OK for you?