WebSite Password Policies
Password policies for websites across the Internet is a real head scratcher. There is no standard policy or even policies. The minimum and maximum password length requirements vary heavily across the sites. Very often sites limit the list of special characters that can be used by the users. This often causes users to use the “least common denominator”. These passwords are therefore created with best chance to be accepted by the site. This comes a huge security compromise. It is therefore no surprise that passwords are like 12345, password and qwerty are so commonly used.
ReAn generates tailored passwords for you. We call them tailored because they are created to be a best fit and unique for you. Here are some of the characteristics of passwords generated by ReAn
Unique to Your Circle of Trust
Password generated by ReAn are guaranteed to be unique to your circle of trust. This makes it impossible for anyone else to generate the same password.
Customized to Website’s Password Policy
ReAn creates the most complex password that a site can support (and no more). Because the password is generated to meet the most stringent security requirements of the site, it will be accepted by the website while providing the highest level of security.
As an example, if a website supports a password with minimum length of 8, maximum length of 20 with special characters limited to ! @ # $ % ^ & * ( ). ReAn will create a password is that one of the most complex combinations of these 20 characters. To put this in perspective, there are 1.4016834e+37 combinations possible.
If an attacker was able to guess 1 million combinations per second, it will take them sextillion years to crack it (more specifically) 4.4447089e+20. Good luck cracking that.
Unique Password for Every Site
One of the biggest advantages of using ReAn is that ReAn automatically generates a unique and secure password for your site. The secret does NOT need to change across the sties. Because the password is unique to the site, your accounts are safe even if the site gets compromised.
To dig deeper into the advantages of this, consider the recent compromise and dumps of myspace passwords. There were 427 Million password hashes leaked as part of this compromise. Most of the users end up reusing their passwords across the sites. This allows the attacker to obtain a hash, crack it and then reuse that username and password combination across other sites like TeamViewer
With ReAn it is just not possible to reuse a compromised password hash. As mentioned above, a standard ReAn password has 1.4016834e+37 combinations. It is therefore safe to assume that it is “computationally expensive” (impossible in common language) to crack these passwords. In the most rare scenarios where the passwords can be accessed in clear text from the compromised websites, the compromised password cannot be reused on any other website. There is absolutely no way for anyone to derive the secret from the password. ReAn therefore severely limits the impact to your accounts even in face of the most egregious form of compromises.