It has been a consistent challenge to ensure strong password controls due the human element involved. Researchers at the Max Planck Institute for Physics in Dresden, Germany, may have found a solution.
Generally weak passwords have been found to be one of the most critical vulnerabilities faced by security professionals.
In this backdrop, researchers at the Max Planck Institute for Physics in Dresden, Germany, in their paper “The weak password problem: chaos, criticality, and encrypted p-CAPTCHAs” have provided a solution to weak passwords by using a combination of password and Captcha.
The research paper can be accessed online at https://arxiv.org/PS_cache/arxiv/pdf/1103/1103.6219v1.pdf
In simple terms the reserach provides the following solution
1. A set of CAPTCHA images are encrypted using the simple half of the password in combination with a mathematical algorithm
2. To retrieve the complex half of the password, users enter the easy-to-recall password fragment and the algorithm decrypts the CAPTCHA.
3. Users copy the password from the CAPTCHA to gain access.
This also provides protection from brute force attack as every brute force attack will generate a decrypted CAPTCHA image which will not be equal to the encrypted CAPTCH available. Secondly every brute force with password will require a manual entry of CAPTCH rendering the attack impossible.
Also, the algorithm chosen takes seemingly random data, the encrypted CAPTCHA and creates something structured out of it. Computer analysis of CAPTCHA images is such that it detects this structure, but still can’t actually read it
Information Security, SSAE 16, ISO 27001, CISA, Cert-IN