C'YaPass: Forget All Your Passwords

Never Memorize A Password Again
Never Type A Password Again
Never Make Up A Password Again

Microsoft Security Baseline: Stop Expiring Passwords

Microsoft has published new guidelines for passwords along with their latest release of Windows 10 v1903 and Windows Server v1903.

The (Bad) State of Passwords

One of the first things Microsoft mentions is the terrible state of passwords which are made up by humans.  Here's the Microsoft blog writer's take on it.

When humans pick their own passwords, too often they are easy to guess or predict. When humans are assigned or forced to create passwords that are hard to remember, too often they’ll write them down where others can see them. When humans are forced to change their passwords, too often they’ll make a small and predictable alteration to their existing passwords, and/or forget their new passwords.

Removing Password Expirations

Microsoft is also admitting that the idea of forcing passwords to expire is ancient and makes no sense.

Again, the blog writer admits that their is no logic in expiring passwords in 60 or 90 days since the password may have been stolen at the beginning of the cycle and the cracker may have been using the password and associated account for a long time. 

If it’s a given that a password is likely to be stolen, how many days is an acceptable length of time to continue to allow the thief to use that stolen password? The Windows default is 42 days. Doesn’t that seem like a ridiculously long time? Well, it is, and yet our current baseline says 60 days – and used to say 90 days – because forcing frequent expiration introduces its own problems.

The problem is that password expiration is even a problem for the network administrators. 

Stop Making Up and Memorizing Passwords

If you are still making up and memorizing passwords, I suggest you stop and make your life easier by using C'YaPass.  It is 100% Open Source code so you can examine everything it does.  It generates strong passwords for you for each site you want to login to. 

If you don't want to download anything, you can try it here at this site just to see how it works.

All the code runs in JavaScript on your client and nothing is passed over the network.  Password keys are stored in the LocalStorage of your browser and only that browser instance will have those.

Try it at: http://cyapass.com/js/cya.htm

Try it out today and make your life easier.  Once you decide you want to use it you can download the free Windows app and the free Android app.