Data security is an absolute priority at Autenti. In an era of increasingly sophisticated cyberattacks and privacy breaches, ensuring online security is more important than ever.
One of the cornerstones of online protection is a strong and well-chosen password. That's why we've introduced changes aimed at raising the standards of security and protecting your data.
Why is password security so important?
Passwords are still the primary form of identity verification online. Although the guidelines for creating them have evolved over the years, one thing remains constant – if you're using a password, it is the key to protecting user data.
That's why, at Autenti, we focus on ensuring that the password creation process is not only secure but also easy and intuitive.
New password requirements at Autenti
In line with the best security practices, we are changing our approach to password creation. These new rules will apply to all new users registering on the Autenti platform, as well as existing users who wish to change their current passwords.
Why aren’t we enforcing a mandatory password change for all users?
By not forcing an immediate change for everyone, we allow greater diversity in passwords, making it even harder for attackers to break them.
Here's what’s changing:
- Minimum password length
We require that your password be at least 10 characters long. Increasing the number of characters is crucial because each additional character significantly complicates "brute force" attacks (trying all possible combinations). Of course, Autenti uses mechanisms to prevent attacks.
hy 10 and not, for example, 14 characters?
Firstly, if we require 14-character passwords, users are likely to create passwords with exactly 14 characters. This would reduce the number of combinations hackers need to try – they could just focus on 14-character passwords and skip over shorter ones. Secondly, this encourages users to come up with unique passwords instead of simply appending a string of characters like "1111".
That said, we still encourage the creation of longer, more complex passwords – the more complex, the harder they are to break.
- Password checks in breached password databases
Your password will be automatically checked against breached password databases. You will be immediately notified of the verification result. If the password you’ve chosen has been found in a breached password database, you’ll be asked to select another one. This ensures you are using a string that has never been compromised.
- Avoiding personal information
Passwords cannot contain personal information such as your name, surname, or part of your email address. This is a simple yet effective rule that makes it harder to crack your password.
Suggestions for creating a secure password
Security is not only about requirements but also about suggestions that help you create strong and unique passwords. Alongside mandatory rules, we’re introducing suggestions to ensure even greater password diversity. This further reduces the potential for breaches.
- Password strength assessment
When creating your password, you will receive feedback on its strength. This helps you determine whether it’s worth changing your password to a more complex one.
- Suggestions on length
We encourage you to create longer passwords, as longer passwords are more difficult to crack. Additionally, our suggestions will help you create a password that avoids simple patterns (e.g., "1234"). If you don’t use a password manager, it’s best to create a long password in the form of a sentence.
- Assistance in choosing a strong password
If your password is too weak or has been breached, you will receive suggestions to modify it or add elements to make it harder to break.
Why is password length key?
One of the main reasons we focus on password length is that length, rather than complexity (using uppercase letters, numbers, and special characters), is crucial in defending against brute force attacks. Short passwords are much easier to crack, and cybercriminals know how to break common patterns.
At Autenti, we take a more advanced approach to passwords. Instead of forcing difficult-to-remember passwords with a specific structure (e.g., capital letters, digits, special characters), we focus on ensuring that passwords are long and encourage uniqueness. This makes the process of cracking passwords much more time-consuming and costly for potential attackers.
Remember, brute force attacks may target passwords in databases that have already been breached.
Good practices for creating passwords are key to data protection
A password alone isn’t enough! At Autenti, we believe security is not only about a strong password but also proper management of login data. Some good practices for password creation include:
- Use different passwords for different services
Do not use the same password for multiple platforms. Although it might seem convenient, if one platform suffers a data breach, access to other accounts could easily be obtained. Make sure each account has a unique password.
- Use a password manager
We know how difficult it is to remember hundreds of strong passwords. That’s why we encourage the use of password managers, which can safely store and generate long, unique passwords for you.
- Enable Two-Factor Authentication (2FA)
Even the best password doesn’t offer 100% protection. That’s why we encourage using additional forms of verification, such as two-factor authentication, which provides an extra layer of security.
What about no password?
Is it possible to use Autenti without a password? Yes! Simply use multi-factor authentication (MFA), an advanced identity verification process. As part of this process, the user must provide at least two independent proofs of their identity. For more information on multi-factor authentication, please check out this article.
Summary
Password security is crucial for protecting data on the Autenti platform. We’ve introduced changes that make creating strong passwords easier and more intuitive. With the new requirements, suggestions, and education, Autenti becomes an even safer place for storing and signing documents online.
Take action now to protect your security – choose a strong password, use a password manager, and don’t forget about two-factor authentication!
