- How It Works
3. Additional Information & Resources:
LogmeOnce Online Password Generator
LogmeOnce Online Password Generator is a simple and user friendly, yet powerful application enabling you to easily assess the strength of your password strings. The instantaneous visual feedback provides you with a means to immediately improve your password strength.
For our calculation, we are considering “Brute Force” attack which uses a crypto analysis techniques to find more complex words that has a combination of “alphanumeric” and “special” characters in them. This is a comprehensive mathematical engine, however we highly recommend that our Online Password Generator should be utilized as a guideline in creating stronger passwords. Additional practical and mathematical theories considered are entropy, password strength and password cracking.
What is Brute-Force Attack?
“In cryptography, a brute-force attack, or exhaustive key search, is a strategy that can, in theory, be used against any encrypted data. Such an attack might be utilized when it is not possible to take advantage of other weaknesses in an encryption system (if any exist) that would make the task easier. It involves systematically checking all possible keys until the correct key is found. In the worst case, this would involve traversing the entire search space.
The key length used in the encryption determines the practical feasibility of performing a brute-force attack, with longer keys exponentially more difficult to crack than shorter ones. Brute-force attacks can be made less effective by obfuscating the data to be encoded, something that makes it more difficult for an attacker to recognize when he/she has cracked the code. One of the measures of the strength of an encryption system is how long it would theoretically take an attacker to mount a successful brute-force attack against it. It is important to generate passwords that are strong.
Brute-force attacks are an application of brute-force search, the general problem-solving technique of enumerating all candidates and checking each one.”
What is Entropy?
Information theory: Entropy is a measure of the uncertainty associated with a random variable. In this context, the term usually refers to the Shannon entropy, which quantifies the expected value of the information contained in a message. Entropy is typically measured in bits, nats, or bans.
Data compression: Entropy effectively bounds the performance of the strongest lossless (or nearly lossless) compression possible, which can be realized in theory by using the typical set or in practice using Huffman, Lempel-Ziv or arithmetic coding. The performance of existing data compression algorithms is often used as a rough estimate of the entropy of a block of data. See also Kolmogorov complexity. In practice, compression algorithms deliberately include some judicious redundancy in the form of checksums to protect against errors.
Introduction: Entropy, in an information sense, is a measure of unpredictability. For example, consider the entropy of a coin toss. When a coin is fair, that is, the probability of heads is the same as the probability of tails, the entropy of a coin toss is as high as it could be. There is no way to predict what will come next based on knowledge of previous coin tosses, so each toss is completely unpredictable. A series of coin tosses with a fair coin has one bit of entropy, since there are two possible states, each of which is independent of the others. A string of coin tosses with a coin with two heads and no tails has zero entropy, since the coin will always come up heads, and the result can always be predicted. Most collections of data in the real world lie somewhere in between. It is important to realize the difference between the entropy of a set of possible outcomes, and the entropy of a particular outcome. A single toss of a fair coin has an entropy of one bit, but a particular result (e.g. “heads”) has zero entropy, since it is entirely “predictable”.
Here E is the expected value operator, and I is the information content of X. I(X) is itself a random variable. The entropy can explicitly be written as
where b is the base of the logarithm used. Common values of b are 2, Euler’s number e, and 10, and the unit of entropy is bit for b = 2, nat for b = e, and dit (or digit) for b = 10.
In the case of p(xi) = 0 for some i, the value of the corresponding summand 0 logb 0 is taken to be 0, which is consistent with the well-known limit:
Differential Entropy: Extending discrete entropy to the continuous case – The Shannon entropy is restricted to random variables taking discrete values. The corresponding formula for a continuous random variable with probability density function f(x) on the real line is defined by analogy, using the above form of the entropy as an expectation:
which is, as said before, referred to as the differential entropy. This means that the differential entropy is not a limit of the Shannon entropy for . Rather, it differs from the limit of the Shannon entropy by an infinite offset.
What is Password Strength?
Password strength: Password strength is a measure of the effectiveness of a password in resisting guessing and brute-force attacks. In its usual form, it estimates how many trials an attacker who does not have direct access to the password would need, on average, to guess it correctly. The strength of a password is a function of length, complexity, and unpredictability.
Using strong passwords lowers overall risk of a security breach, but strong passwords do not replace the need for other effective security controls. The effectiveness of a password of a given strength is strongly determined by the design and implementation of the authentication system software, particularly how frequently password guesses can be tested by an attacker and how securely information on user passwords is stored and transmitted. Risks are also posed by several means of breaching computer security which are unrelated to password strength. Such means include wiretapping, phishing, keystroke logging, social engineering, dumpster diving, side-channel attacks, and software vulnerabilities.
Random passwords: Random passwords consist of a string of symbols of specified length taken from some set of symbols using a random selection process in which each symbol is equally likely to be selected. The symbols can be individual characters from a character set (e.g., the ASCII character set), syllables designed to form pronounceable passwords, or even words from a word list (thus forming a passphrase).
The strength of random passwords depends on the actual entropy of the underlying number generator; however, these are often not truly random, but pseudo random. Many publicly available password generators use random number generators found in programming libraries that offer limited entropy. However most modern operating systems offer cryptographically strong random number generators that are suitable for password generation. It is also possible to use ordinary dice to generate random passwords. See stronger methods. Random password programs often have the ability to ensure that the resulting password complies with a local password policy; for instance, by always producing a mix of letters, numbers and special characters.
For passwords generated by a process that randomly selects a string of symbols of length, L, from a set of N possible symbols, the number of possible passwords can be found by raising the number of symbols to the power L, i.e. NL. Increasing either L or N will strengthen the generated password. The strength of a random password as measured by the information entropy is just the base-2 logarithm or log2 of the number of possible passwords, assuming each symbol in the password is produced independently. Thus a random password’s information entropy, H, is given by the formula
where N is the number of possible symbols and L is the number of symbols in the password. H is measured in bits. In the last expression, log can be to any base.
What is Password Cracking?
Password Cracking: In cryptanalysis and computer security, password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password. Another common approach is to say that you have “forgotten” the password and then change it.
The purpose of password cracking might be to help a user recover a forgotten password (though installing an entirely new password is less of a security risk, but involves system administration privileges), to gain unauthorized access to a system, or as a preventive measure by system administrators to check for easily crackable passwords. On a file-by-file basis, password cracking is utilized to gain access to digital evidence for which a judge has allowed access but the particular file’s access is restricted.
Time needed for password searches: The time to crack a password is related to bit strength (see password strength); which is a measure of the password’s information entropy. Most methods of password cracking require the computer to produce many candidate passwords, each of which is checked. One example is brute-force cracking, in which a computer tries every possible key or password until it succeeds. More common methods of password cracking, such as dictionary attacks, pattern checking, word list substitution, etc., attempt to reduce the number of trials required and will usually be attempted before brute force. Higher password bit strength increases exponentially the number of candidate passwords that must be checked, on average, to recover the password and reduces the likelihood that the password will be found in any cracking dictionary.
Incidents: On July 16, 1998, CERT reported an incident where an attacker had found 186,126 encrypted passwords. By the time they were discovered, they had already cracked 47,642 passwords.
In December 2009, a major password breach of the Rockyou.com website occurred that led to the release of 32 million passwords. The hacker then leaked the full list of the 32 million passwords (with no other identifiable information) to the internet. Passwords were stored in cleartext in the database and were extracted through a SQL Injection vulnerability. The Imperva Application Defense Center (ADC) did an analysis on the strength of the passwords.
In June 2011, NATO (North Atlantic Treaty Organization) experienced a security breach that led to the public release of first and last names, usernames, and passwords for more than 11,000 registered users of their e-bookshop. The data were leaked as part of Operation AntiSec, a movement that includes Anonymous, LulzSec, as well as other hacking groups and individuals. The aim of AntiSec is to expose personal, sensitive, and restricted information to the world, using any means necessary.
On July 11, 2011, Booz Allen Hamilton, a large American Consulting firm that does a substantial amount of work for the Pentagon, had their servers hacked by Anonymous and leaked the same day. “The leak, dubbed ‘Military Meltdown Monday,’ includes 90,000 logins of military personnel—including personnel from USCENTCOM, SOCOM, the Marine Corps, various Air Force facilities, Homeland Security, State Department staff, and what looks like private sector contractors.” These leaked passwords wound up being hashed in Sha1, and were later decrypted and analyzed by the ADC team at Imperva, revealing that even military personnel look for shortcuts and ways around the password requirements.
On July 18, 2011, Microsoft Hotmail banned the password: “123456”.
Prevention: The best method of preventing password cracking is to ensure that attackers cannot get access even to the hashed password.
What is Password Manager?
Password Manager: A password manager is software that helps a user organize passwords and PIN codes. The software typically has a local database or a file that holds the encrypted password data for secure logon onto computers, networks, web sites and application data files. The great advantage of password-based access controls is that they are readily incorporated in most software using APIs extant in most software development environments, require no extensive computer/server modifications and users are very familiar with them.
A reasonable compromise for using large numbers of passwords is to record them in a password manager, which include stand-alone applications, web browser extensions, or a manager built into the operating system. A password manager allows the user to use hundreds of different passwords, and only have to remember a single password, the one which opens the encrypted password database. Needless to say, this single password should be strong and well-protected (not recorded anywhere). Most password managers can automatically create strong passwords using a cryptographically secure random password generator, as well as calculating the entropy of the generated password. A good password manager will provide resistance against attacks such as key logging, clipboard logging and various other memory spying techniques.
What is Single Sign-On (SSO)?
Single Sign-On (SSO): Single sign-on is a property of access control of multiple related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them. Conversely, Single sign-off is the property whereby a single action of signing out terminates access to multiple software systems. As different applications and resources support different authentication mechanisms, single sign-on has to internally translate to and store different credentials compared to what is used for initial authentication.
What is Identity Management (IdM)?
Identity Management (IdM): Identity Management describes the management of individual identifiers, their authentication, authorization, and privileges/permissions within or across system and enterprise boundaries with the goal of increasing security and productivity while decreasing cost, downtime, and repetitive tasks. Identity Management is a term related to how humans are authenticated (identified) and their actions authorized across computer networks. It covers issues such as how users are given an identity, the protection of that identity, and the technologies supporting that protection (e.g., network protocols, digital certificates, passwords, etc.).
Your Peace of Mind,
Is Our Paramount Priority…
But how does this benefit you, your customers, or your organization? How do you protect it all?
Protecting security credentials, multiple passwords and user IDs is a simple yet paramount task. Today, your security credentials and its access control may be open like thousands of unprotected, scattered, unconnected islands. It’s disjointed, unmanaged, and can easily be taken over with minimal resistance or control. Once an invader sets foot on the first island, then it is an easy journey to hop from island to island and capture them all. An intruder has the ability to take control of your island or your computer, and access its entirety.
Protecting a multitude of passwords and User IDs is quite similar. Once a hacker takes control of your first ID or password, drilling through to find more could be fairly easy. However, if you have a security policy in place and already protect each password (or island) individually, then it is not such a simple task to invade. Protect each password individually and automate the entire process.
Security needs to be instilled in layers. It needs to be protected in layers too.
Let LogmeOnce automate the process and enjoy security policies that otherwise, may be challenging and time consuming for each person to set it up. Employ policies that large businesses or government agencies use to protect their passwords. They have the necessary personnel with qualified security background. Take advantage of what experts do.
LogmeOnce is a Password Management software + Single Sign-On (SSO) + Identity Management (IdM) + Cloud Security + Clod SSO + Single Log Out + And more.
3. Why Should You Trust LogmeOnce?
The internet user community risks its identity every time it performs an internet based activity (i.e., accessing web email, online shopping, social networking, etc.) when using simple passwords. Even though end users are encouraged to select strong passwords, they usually continue to choose weak and easy to guess ones, which places them at risk from fraud and identity theft.
LogmeOnce combines password security with real world practicality, creating a fun user experience, and with superb access management efficiency.
LogmeOnce provides a free revolutionary solution to help consumers select strong passwords and therefore strengthen their online activities. LogmeOnce free security solution is similar to the one used by government agencies and large businesses purchased at a considerable cost. Users who prefer an additional level of security will have an option to upgrade their account features as they desire.
Since 1986, LogmeOnce seasoned management team has successfully created multiple successful companies in the areas of Security, Network Management, CRM, and Security Management. All companies have resulted in solid customer base, winning many prestigious national and international industry awards, and successful M&A or venture capital investments.
LogmeOnce helps clients gain strong Password Management, Access Management, Access Control, Identity Administration, and Directory Services for a secure, efficient and user friendly cloud computing environment. LogmeOnce is a privately held company with headquarters in Virginia, located in high technology corridor of metropolitan Washington DC.
LogmeOnce Products Suite:
What a Next-Generation Password Management, SSO and IdM Should Be?
Its Security + Practicality + Fun + Efficiency. Merged.
LogmeOnce access management platform enables organizations to dramatically enhance their technology infrastructure and security posture. With a centralized access management, LogmeOnce offers a wholistic solution to provide layered security umbrella while strengthening security, reducing help desk costs, and improving productivity. LogmeOnce Cloud security and Identity Management (IdM) solution provide Cloud password management, Cloud Single Sign On (SSO), user provisioning, federation, , and Cloud data security. We understand that not every application or web site account supports standard and secure authentication methods. LogmeOnce comprehensive solution secures your data and identity in the Cloud, and provides a unified and strong authentication solution for all your security authentication needs whether it is basic authentication, SAML, OpenID, OAuth, and more. With our years of experience developing advanced data mining solutions, LogmeOnce conducts comprehensive data mining with regards to each end-user’s daily access, usage, and generates business reports based on an organization’s existing security activities to improve overall efficiency and productivity. Access usage is converted into behavior, meaningful statistics, charts and business intelligence metrics for use by IT and organization to provide better services to internal and external clients.
LogmeOnce = Security + Practicality + Fun + Efficiency. Merged.
The majority of security breaches are from within organizations, caused by fragmented security policies, expired access rights, or lack of aggregated audit and accountability. Manual provisioning requests prone to errors and network administrators are often unaware of organizational and role changes. This is a recipe for disaster.
LogmeOnce mission is to provide secure Single Sign-On (SSO) and mature Identity Management (IdM) with a fun and user-friendly dashboard facilitating easy and secure access to all of your accounts and applications. LogmeOnce provides quality identity management solutions that enhance IT security, lower administration costs, improve productivity of employees, and enhance identity data accuracy across the enterprise. We provide superior security with analytical performance to consumers, business and the government sector in the format that suits them best — from high-level dashboards, to custom reports and advanced analysis. We have engineered our software suite to create secure password management, Access Management, SSO, IdM, and Cloud computing, with reliability, scalability, ease of use, and administration for organizations of all sizes.
LogmeOnce “26” Solid Differentiators:
Protecting your security credentials takes more than avoiding weak password, or simply selecting a long and strong alphanumeric password. AES encryption, SSL, electronically shredding passwords, and use of industry standards are some of the necessary components to achieve secure Single Sign-On and Identity Management. Find out why LogmeOnce “26” differentiators are important for you"