The Director of Identity Security at Microsoft has been warning about the inefficacy of passwords and more recently about standard Multi-Factor Authentication or MFA.
Earlier this year, Alex Weinert warned that “Your Pa$$word doesn't matter,” In that he spelled out the reasons that even strong passwords aren’t necessarily effective.
“When it comes to composition and length, your password (mostly) doesn’t matter,” Microsoft’s Weinert said. Him and his is team are responsible for millions of password-based attacks.
“Remember that all your attacker cares about is stealing passwords...That’s a key difference between hypothetical and practical security.” — Microsoft’s Alex Weinert In the article he gave multiple examples where complexity of the user's password did not matter, because the attacker already owns the password through other means such as phishing or keystroke logging.
Compared to regular "Password Spray" or as we know it, guessing of a user password. The complexity of guessing a user password increases exponantially with length.
The most effective way to prevent your password from getting stolen is to secure it with a MFA or 2FA. With our intergration of the OTP from secret server in our 4Passwords app you can easily secure all your passwords on and offline.
The 4Passwords Authenticator is a client-side app that runs exclusively in a client’s browser and computer. The app will never send any data to any other system or website than the configured Secret Server within the app. Once the application is downloaded from either 4Passwords.com, 4pa.app or your own hosted servers, then the app will receive and send data through the browser app with the configured Thycotic Secret Server and its enabled web services API.