Security researchers at Tide, an Australian nonprofit, say they have developed a new method for securing login credentials that makes it almost infinitely more difficult to crack passwords using automated attacks such as dictionary attacks relying on lists of common usernames and passwords.
The technique involves breaking up encrypted passwords into multiple pieces and storing these fragments according to principles of decentralization and distribution. To test their “splintering” technique, the researchers launched a dictionary attack on a database containing 60 million LinkedIn passwords that had previously been exposed in a data breach. While the attack was successful for 100% of encrypted passwords stored in a traditional manner, the researchers were able to uncover only 0.00072% (around 43,000) passwords stored by means of splintering. This marks a 14.1 million percent improvement.
Read more: New Technique Makes Passwords 14M Percent Harder to Crack, Nonprofit Claims
