In view of the grave password incidents ever more rampant, we are urgently suggesting an ‘improvised’ two-factor authentication that everyone can deploy right now at no cost, with which an extra power would be extracted from the ubiquitous legacy password systems. Encourage citizens to combine a ‘remembered password’ (what we know) and a ‘memo with a long password written on it’ (what we possess). That’s all.
The combined password sent out to the authentication server, if properly hashed, has the much higher entropy that might well stand a rainbow table attack and very fierce brute force attacks. Citizens would not have to worry so desperately if their credential hash data got leaked.
All that citizens need to do is take a small trouble of combining a remembered password and a memo with a long password written on it. Economically it absolutely costs nothing to both citizens and service providers. It can be started right now at any password accounts anywhere in the world. The global cyber space would be not a little safer than it is now depending on how quickly this suggestion spreads out.
You know that we are advocating Expanded Password System that we believe is the best and final solution to the password predicament, but it might well take some more years before it becomes readily available to every citizen on the globe whereas the damaging password incidents show no sign of abating. It is why we wish to urgently suggest this simple affordable stopgap solution to password-sensitive citizens.