Uninformed: Informative Information for the Uninformed

Vol 7» 2007.May

The ``Skeleton Key'' Effect

The most significant weakness of passwords generated by MPFs is that when the formula becomes compromised, all passwords to systems for which the user is using the respective MPF schema are potentially compromised. This situation is no worse than a user simply using the same password on all systems. In fact, it is significantly better due to the resultant passwords being individually unique. When using a password generated by an MPF, the password should be unique per system and ideally appear to be a random string of characters. In order to compromise the formula, an attacker would likely have to crack a significant number of system's passwords which were generated by the formula before being able to identify the correlation between them.