Define Strong Password Policy -- Before we move further let's make sure that we are on the same page on what constitutes as strong password policy.
End User Responsibility
1. Length - 8 characters is minimum but a strong password is at least 12 characters or more.
2. Combination - It needs a mixture of upper case, lower case characters, numbers and special characters. It is more important that these characters are distributed through the string. It is not enough to start with an upper case character and end with a special character.
3. Difficult to guess. Anything to do with your name, your favorite sport star, your favorite team, your loved ones etc are relatively easy to guess and therefore not a good password base.
Enterprise Responsibility --
Enterprises have a major role to play to secure end user accounts. Besides the complexity requirements they need to ensure
1. Brute Force Prevention - Prevent an attacker from trying a large number of attempts. Most websites implement this functionality.
2. Password Hashing - It is critical to use a long salt and a strong hashing algorithm like SCrypt or BCrypt. Most sites use some sort of hashing.
3. Multi Factor Authentication - A secondary form of authentication like a pin code through phone for additional security. Sites with important information typically provide multi (two) factor authentication.
The websites are able to invest in these technologies. However, the burden is increasingly on the end users and therefore only getting more difficult.
ReAn - Offers a Solutions --
ReAn is primarily geared towards helping the end user come up with a very strong password that is easy to remember. Most passwords generated by ReAn are at least 15 characters long and a very strong mix of upper case, lower case characters, numbers and special characters.
This basically means that raw brute force of your ReAn password is going to be orders of magnitude more difficult than almost all other user's passwords. Put another way, it is going to be easier to break non-ReAn passwords.
Traditional passwords are even less secure because they are typically based from dictionary words and well-known names. This allows the attackers to launch "dictionary" attacks.
ReAn offers billions of locations, a billion plus songs, millions of books and a very large collection of movies and TV shows. When users choose a non-trivial selection, a brute force attack will take years because the transform (conversion) has to be done using ReAn's system. Further, we slow down every conversion request to make any such attempt impractical.
Smart Users - Smart Password -- We believe that users understand the importance of a strong password. Users end up choosing a weak password because the systems in past were not user friendly. With ReAn, users will choose the non-obvious selection. Most users understand that their favorite movie does not make a good password choice. The first movie they remember seeing might. We encourage users to choose something that they do not talk about.
Same Secret - Same Password -- It is perfectly normal and expected to have same password from same secret. Traditionally (without ReAn) the passwords are not unique. Of the millions of users, there are many cases in which multiple users choose the same password. The most obvious example is the ATM pin code. The security controls of the organization prevent anyone from identifying the duplicate passwords and/or the users associated with them. The strength comes from the fact that is almost impossible to guess what the password was and/or try to bruteforce it.
Remember My Password -- On your system we store the "theme" that you used on the website and that is the extent to which we can help you. We never store your password or your secret. However, if you have any existing password managers or if you prefer your browser to remember the password for you that should continue to work as usual.