Slashdot Mirror


MS Employee Calls for No More Passwords

BobPaul writes "On his blog, Robert Hensing of the Microsoft PSS Security Team makes a really convincing argument for the abolishment of complicated passwords. He argues that precomputed hash tables, network sniffing, and programs like LoftCrack make passwords obsolete and dangerous in the windows environment. What does he recommend in their place? Passphrases: sentences and quotes that are easy to remember but may be more than 30 or 40 characters in length. With many companies requiring frequent password changes, (and we know exactly where that leads) this is a simple idea I'm surprised more people haven't been doing this more often."

10 of 614 comments (clear)

  1. Excellent! by PedanticSpellingTrol · · Score: 5, Funny

    Now replacing my brute force wordlists with "He's dead, Jim", "In soviet russia, passphrases validate YOU" and "passwords are for old korean people" will allow root access to 90% of the internet.

  2. Only a few thousand years behind... by physicsphairy · · Score: 4, Funny

    And I quote, "Open Sesame!"

  3. My passphrase... by Noryungi · · Score: 4, Funny
    In many companies where I worked, for kind of reason, my passphrase always ended up as:

    • [name_of_boss]isabloodyidiot


    or

    • whatabloodyidiot[name_of_boss]is


    Make of that what you want, but:

    • it's always accepted by whatever program is in charge of checking password
    • it's easy to remember, yet hard to crack (unless you know me and the bloody^W... er... boss...
    • it always made me smile as this was the first thing I had to type in the morning


    Of course, I changed the password to something more politically correct before leaving the companies....
    --
    The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
  4. No one will ever break my password! by Nova+Express · · Score: 4, Funny
    It's the inscription on the One Ring, translated into Klingon, then rendered in l337! Three levels of Ubergeek encryption ensures maxiumum security!

    --
    Lawrence Person (lawrencepersonh@gmailh.com (remove all "h"s to mail)

    http://www.lawrenceperson.com/

    1. Re:No one will ever break my password! by Tenebrious1 · · Score: 3, Funny

      Crap... now I gotta go change all my passwords.

      --
      -- If god wanted me to have a sig, he'd have given me a sense of humor.
  5. Re:Biometrics by ScrewMaster · · Score: 3, Funny

    because if you use a salted hash (chosen by the server)

    That's true ... when I stop by our local Denny's for breakfast I let the waitress decide whether I get corned or roast beef with my eggs.

    --
    The higher the technology, the sharper that two-edged sword.
  6. Re:Biometrics by DrMrLordX · · Score: 5, Funny

    You don't need to make gloves with someone else's fingerprints. All you need are gummy bears.

    Gummy Bears! Bouncing here and there and everywhere! Foiling security beyond compare! They are the Gummy Bearrrrrrrrrrrs.

  7. Re:Biometrics by darkpixel2k · · Score: 5, Funny

    Biometric authentication can't be changed. I can change a password, but I can't change my fingerprints.

    Ooh...yea--that'll be the downfall of biometric authentication. Someone steals my retina and then all my accounts are 0wned for ever and ever...

    --
    There's no place like ::1 (I've completed my transition to IPv6)
  8. Re:Biometrics by darkpixel2k · · Score: 4, Funny

    Besides, it IS possible even today to change the pattern of blood vessels on the retina using lasers - this is done all the time to treat diabetic retinopathy.

    Good point, but anyone who wants to go through all that trouble is welcome to my slashdot account. ;)

    --
    There's no place like ::1 (I've completed my transition to IPv6)
  9. Re:Biometrics by Anonymous Coward · · Score: 5, Funny

    Indeed, that's all the security I need.

    Something I have... Smith and Wesson.

    Something I know... How to freaking shoot.

    Something I am... Bad MotherFucker.