MS Employee Calls for No More Passwords
BobPaul writes "On his blog, Robert Hensing of the Microsoft PSS Security Team makes a really convincing argument for the abolishment of complicated passwords. He argues that precomputed hash tables, network sniffing, and programs like LoftCrack make passwords obsolete and dangerous in the windows environment. What does he recommend in their place? Passphrases: sentences and quotes that are easy to remember but may be more than 30 or 40 characters in length. With many companies requiring frequent password changes, (and we know exactly where that leads) this is a simple idea I'm surprised more people haven't been doing this more often."
Now replacing my brute force wordlists with "He's dead, Jim", "In soviet russia, passphrases validate YOU" and "passwords are for old korean people" will allow root access to 90% of the internet.
And I quote, "Open Sesame!"
When things get complex, multiply by the complex conjugate.
or
Make of that what you want, but:
Of course, I changed the password to something more politically correct before leaving the companies....
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
Lawrence Person (lawrencepersonh@gmailh.com (remove all "h"s to mail)
http://www.lawrenceperson.com/
because if you use a salted hash (chosen by the server)
... when I stop by our local Denny's for breakfast I let the waitress decide whether I get corned or roast beef with my eggs.
That's true
The higher the technology, the sharper that two-edged sword.
You don't need to make gloves with someone else's fingerprints. All you need are gummy bears.
Gummy Bears! Bouncing here and there and everywhere! Foiling security beyond compare! They are the Gummy Bearrrrrrrrrrrs.
Biometric authentication can't be changed. I can change a password, but I can't change my fingerprints.
Ooh...yea--that'll be the downfall of biometric authentication. Someone steals my retina and then all my accounts are 0wned for ever and ever...
There's no place like
Besides, it IS possible even today to change the pattern of blood vessels on the retina using lasers - this is done all the time to treat diabetic retinopathy.
;)
Good point, but anyone who wants to go through all that trouble is welcome to my slashdot account.
There's no place like
Indeed, that's all the security I need.
Something I have... Smith and Wesson.
Something I know... How to freaking shoot.
Something I am... Bad MotherFucker.