Slashdot Mirror
Password Security: Why the Horse Battery Staple Is Not Correct
First time accepted submitter Dadoo writes By now, everyone who reads Slashdot regularly has seen the XKCD comic discussing how to choose a more secure password, but at least one security researcher rejects that theory, asserting that password managers are the most important technology people can use to keep their accounts safe. He says, "In this post, I'm going to make the following arguments: 1) Choosing a password should be something you do very infrequently. 2) Our focus should be on protecting passwords against informed statistical attacks and not brute-force attacks. 3) When you do have to choose a password, one of the most important selection criteria should be how many other people have also chosen that same password. 4) One of the most impactful things that we can do as a security community is to change password strength meters and disallow the use of common passwords."
Yes please force increased security requirements. I love having upper, lower, minimum length, numbers, punctuation, and a fecal sample all in a password for one of the billion websites that require accounts.
Posted by AC posing as LWATCDR
Brilliance without wisdom, power without conscience. Ours is a world of nuclear giants and ethical infants.
Leave it to a Great Old One to figure out a way to completely befuddle the password policy enforcer.
...when you're writing a game...tweak the difficulty of "Easy" to something [your mother] can cope with. -- onion2k
Having read this before, I was about to blast you for copypasta without attribution.
Then I looked at your username, looked at where I saw this, and realized that mseeger is probably Martin Seeger.
So, rather than blasting you for plagiarizing yourself, here's a thank you instead!
Any sufficiently advanced technology is indistinguishable from magic.
-- Arthur C. Clarke
Berma Shave!
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
Like my bank, which has to keep the answers to my security questions in plain text. Otherwise, the last time I got locked out, I would not have had the rep say, "Alright, now what is your mother's maide.... Good lord." The answer, by the way, was Mrs. Farty Pants.
The only reason they started with 6 chars was so they could generate an error message:
"penis is too short"
when someone tried to use that for a password...
You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
1978:
password
1983: Rule: Don't use 'password', too common.
passgas
1990: Rule: Must contain at least one digit
passgas7
1995: Rule: Must contain mixed case
Passgas7
1999: Rule: Must contain at least one punctuation character
Passgas7&
2004: Rule: Must change every 2 months
Passgas7& ... Passgas8* ... Passgas9( ... Passgas1! ...
2015: Rule: Must be at least 20 characters long
Passgas711111111111$ ... Passgas177777777777$ ...
2017: Rule: Can't use any patterns guessable by AI
Oh f$ck it, just hack me already, dammit @666
(Courtesy c2 wiki)
Table-ized A.I.
"You can't use PasswordABC as your password, because user Smith15 already uses it as a password" :P
Oh wait
Hyperom.com