[cryptography] Password non-similarity?
iang at iang.org
Sat Dec 31 12:36:19 EST 2011
On 1/01/12 03:02 AM, Bernie Cosell wrote:
> So what problem _is_ being addressed by requiring passwords to be
> changed so often [and so inconveniently]?
As far as I can tell, a lot of password threat modelling was pretty much
settled in the days before the Internet. In those days, the threats
were more what we might now characterise as insider threats - attackers
who could watch the users typing in the passwords over the shoulder.
Part of that model was that an attacker might need multiple events to
pick up the entire password or enough of it to contribute to a breach.
When I was a rough raw teenager doing this, I needed around 2 weeks to
pick up 5 letters from someone typing like he was electrified. The
other 3 were crunched in 4 hours on a vax780.
Force-changing the password reduces the exposure to shoulder-surfing.
In some corporate environments they also see password changes as a way
to reduce account sharing, but then users typically fight back with the
Another artifact of those times was the password not displaying visibly
on the screen. Mac passwords now show the last letter ... which seems
more useful to the attacker than the user, but it is better to encourage
any step towards updating a dead threat model. More sophisticated
interfaces have a feature to turn on password display.
It is only in recent times that people have started to rethink, and
decided the pre-Internet model is unhelpful. Although, the attack model
has enjoyed a resurgence with skimming attacks on payment systems, with
attackers either being present or mounting cameras above the keypad to
catch the finger presses.
iang, hny, fwiw, typing fast...
More information about the cryptography