[cryptography] Password non-similarity?

John Levine johnl at iecc.com
Sat Dec 31 16:38:36 EST 2011


>Passwords aren't dead, and despite what IBM says I don't think they're
>going away any time soon.  But we need new rules and new guidelines
>for managing them; the ones from the 1980s don't work anymore.

Yeah.  At this point the issues seem to be, in no particular order:

1. Trivially guessable passwords
2. Password reuse
3. Keyloggers and other password stealing software

The various risks depend a lot on the environment, e.g., what's
trivially guessable depends on how often you're allowed to guess.

R's,
John



More information about the cryptography mailing list