[cryptography] Password non-similarity?
johnl at iecc.com
Sat Dec 31 16:38:36 EST 2011
>Passwords aren't dead, and despite what IBM says I don't think they're
>going away any time soon. But we need new rules and new guidelines
>for managing them; the ones from the 1980s don't work anymore.
Yeah. At this point the issues seem to be, in no particular order:
1. Trivially guessable passwords
2. Password reuse
3. Keyloggers and other password stealing software
The various risks depend a lot on the environment, e.g., what's
trivially guessable depends on how often you're allowed to guess.
More information about the cryptography