[cryptography] Password non-similarity?

Randall Webmail rvh40 at insightbb.com
Sat Dec 31 22:24:06 EST 2011


From: Kevin W. Wall <kevin.w.wall at gmail.com>

>Boy, the latter sounds like advice that a black hat hacker would give someone to
ensure simple dictionary attacks are successful. Your dog's name? Really???

Beats the usual method of writing it on a Post-It note where the janitorial staff can see.

The current state of "security" in corporate America is somewhere between parlous and laughable.

I've been in a Fortune 100 CEO's office -- his login/pw were indeed on a Post-It, stuck to his monitor.

The most common password is "Password".

I know of at least one global company whose database password was "Oracle".

For a time in the 1980s, the BUPERS password on at least one dialup node was "Letmein".

If you're wanting thousands of users to change their passwords once a month and you're NOT going to allow them to use Post-Its, you'd better plan to hire hundreds of kids for "Tech Support".



More information about the cryptography mailing list