[cryptography] Password non-similarity?
rvh40 at insightbb.com
Sat Dec 31 22:24:06 EST 2011
From: Kevin W. Wall <kevin.w.wall at gmail.com>
>Boy, the latter sounds like advice that a black hat hacker would give someone to
ensure simple dictionary attacks are successful. Your dog's name? Really???
Beats the usual method of writing it on a Post-It note where the janitorial staff can see.
The current state of "security" in corporate America is somewhere between parlous and laughable.
I've been in a Fortune 100 CEO's office -- his login/pw were indeed on a Post-It, stuck to his monitor.
The most common password is "Password".
I know of at least one global company whose database password was "Oracle".
For a time in the 1980s, the BUPERS password on at least one dialup node was "Letmein".
If you're wanting thousands of users to change their passwords once a month and you're NOT going to allow them to use Post-Its, you'd better plan to hire hundreds of kids for "Tech Support".
More information about the cryptography