[cryptography] Password Blacklist that includes Adobe's Motherload?
iang at iang.org
Fri Nov 15 02:53:41 EST 2013
On 15/11/13 06:35 AM, Kevin W. Wall wrote:
> Besides that, (unfortunately) it's a lot easier to change 'snoopy1' to 'snoopy2'
> then to 'snoopy3', etc. when your password inevitably changes. Plus, it makes
> a lot easier to remember than to start out with 'sn00py' and then go
> to 'sn11py',
> 'sn22py', etc. :-)
When I last worked in a formally controlled & certified security office,
the password to the system was indeed securityN where N incremented
every month when the system kicked back and insisted on a password change.
(oops, that's probably security leak...)
It reminds me of the story about the British health system that spent
untold millions putting in individual smart token control systems, so as
to control access to security-critical resources.
Every place discovered the same correct way to drive the system. Access
was sorted and aligned by seniority of staff, and every morning, the
designated senior person would plug their token into a given device,
then walk away and get back to work.
More information about the cryptography