LinkedIn password hacking = STUPID AND AVOIDABLE!

Started by Darren Dirt, June 09, 2012, 07:48:25 AM

Previous topic - Next topic

Darren Dirt

#30
excellent and LENGTHY new post (10Mar2017) on CodingHorror about this fun topic of password complexity... and obstacles users encounter!

https://blog.codinghorror.com/password-rules-are-bull@%&# https://archive.is/sHYY0

If interested in this subject then [TimeSink Warning] because, like I said, lengthy.


... and of course a few comments got me to other pages on the subject, etc. etc. ... there goes lunchtime! :)



But among those comments, a link so simple yet so overflowing with reason and logic! A basic wisdom echoing forth from almost a decade ago...

http://www.baekdal.com/insights/password-security-usability
"A usable and secure password is then not a complex one. It is one that you can remember - a simple password using 3+ words."

Nothing has changed since August 2007, it is actually really easy to balance out "security" and "usability" (unless the idiot devs decided that password LENGTH should be stupidly limited to like 16 or 12 or 10 or something stupid like that. Idiots.)

The above, plus some basic cracking prevention (e.g. time-delay between sign-in attempts, penalty period) = PostItNote-Proof Passwords!

( the author of the above added an update in April of 2011 -- http://www.baekdal.com/insights/usable-security-reply-to-security-now -- and the message remains unchanged: simply allow/encourage very lengthy phrases made up of easily-remembered words. That's it. )

_____________________

Strive for progress. Not perfection.
_____________________