Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Fighting Hackers: Everything You’ve Been Told About Passwords Is Wrong

From: InfoSec News <alerts () infosecnews org>
Date: Fri, 19 Oct 2012 04:45:36 -0500 (CDT)
http://www.wired.com/opinion/2012/10/passwords-and-hackers-security-and-practicality/

By Markus Jakobsson
Opinion
Wired.com
10.18.12
Security is not just about strong encryption, good anti-virus software, or techniques like two-factor authentication. It’s also about the “fuzzy” things ... involving people. That’s where the security game is often won or lost. Just ask Mat Honan.
We -- the users -- are supposed to be responsible, and are told what to do to stay secure. For example: “Don’t use the same password on different sites.” “Use strong passwords.” “Give good answers to security questions.” But here’s the troublesome equation: 

    more services used = more passwords needed = more user pain
...which means it only gets harder and harder to follow such advice. Why? Because security and practicality are in conflict.
But they don’t have to be. As someone who has studied millions of passwords and how they were constructed – I’ve spent most of my waking hours for over a decade obsessing about authentication methods – I say we can have both security and practicality.
And it starts with recognizing that a lot of security advice hurts more than it helps. 

[...]


--
CISSP and CEH Live OnLine training with ExpandingSecurity.com is the fastest,
easiest way to master the relevant data you need now.  Sign up for the free
weekly PainPill and try a free class.  It is easy.
http://www.expandingsecurity.com/PainPill
Previous By Date Next
Previous By Thread Next

Current thread: