[LINK] Guidance re Passwords
Tom Cleary
tom.cleary at gmail.com
Tue Jul 26 23:28:41 AEST 2011
Hmmm.... much of this seems to be supporting my assertion that passwords are
no longer workable.
Blended method dictionary attacking tools would probably not have much
trouble with most of our suggestions, I'd guess.
Don't get me wrong, password selection advice is needed, however much "use
30 random characters and change it every week makes you into Mordac, mostly
because popular systems won't let you use anything more secure ( and I'd
suggest that's because the risk of loss is not the Website owners, but the
end users and spending more money on defence adds nothing to the bottom line
- at least until a REAL disaster forces changes to the law. Now how do I
enforce that in another country, again? ;-)
But I think we should acknowledge that this is, effectively, wasted effort?
tom.
On Tue, Jul 26, 2011 at 4:22 PM, eric scheid <eric.scheid at ironclad.net.au>wrote:
> On 26/7/11 2:05 PM, "Gordon Keith" <gordonkeith at acslink.net.au> wrote:
>
> > Then always use the shift key when typing in numbers (you can't see them
> > anyway and funny characters are stronger than numerics):
>
> No. Funny characters in _combination_ with numerics are stronger.
>
> Otherwise it's like claiming a password in ALLCAPS is stronger than one in
> all lowercase.
>
> e.
>
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link
>
More information about the Link
mailing list