[ISN] Fighting Hackers: Everything You˘ve Been Told About Passwords Is Wrong

From: InfoSec News <alerts_at_private>
Date: Fri, 19 Oct 2012 04:45:36 -0500 (CDT)
http://www.wired.com/opinion/2012/10/passwords-and-hackers-security-and-practicality/

By Markus Jakobsson
Opinion
Wired.com
10.18.12

Security is not just about strong encryption, good anti-virus software, 
or techniques like two-factor authentication. It’s also about the 
“fuzzy” things ... involving people. That’s where the security game is 
often won or lost. Just ask Mat Honan.

We -- the users -- are supposed to be responsible, and are told what to 
do to stay secure. For example: “Don’t use the same password on 
different sites.” “Use strong passwords.” “Give good answers to security 
questions.” But here’s the troublesome equation:

     more services used = more passwords needed = more user pain

...which means it only gets harder and harder to follow such advice. 
Why? Because security and practicality are in conflict.

But they don’t have to be. As someone who has studied millions of 
passwords and how they were constructed – I’ve spent most of my waking 
hours for over a decade obsessing about authentication methods – I say 
we can have both security and practicality.

And it starts with recognizing that a lot of security advice hurts more 
than it helps.

[...]


--
CISSP and CEH Live OnLine training with ExpandingSecurity.com is the fastest,
easiest way to master the relevant data you need now.  Sign up for the free
weekly PainPill and try a free class.  It is easy.
http://www.expandingsecurity.com/PainPill
Received on Fri Oct 19 2012 - 02:45:36 PDT

This archive was generated by hypermail 2.2.0 : Fri Oct 19 2012 - 02:39:39 PDT