On 2/18/2015 11:20 AM, Bill Bogstad wrote:
And the same users are going to use "Four score ...." if you require
longer passwords,
so you lose anyway.
I did preface that with "[p]assword reform starts with...".
Key chain managers can be a good next step. They allow the use of
arbitrary, random gibberish as passwords in a way that users only need
to remember one good password for unlocking the key chain. In essence
they can do the same thing that heavy duty encryption systems do: they
generate large random keys for actual encryption and encrypt these keys
with user-provided passwords or passphrases. This way you can have
strong passwords without any password reuse. Link a key chain manager to
a trustworthy third party and you can have a robust password management
system that is resistant to attacks.
--
Rich P.
_______________________________________________
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss
