A better way to think about passwords
Andrew Long
andrew.long at mac.com
Mon Apr 18 18:31:48 CEST 2011
On 18 Apr 2011, at 17:11, Robert J. Hansen wrote:
> On 4/18/2011 11:46 AM, Mark H. Wood wrote:
>> It's easy to build gadgets which yield passwords that are
>> mathematically very strong. The problem is that such passwords tend
>> to be psychologically and pragmatically weak: you'll never remember
>> "dishGhebJactotCerUnJodNavhahifbobTyWodvacushdojHashJakfawnairvak".
>
> I know lots of people who have memorized their 23-digit credit card +
> expiration date + security code. A Base-64 encoding of a 128-bit hash
> algorithm is 22 characters long.
Now insist that they change them every month. And that they have a different one for every application that they use. Single Sign On is a grat idea, but unlikely to be practical in the near future.
Regards, Andy
--
Andrew Long
andrew dot long at mac dot com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 275 bytes
Desc: This is a digitally signed message part
URL: </pipermail/attachments/20110418/318479d8/attachment-0001.pgp>
More information about the Gnupg-users
mailing list