A better way to think about passwords

Andrew Long andrew.long at mac.com
Mon Apr 18 18:31:48 CEST 2011


On 18 Apr 2011, at 17:11, Robert J. Hansen wrote:

> On 4/18/2011 11:46 AM, Mark H. Wood wrote:
>> It's easy to build gadgets which yield passwords that are
>> mathematically very strong.  The problem is that such passwords tend
>> to be psychologically and pragmatically weak:  you'll never remember
>> "dishGhebJactotCerUnJodNavhahifbobTyWodvacushdojHashJakfawnairvak".
> 
> I know lots of people who have memorized their 23-digit credit card +
> expiration date + security code.  A Base-64 encoding of a 128-bit hash
> algorithm is 22 characters long.

Now insist that they change them every month. And that they have a different one for every application that they use. Single Sign On is a grat idea, but unlikely to be practical in the near future.

Regards, Andy

-- 
Andrew Long
andrew dot long at mac dot com





-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 275 bytes
Desc: This is a digitally signed message part
URL: </pipermail/attachments/20110418/318479d8/attachment-0001.pgp>


More information about the Gnupg-users mailing list