All about passwords

Continuing my quest to get into the subtleties of security and measures to protect against ‘bad guys.’ I came across an interesting article in the New York Times, about choosing passwords.  One of the fundamental questions that i grapple with is the right way to think about the tradeoff between measures to protect against ‘what might happen’ and the ill effects or unintended consequences of those measures on real life. Typical example: if you require people to have long complicated passwords to protect their logins, they end up writing them down or emailing them around which is a lot worse. Anyway, here’s a bit from the article:

“At the Usenix Workshop on Hot Topics in Security conference, held last month in Washington, the three suggested that Web sites with tens or hundreds of millions of users, could let users choose any password they liked — as long as only a tiny percentage selected the same one. That would render a list of most often used passwords useless: by limiting a single password to, say, 100 users among 10 million, the odds of an attacker getting lucky on one attempt per account are astronomically long, Mr. Herley explained in a conversation last month.” (from The New York Times)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s