Linux Today: Linux News On Internet Time.

'Strong' Passwords May Not Be All They're Cracked Up to Be

Apr 28, 2010, 01:33 (0 Talkback[s])
(Other stories by Aaron Weiss)

"A recent headline in a major news outlet announced, "Please do not change your password" because, as the sub-head teased, "it's a waste of your time." The paper cited in the story is the latest salvo questioning a certain orthodoxy about computer security—that strong, cryptic passwords are the keystone to personal security online. This oft-repeated advice may be at best, outdated, and at worst, counterproductive, potentially exposing users to more risk rather than less.

"When creating accounts, users are often told to choose "strong" passwords—meaning that they are of sufficient length (often longer than 6 characters) and include a combination of characters that do not resemble simple words. The premise, of course, is that these passwords will be difficult for a hacker to guess. We've all seen the crucial scene in a movie where the evil hacker logs onto a victim's computer and, using only their wit, guesses the correct password. But like most events in movies, this hardly ever happens in real life."

Complete Story

Related Stories: