In Defense of Passwords

Discussion in 'privacy technology' started by MrBrian, Aug 26, 2014.

  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  2. brians08

    brians08 Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    40
    The greatest problem with passwords is the security of the system where they are used. Either figure out how to stop the theft of password hashes or make the hashes so secure that they can't be cracked when stolen.
    Unfortunately, the users don't want to be botherd with these details. As long as users want quick and easy access to online services, there will be a steady stream of articles like "Russian mafia steals billions of passwords".
    Again, the problem is that the users want online services for free or nearly free and easy. They fight password complexity requirements and end up finding passwords that pass the test but are still easy to guess. Super slow hashes would help but users would complain if it took 10 seconds to confirm passwords.
     
  3. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From The quest to replace passwords: a framework for comparative evaluation of Web authentication schemes (2012):
     
  4. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,147
    Location:
    UK
    Thanks, I recommend Table one from the pdf.

    I think my personal conclusions have matched the notion of having moats, walls and archers. Ultimately, I think you do need a limited number of strong passwords which you remember - I use Diceware and do not find this too onerous. Then a number of weaker schemes underneath this to do practical jobs (e.g. website access with LastPass with 2FA).

    I reckon the security questions for recovery on many sites are some of the biggest self-inflicted disasters in this space.
     
  5. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    You're welcome :).

    Tip: Table 1 is on p. 27.
     
Loading...