[WikiEN-l] Please change your passwords.
Steve Summit
scs at eskimo.com
Mon May 7 21:11:56 UTC 2007
Gregory Maxwell wrote:
> But what we should be telling people is:
> "Use the longest pass*phrase* you can easily type...
> Yes, "gWXi$a09" is strong too, but when you try to tell people to use
> passwords like that you get "10qpalz," which isn't strong.
Well, I'm not so sure either works. I'm one of the more
security-conscious people I know, and I don't bother with strong
passwords (let alone passphrases) when I register at ordinary
websites -- the risk just isn't there. If you tell me to pick
a strong password I'll just laugh at you.
And if you violently disagree with me here -- that's my point.
This may be an irresponsible attitude of mine, maybe I really
*should* be using strong passwords on every ordinary website I
register with, but: I bet I'm not alone.
If your security strategy depends on users picking a certain kind
of password, you'd better enforce it in software, because I doubt
you'll get enough voluntary compliance otherwise.
More information about the WikiEN-l
mailing list