The reality is that _most_ people use the same username and password everywhere. So an attacker compromises phpBB or Wordpress (or name your favorite vunerable software here) somewhere and just uses those same credentials at other sites. If the user, by chance, didn't use the same password for another site - they probably DID use it for their email. The attacker has the users email address compromised and can simply request a password reset.
Or the attacker could simply use firesheep since SSL logins aren't forced (yet).
Or. Or. Or.
Can we please stop arguing about this now? We've established there is a hundred and one ways to break into someones account. Temp password length seems like a low hanging fruit, but really changing that makes no different (as we've established). Like find something else to argue about that would actually increase security, like attempting to break Ryan's shiny new HTTPS cluster.
On Sun, Oct 30, 2011 at 10:47, Neil Harris neil@tonal.clara.co.uk wrote:
On 30/10/11 15:46, Thomas Dalton wrote:
On 30 October 2011 15:38, Neil Harrisneil@tonal.clara.co.uk wrote:
However, this is way, way, way lower risk than the current risk of brute-forcing low-hanging-fruit user passwords: for every user with a password generated by base64-encoding the output of /dev/random, there will be _thousands_ with passwords like "secret99" and "trustno1".
A password from /dev/random is extremely insecure. It is highly susceptible to the "find where they wrote it down because it's far too difficult to remember" attack.
Obligatory xkcd link: http://xkcd.com/936/
If you keep it in the password cache of your browser, on a password-protected home directory on a laptop, that's probably secure enough for most people -- with a good enough password, that roughly the same level of security associated with an SSH key (long bit-pattern on disk + physical possession of the object with the bit pattern on + passphrase). [regarding passphrase strength -- obligatory XKCD link: http://xkcd.com/538/ ]
Again, we're concentrating too much on the moderately-secure part of the problem -- long-enough passwords used by security-conscious users -- and not paying enough attention to the weaker parts of the system such as the vast number of users (probably including many admins) with weak passwords, and the general failure to force a secure connection between the user and the site for login pages and logged-on sessions.
It's like having a thin cardboard box with a relatively weak wooden lid -- upgrading the strength of the cardboard box is a more urgent task than replacing the lid with a steel safe door.
Once those are fixed, by all means let's then turn our attention to things like temporary password lengths.
-- N.
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l