The reality is that _most_ people use the same username and password
everywhere. So an attacker compromises phpBB or Wordpress (or name your
favorite vunerable software here) somewhere and just uses those same
credentials at other sites. If the user, by chance, didn't use the same
password for another site - they probably DID use it for their email. The
attacker has the users email address compromised and can simply request a
password reset.
Or the attacker could simply use firesheep since SSL logins aren't forced
(yet).
Or. Or. Or.
Can we please stop arguing about this now? We've established there is a
hundred and one ways to break into someones account. Temp password length
seems like a low hanging fruit, but really changing that makes no different
(as we've established). Like find something else to argue about that would
actually increase security, like attempting to break Ryan's shiny new HTTPS
cluster.
On Sun, Oct 30, 2011 at 10:47, Neil Harris <neil(a)tonal.clara.co.uk> wrote:
On 30/10/11 15:46, Thomas Dalton wrote:
On 30 October 2011 15:38, Neil
Harris<neil(a)tonal.clara.co.uk> wrote:
However, this is way, way, way lower risk than
the current risk of
brute-forcing low-hanging-fruit user passwords: for every user with a
password generated by base64-encoding the output of /dev/random, there
will be _thousands_ with passwords like "secret99" and "trustno1".
A password from /dev/random is extremely insecure. It is highly
susceptible to the "find where they wrote it down because it's far too
difficult to remember" attack.
Obligatory xkcd link:
http://xkcd.com/936/
If you keep it in the password cache of your browser, on a
password-protected home directory on a laptop, that's probably secure
enough for most people -- with a good enough password, that roughly the
same level of security associated with an SSH key (long bit-pattern on
disk + physical possession of the object with the bit pattern on +
passphrase). [regarding passphrase strength -- obligatory XKCD link:
http://xkcd.com/538/ ]
Again, we're concentrating too much on the moderately-secure part of the
problem -- long-enough passwords used by security-conscious users --
and not paying enough attention to the weaker parts of the system such
as the vast number of users (probably including many admins) with weak
passwords, and the general failure to force a secure connection between
the user and the site for login pages and logged-on sessions.
It's like having a thin cardboard box with a relatively weak wooden lid
-- upgrading the strength of the cardboard box is a more urgent task
than replacing the lid with a steel safe door.
Once those are fixed, by all means let's then turn our attention to
things like temporary password lengths.
-- N.
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l