The past few weeks, I’ve been on this security kick particularly when it comes to encryption. I’m developing my own app so I’m trying a whole bunch of things, no doubt making plenty of mistakes in the process. Luckily, the data I am protecting is only quasi-valuable so I can afford to take a hit due to my own conscious incompetence.
Anyhow, I ran across this article on arstechnica yesterday entitled “Why Passwords have never been weaker – and crackers have never been stronger.” It’s a long article and it will take you a while to read it, but here is the summary:
Thus, all these factors combined are what make it easier for hackers today to crack passwords. Furthermore, because they already know what many of the most common passwords are (“password”,”123456”,”12345678”), this gives them a head start.
That’s how passwords have gotten easier to crack over the past five years.
I'm one of those interviewed for the article at Ars Technica by Dan Goodin, and I'm the guy who warned the media about the Linkedin breach in June.
May I suggest attending our Passwords^12 conference in Oslo (Norway, on December 3-5? I think it is the first-ever conference series that is all about passwords & PINs, nothing else. Registration opens 1-2 week of September. CFP & more info: securitynirvana.blogspot.no/.../passwords12-call-for-presentations.html
I’ve given up on trying to get people to use very strong passphrases, as many sites do not support them. The result being that many people have been trained to use less secure passwords (the least common denominator) acceptable to most sites.
Instead of having one algorithm to enforce a site’s password, one should use a series of well-defined algorithms to support strong passwords of varying types.
Thanks for commenting on this blog, especially as you're one of the interviewees in the article I discussed.
Your conference also looks intriguing; I never knew that topics around password security could take up two full days!
We did two days in 2010 and 2011 tzink, but this year we are doing 3 - three - full days. :-)