Using Passwords? Switch to Pass-phrases, Instead.

Posted by Clark Venable on 2/13/2005

Slashdot points to a very interesting blog entry by a Microsoft engineer in which he makes it perfectly clear how single passwords are not secure any longer:
" So with all of these highly successful, highly effective attacks on passwords (dictionary attacks, brute-force attacks, pre-computation attacks) I've come to the conclusion that there is simply too much risk associated with passwords and that users of Windows should simply stop using them to avoid this risk. "

Instead, he recommends pass-phrases:

" Pass-phrase LENGTH, not complexity defeats these attacks. Short, but complex passwords should be shunned as they are not truly secure anymore and you are deceiving yourself if you think they are. Long pass-phrases (14 characters or more) are the future (along with 2-factor or more authN, but that's another blog for another day) and are the only way to go if you want to ensure that you won't get hacked via any type of password based attack of any kind. "

This post has 0 replies
See full thread



Feeds and Categories

Blog Roll

Google Modules
   Body Mass Index
   Allowable Blood Loss

Anesthesiology
   The Ether Way
   Westmead Anaesthesia Blog
   Anesthesioboist
   Book of Joe
   Anesthesiamania
   i'm so sleepy
   GASMAN

Medicine
   Aggravated DocSurg
   Retired Doc
   Finger and Tubes
   Running A Hospital
   Medviews
   Doctor
   Chance To Cut
   Medlogs
   Medpundit
   RangelMD
   DB's Medical Rants
   EchoJournal
   Palmdoc Chronicles
   Blogborygmi
   The Well-Timed Period
   WebMD

Journals
   NEJM
   JAMA
   A&A
   Anesthesiology

Geeks Like Me
   Seth Dillingham
   Jonathan Greene