Today I am reviving an old blogging tradition of posting some interesting or useful links with little or no context. Today’s topic: Passwords.
4 fatal flaws in deterministic password managers
Sync-less password managers are trending again, Tony Arcieri breaks down some reasons why they suck.
NIST’s New Password Rules
For developers: I pull this article from the link above, there are a few counterintuitive suggestions in this doc.
4 replies on “Links for Today: Passwords”
4-word passphrases are not as secure you’d think:
http://arstechnica.com/business/2012/03/passphrases-only-marginally-more-secure-than-passwords-because-of-poor-choices/
My main takeaway is that you should choose a random 4 words. yes/no?
Yes, you’re right, but if you use common, easy to remember words, you leave yourself vulnerable to dictionary attacks. A long string of completely random characters will usually be much stronger. Another good article which talks about this: http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/
This is super fascinating.