A Web Developer in Winnipeg

Links for Today: Passwords

Today I am reviving an old blogging tradition of posting some interesting or useful links with little or no context. Today’s topic: Passwords.

4 fatal flaws in deterministic password managers
Sync-less password managers are trending again, Tony Arcieri breaks down some reasons why they suck.

NIST’s New Password Rules
For developers: I pull this article from the link above, there are a few counterintuitive suggestions in this doc.

TLDR – Just use 4 easy to remember words

Comments

4 responses to “Links for Today: Passwords”

DanBoulet

November 22, 2016

4-word passphrases are not as secure you’d think:

http://arstechnica.com/business/2012/03/passphrases-only-marginally-more-secure-than-passwords-because-of-poor-choices/

Log in to Reply
1. ohryan
  
  November 22, 2016
  
  My main takeaway is that you should choose a random 4 words. yes/no?
  
  Log in to Reply
  1. DanBoulet
    
    November 22, 2016
    
    Yes, you’re right, but if you use common, easy to remember words, you leave yourself vulnerable to dictionary attacks. A long string of completely random characters will usually be much stronger. Another good article which talks about this: http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/
    
    Log in to Reply
    1. ohryan
      
      November 23, 2016
      
      This is super fascinating.
      
      Log in to Reply

Leave a Reply Cancel reply

Only people in my network can comment.