Skip to content

Fu*k1ng passwords!

August 10, 2017

There is a WSJ article making the rounds that Bill Burr, the fellow responsible for the NIST rules requiring all sorts of odd characters in passwords, now regrets writing that. As he should. That never increased security. In fact, it decreased it by forcing people to write down passwords that they might otherwise remember. The linked article wrongly claims “fifteen years ago, there was very little research into passwords and information security. That’s baloney. Every educated computer scientist knew then that predictable character substitutions or additions would not much increase the difficulty of breaking a password algorithmically. Sadly, I expect fifteen years from now, to have bank websites telling me that my password has to have at least one uppercase and one special character. Blech.

No comments yet

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: