This is from Douglas George, Ottawa-based expert amateur astronomer and comet hunter, who was responding to a question from another friend of mine: For people looking to get into astronomy, here is some great advice for buying a beginner telescope. My post Open Kimono Security presented one way to address this chicken-and-egg situation, but we might need something a bit more mainstream.Īstronomy is an amazing hobby that can take you as far as you want to go, in all sorts of observing and scientific directions. If users aren't forced to use secure-enough passwords, and given that they don't understand the need for unique passwords across all their services, why would they go to the trouble (they imagine) of using a password manager? (That "trouble", by the way, is well worth it.)Īs someone fascinated by security architecture - and especially by how much better it could be - this is the kind of problem I love to ponder.If service providers don't require secure-enough passwords, why would users use them? You can easily imagine the usability (and security issues) that such passwords would create for users that don't use a password manager.Since the vast majority of users don't use password managers, a service provider that required secure-enough passwords would likely be out of business in short order. Now, a tougher question: can you blame service providers that allow passwords that are shorter than, say, 12 characters and not complex and random? Anything less than that, as a bare minimum, is probably not secure enough against offline attacks. Microsoft disallows such passwords but the vast majority of service providers don't. You can blame service providers that allow stupidly insecure passwords like "123456", "password", the name of the service, etc.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |