--- On Mon, 4/25/11, Christopher Howard <christopher.howard@frigidcode.com> mentioned:
> http://www.baekdal.com/tips/password-security-usability
>
That makes sense; you'll usually get more mileage out of increasing the exponent (in this case, requiring longer passwords) than you will by expanding the base (requiring uppercase, numbers, and symbols). One of the best suggestions I've heard was to abbreviate a memorable phrase, adding caps and symbols as appropriate. For example, one could condense Han Solo's questionable feats of piloting into "KslRun<12pc". If it contains proper nouns or made-up words, so much the better.
Baekdal's response hits on another key concern, password reuse. Even a weak password like "jeff1"* is relatively harmless if all the cracker can do is spam Gawker sites. If that's also your e-mail or Facebook login, they can do a lot more damage.
* A disturbing number of my banking colleagues used "husband's name plus one or two digits" as their password. Making the password expire every month somehow made it worse; they adopted a standard of "jeff1" for January, "jeff2" for February, and so forth.
-- Aaron A. akbeancounter@yahoo.com --------- To unsubscribe, send email to <aklug-request@aklug.org> with 'unsubscribe' in the message body.Received on Tue Apr 26 11:15:29 2011
This archive was generated by hypermail 2.1.8 : Tue Apr 26 2011 - 11:15:29 AKDT