Skip to content. | Skip to navigation

Sections

Personal tools

You are here: Home → wikidblog → Better password strength just one factor

Recent entries: Redhat & Fedora hacked admin Aug 25, 2008; Two-factor for the cloud admin Aug 15, 2008; Debunking "Two-Factor Authentication Debunked by TSB Phish" admin Jul 02, 2008; New Howtoforge article - Postgresql admin Jul 02, 2008; World of Warcraft gets two-factor authentication - your bank won't follow admin Jul 01, 2008

Recent comments: Re:Security and Oil admin Apr 25, 2008; Re:Security and Oil Paul feet Apr 24, 2008; Re:100% open source admin Apr 22, 2008; Re:100% open source Adam Apr 22, 2008; Re:Capital Gains Tax Rates and Entrepreneurs Lance Oct 23, 2007

2006/12/22

Better password strength just one factor

Pete over at Spire Security points out the obvvious(which alluded me):

As far as I can tell, Bruce Schneier's current Wired column, MySpace Passwords Aren't So Dumb, is intended to be taken seriously. The article is supposed to be about how "good" passwords on MySpace are these days, and there isn't a hint of irony in his statement:
"But seriously, passwords are getting better."
I am at a loss to explain how he can come to this conclusion when every single one of the 34,000 passwords he analyzed were stolen through a phishing attack. What he should have said was: "This shows that a 1-character password (the shortest they harvested) is just as secure as a 32-character password (the longest they harvested)"

He also points out that if you're not going to do two-factor authentication, then don't worry about long passwords. If any data is important enough or vulnerable enough to require a strong and therefore annoying password policy, use two-factor authentication.

It points out to me that as a vendor of two-factor authentication solutions we battle not just our competitors but the perceptions that two-factor authentication is a hassle and that stronger passwords will suffice, neither of which is necessarily true any more.

Pete's insight is much more valuable than mine: "MySpace Passwords Aren't So Dumb" - Content is.

Category(s): Two Factor Authentication; Authentication Attacks

The URL to Trackback this entry is:: http://www.wikidsystems.com/WiKIDBlog/better-password-strength-just-one-factor/tbping

Add comment

You can add a comment by filling out the form below. Plain text formatting. Comments and Trackbacks are moderated.

Author (Required)

EMail (Required)

URL

Title (Required)

Comment (Required)

Remember your information on cookie?

Verification Code

This helps us prevent automated spamming.

Captcha Image

Categories: Security and Economics (78); Two Factor Authentication (127); Authentication Attacks (53); Phishing and Fraud (86); Miscellaneous (90); WiKID (63); Information Security (64); Strong Authentication (24); Open Source (32); Mutual Authentication (38); Transaction Authentication (11); Wireless, cellular, mobile devices (6); PCI (23)

Feeds and Bookmarks: Digg this!; Del.ico.us; Google; Yahoo bookmarks; Reddit; Spurl; Simpy

Start using WiKID today

Recent Changes: How to configure WiKID for Replication Aug 29, 2008; Installation Documentation Aug 29, 2008; How can I test if the server is working correctly? Aug 27, 2008; Redhat & Fedora hacked Aug 25, 2008; Two-factor for the cloud Aug 15, 2008; All recent changes…

Got Questions? Get Answers.