There must be smarter security than a ban on dumb passwords

Mike Hoxbig

Honorary Master
Joined
Apr 25, 2010
Messages
37,015
Dumb passwords are actually the answer. But the non-mathematically-inclined IT geniuses think they know better...


password_strength.png
 

Swa

Honorary Master
Joined
May 4, 2012
Messages
28,583
Only problem is, once they hack you they've hacked you forever. The real solution is something you carry with you that can be changed like a flash drive.

zeitgeist
 

Lupus

Honorary Master
Joined
Apr 25, 2006
Messages
34,415
Yup and IT departments keep pushing the 45 day password refresh. Cause nothing says secure like Jun3 2016 or wifes name plus a number and a special character.
Instead of allowing me to enter in a sentence I can remember I need to have special characters and numbers and and
 

Arthur

Honorary Master
Joined
Aug 7, 2003
Messages
25,574
What I find a little irritating is that many websites still limit the password length. I've taken to using sentences in classical or obscure languages, and it really grates when I can't use my current eleven-word quote from an obscure but memorable phrase from Ovid, with a number and special char sprinkled in. I need password fields that can take sixty characters.
 

Swa

Honorary Master
Joined
May 4, 2012
Messages
28,583
Every time a user logs in, they will be uniquely identified with their fingerprint using Apple's Touch ID technology. With secure biometrics, you can trust that your users are who they say they are.

If a user's device doesn't support Touch ID, Clef securely falls back to a PIN on the device — there's always a second-factor.
That isn't 2-factor, it's simply an extra backup method.
 

Openhost

Member
Joined
Jun 2, 2016
Messages
26
Security on a Windows machine is hardly any factor, i just mentioned that I liked it, have you seen the videos of clef? Its quite cool. Although, you will have to have your phone with you. Still nice though.

That isn't 2-factor, it's simply an extra backup method.
 

backstreetboy

Honorary Master
Joined
Jun 15, 2011
Messages
26,148
Last edited:

Arthur

Honorary Master
Joined
Aug 7, 2003
Messages
25,574
There is. It's called 2FA... Microsoft is just pissing in the dark. Instead of advertising it they ban weak passwords. With 2FA enabled your passwords can be weaker.
Ja. Just make sure your second factor can't be hijacked, like some of the banking/SMS scams.

Where possible, I use an authenticator app on the phone to generate TOTP/HOTP security tokens from RFC6238. The only risk is were my phone to fall into a scamster's hands before I can change the 2FA on my profile for that site.
 
Top