When passwords or their corresponding hashes are stolen, it can be difficult at best to detect or restrict their unauthorized use. When humans are forced to change their passwords, too often they’ll make a small and predictable alteration to their existing passwords and/or forget their new passwords. When humans are assigned or forced to create passwords that are hard to remember, too often they’ll write them down where others can see them. When humans pick their own passwords, too often they are easy to guess or predict. There’s no question that the state of password security is problematic and has been for a long time. In last month’s blog post, Microsoft's Margosis wrote: Now, almost three years later, Cranor has company.
One of the notable exceptions was in 2016, when Lorrie Cranor, then the Federal Trade Commission’s chief technologist, called out the advice given by her own employer. Advertisementįurther Reading Frequent password changes are the enemy of security, FTC technologist saysDespite the growing consensus among researchers, Microsoft and most other large organizations have been unwilling to speak out against periodic password changes. At the same time, the mandatory changes provide little security benefit, since passwords should be changed immediately in the event of a real breach rather than after a set amount of time prescribed by a policy. A password that had been becomes and so on. Chief among them, the requirements encourage end users to choose weaker passwords than they otherwise would.
The same researchers have warned that mandating password changes every 30, 60, or 90 days-or any other period-can be harmful for a host of reasons. Those traits make them especially hard for most people to remember. Researchers have increasingly come to the consensus that the best passwords are at least 11 characters long, randomly generated, and made up of upper- and lower-case letters, symbols (such as a %, *, or >), and numbers. As a result, those measures provide little protection against modern cracking techniques. Further Reading Anatomy of a hack: How crackers ransack passwords like “qeadzcwrsfxv1331”Even when users attempt to obfuscate their easy-to-remember passwords-say by adding letters or symbols to the words, or by substituting 0’s for the o’s or 1’s for l’s-hackers can use programming rules that modify the dictionary entries.
0 kommentar(er)
