Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 20 Apr 2016 23:51:35 +0200
From: "e@...tmx.net" <e@...tmx.net>
To: passwords@...ts.openwall.com
Subject: Re: Mandatory password changes - DIEDIEDIE!

On 04/20/2016 11:40 PM, Per Thorsheim wrote:
> Den 20.04.2016 22.57, skrev e@...tmx.net:
>>> The statement will simply be something like "stop changing passwords
>>> frequently".
>>
>> +1
>>
>>> We can no longer require users to have long & complex passwords, unique
>>> to every service & site, and additionally ask them to change them every
>>> 30-60-90 days.
>>
>> it is important to separate all these 4 points.
>
> Agree.
>
>> 1. WE CAN AND SHOULD REQUIRE users to have LONG passwords,
>
> Disagree. Risk analysis should be applied. Having a long password won't
> help shit if all data is stored in plain on physically available disk.
> (No matter what rule you make, there will always be exceptions.)

here you bring even more distant issue into the scope.
set it aside.
password length is a property that is targeted ONLY to deflect guessing 
attacks, and should not be confused with physical attacks.

so let us set (1) (2) (3) aside altogether;
and good luck with the (4).


> https://scholar.google.no/citations?view_op=view_citation&continue=/scholar%3Fq%3Dthorsheim%26hl%3Dno%26as_sdt%3D0,5%26scilib%3D1&citilm=1&citation_for_view=tP9nguAAAAAJ:d1gkVwhDpl0C&hl=no&oi=p
>
> In which we argue for classifying sites & services into risk levels, and
> allowing pwd reuse within same level, but mixing of passwords across
> different levels. Rude, but at least something to ease the burden on
> normal users.

i feel bad :( i wanted to write about classifying your personal 
passwords for improving manageability and reduce interference... you 
know what i mean.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.