Date: Tue, 21 Aug 2012 16:42:15 +0200 From: Patrick Mylund Nielsen <cryptography@...rickmylund.com> To: john-users@...ts.openwall.com Subject: Re: Arstechnica Password article (feat. Matt Weir) You also can't really ask normal users to remember more than one secure password, and expect that they not re-use it. (Just getting them to pick one secure password is a challenge in itself; the xkcd troubador comic aptly notes that security people have shot themselves in the foot by doling out the wrong advice for years. Good luck getting them to write down secure and unique passwords after that...) For 95% of users, IMO, the only short-term hope is to make password managers so seamless/easy to use that using randomly generated and auto-filled passwords is preferable to typing them in manually. I think Google Chrome does this fairly well, but it could be much more aggressive. Even having to download and learn to use another application, or an extension like LastPass, is a roadblock for many users. Of course, then you just have to hope that the customer support department of whatever service provider manages your password blob or email account doesn't let anyone bypass two-factor auth or reset the account password... Long-term, maybe biometrics will become more ubiquitous, secure, and supported. Very skeptical it will be soon, though. Most mainstream devices, e.g. fingerprint readers, are still pretty much a joke, and few actually have them. On Tue, Aug 21, 2012 at 4:27 PM, Simon Marechal <bartavelle@...il.com>wrote: > On 21/08/2012 16:17, Samuele Giovanni Tonon wrote: > > And what about services like "last pass": aren't we just moving our > > problems to the "simple one" of the relying entirely our security on one > > single master password ? it's kind scary . > > Most people are already relying their entire security on one single > master password : that of their main e-mail account. This is because of > the password recovery options. >
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.