Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 21 Aug 2012 16:42:15 +0200
From: Patrick Mylund Nielsen <>
Subject: Re: Arstechnica Password article (feat. Matt Weir)

You also can't really ask normal users to remember more than one secure
password, and expect that they not re-use it. (Just getting them to pick
one secure password is a challenge in itself; the xkcd troubador comic
aptly notes that security people have shot themselves in the foot by doling
out the wrong advice for years. Good luck getting them to write down secure
and unique passwords after that...)

For 95% of users, IMO, the only short-term hope is to make password
managers so seamless/easy to use that using randomly generated and
auto-filled passwords is preferable to typing them in manually. I think
Google Chrome does this fairly well, but it could be much more aggressive.
Even having to download and learn to use another application, or an
extension like LastPass, is a roadblock for many users. Of course, then you
just have to hope that the customer support department of whatever service
provider manages your password blob or email account doesn't let anyone
bypass two-factor auth or reset the account password...

Long-term, maybe biometrics will become more ubiquitous, secure, and
supported. Very skeptical it will be soon, though. Most mainstream devices,
e.g. fingerprint readers, are still pretty much a joke, and few actually
have them.

On Tue, Aug 21, 2012 at 4:27 PM, Simon Marechal <>wrote:

> On 21/08/2012 16:17, Samuele Giovanni Tonon wrote:
> > And what about services like "last pass": aren't we just moving our
> > problems to the "simple one" of the relying entirely our security on one
> > single master password ? it's kind scary .
> Most people are already relying their entire security on one single
> master password : that of their main e-mail account. This is because of
> the password recovery options.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.