Date: Thu, 7 Apr 2016 20:00:51 +0200 From: "e@...tmx.net" <e@...tmx.net> To: passwords@...ts.openwall.com Subject: Password creation policies Hello, all. We must abandon the entire notion of a "policy", if we want a serious discussion about passwords. The "password creation policy" concept is deeply MISLEADING. It confuses all our objectives and analytical tools with marketing and coercion. We were talking (if only we can call it "talking") on twitter about defining and measuring password strength. Soon the discussion slipped into the "policy" discourse. Words fail me! -- how irrelevant your futile attempts to influence people are to the problem of password creation STRATEGY. the attacker's and defender's strategies should be the subject. [two paragraphs of swearing are skipped]
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.