Sunday, 1 January 2017

Password strength - the don't care region

Mark Stockley advises us to Stop wasting time making the wrong passwords stronger.
Most of the effort spent on making passwords stronger is wasted, according to a trio of researchers from Microsoft in the USA and Carleton University in Ottawa, Canada.

The researchers, Dinei FlorĂȘncio, Cormac Herley and Paul C. van Oorschot, said in a recent paper that there are two vast “don’t care” regions where energy spent on strengthening passwords is simply wasted.
...
The first “don’t care” region is an online-offline chasm. The chasm represents the gap between the number of guesses a password might have to withstand in an online attack and how many it might face in an offline attack (you can read more about it in my article Do we really need strong passwords?).

No comments:

Post a Comment