Another plea for password sanity
August 15th 2009
Here’s a recent posting on password problems that suggests 10 hard-to-follow rules.
The author highlights an important problem: attackers can do systematic trial-and-error guessing attacks against on-line sites. She focuses on a Google Gmail problem recently reported on Full Disclosure.
Here’s the point: use strong protection on high-value targets. Take the time to protect your major e-mail account, your financial resources, and anything else you really value. If you’re going to slack off, do it when registering to post a one-off blog comment.
Let me take a stab at my own list of recommendations.