In some situations, a complex password can help you. But in others—like when the company holding your password stores it in plain text, without encrypting it—that complexity is meaningless. And some passwords may seem complex, when they’re actually pretty easy to guess. They can trip you up, even if they’re stored using cryptographic techniques, when someone hacks into the machines that they live on. The lesson here is that system administrators—the people who oversee all those password rules you have to follow—need to shoulder a bit more of the work. They need to better understand what makes a secure password—and how passwords should be stored. “Everyone is confused in this space,” says Cormac Herley, a Microsoft researcher who’s been studying passwords for years. System administrators will lay down rules for passwords but often, “we don’t know half of why we’re doing this stuff.,” says Herley. And they may not realize they should be spending their time securing systems in other ways.

Turns Out Your Complex Passwords Aren’t That Much Safer | Enterprise | WIRED

Notes

  1. iridescentconsulting reblogged this from infoneer-pulse
  2. miracleviolet reblogged this from infoneer-pulse
  3. verbish reblogged this from infoneer-pulse
  4. alreadybeenbroughten reblogged this from infoneer-pulse
  5. daftmoto reblogged this from infoneer-pulse
  6. everywheretogo reblogged this from infoneer-pulse
  7. techerous reblogged this from infoneer-pulse
  8. katalogofchaos reblogged this from infoneer-pulse
  9. surroundedbybooks reblogged this from infoneer-pulse
  10. infoneer-pulse posted this