OK, it’s time for me to keep a promise.
Back in October 2022, I wrote an article called Why (almost) everything we told you about passwords was wrong. The article summarizes how a lot of what you’ve been told about passwords over the years was either wrong (change your passwords as often as your underwear), misguided (choose long, complicated passwords), or counterproductive (don’t reuse passwords).
Most damningly of all, the vast effort involved in dispensing this advice over decades has generated little discernible improvement in people’s password choices. If it hasn’t quite been a wasted effort, it has certainly represented a galactically inefficient use of resources.
We know that this advice isn’t what it’s cracked up to be thanks to intrepid researchers, such as the folks Microsoft Research, who made it their business to discover what actually makes a difference to password security in the real world, and what doesn’t.
If you want the full, three-course meal version of why all the password advice you've been told stacks up to much less than the sum of its parts you can read the original article. Here's the snack version:
No comments:
Post a Comment