HTTP/1.1 200 OK Server: nginx Date: Thu, 03 May 2018 07:45:05 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive X-Drupal-Cache: MISS Expires: Sun, 19 Nov 1978 05:00:00 GMT Cache-Control: no-cache, must-revalidate X-Content-Type-Options: nosniff Content-Language: en X-Frame-Options: SAMEORIGIN X-UA-Compatible: IE=edge X-Generator: Drupal 7 (http://drupal.org) Link: ; rel="canonical",; rel="shortlink" Vary: Accept-Encoding X-Request-ID: v-e4ac9442-4ea5-11e8-9d6a-22000b770232 X-AH-Environment: prod X-Varnish: 188384343 Age: 0 Via: 1.1 varnish-v4 X-Cache: MISS Accept-Ranges: bytes A brief history of bad passwords | Opensource.com
Jump to navigation[1]
IT-mandated password policies seem like a good idea—after all, what are the chances that an attacker will guess your exact passcode out of the 782 million potential combinations in an eight-character string with at least one upper-case letter, one lower-case letter, two numerals, and one symbol? Those odds are not in your favor because most IT password policies don't consider how people select and use passwords in the real world, says Kyle Rankin[2], chief security officer at Purism[3] and author of Linux Hardening in Hostile Networks. Password polices don't work because hackers do consider how people think. Watch Kyle's Lightning Talk, "Sex, Secret, and God: A Brief History