Friday, August 19, 2011

passwords and sacred ... horses?

from XKCD

this has been discussed a lot recently in security circles because randall munroe gets a lot right here. unfortunately, for all his reasoned examination of password practices, he failed to question one of the most important sacred cows in password authentication - relying on human memory. when you take that out of the equation (ie. start storing passwords instead of trying to remember them) then the entire equation changes. no careful choosing of passwords, no reason to limit their size or contents, and no need to handle authentication like you're still in the stone age.