Wednesday, February 17, 2016

Best According To Whom?

from here

Over and over again I hear about password best practices, but invariably they turn out to be practices from the last century and as such are no longer anywhere near best anymore. What's worse is that everyone's idea of what constitutes best practices for passwords is a slightly different variation of the decades old advice. There is no agreement on what constitutes best practices so the term "best practices" doesn't even refer to a definite, well defined thing.

What we now know about passwords is this: 1) generated passwords are stronger than chosen passwords, and 2) recording passwords scales better than remembering passwords. Password managers cover both of these facts.

0 comments: