In the past I've discussed a
number of
aspects of the
password dilemma. Among the key issues are
- good passwords are hard to remember, and;
- passwords you can remember are easy for attackers to guess.
But, maybe one of the key issues is that password policies are universally so bad that consumers can't do the right thing because they can't figure out what that is! We've been living with that old dogma of.... say it with me...
- 8 characters;
- upper/lower case;
- numbers;
- special characters.
That's been around since the 60's. Perhaps it worked in a world when people had only one password, when systems weren't all networked together, and attacking systems wasn't the lucrative business it is now.
