Re: How do I read result of a QR Code

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Jan 21, 2024 at 6:31 AM Tim via users
<users@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
>
> On Sun, 2024-01-21 at 02:56 -0800, ToddAndMargo via users wrote:
> > This all goes back to using easy passwords.  And the
> > same passwords on different sites:
> >
> > https://www.nist.gov/itl/smallbusinesscyber/guidance-topic/multi-factor-authentication
> >
> >       "In fact, databases of known breached account information
> >       reveal the actual passwords in use around the world, and
> >       we can see that people typically fail to choose sufficiently
> >       long, complex, and unique passcodes. A study of the most
> >       common passwords used globally has “123456”, “qwerty”
> >       (six consecutive keys on a keyboard) and “password” among
> >       the top 5."
>
> Password construction rules were always a crock of crap.  Must have one
> capital, symbol, number, etc just gave a series of clues to crackers.
> While making it harder for you to come up with a code you can remember
> and type (and just watch dyslexic people try to get these things right,
> illiterate people who can't spell, or anybody on a mobile phone touch
> screen).  Then have to go through it again and again on forced periodic
> changes.

Password complexity requirements are still a load of crap. No one
knows where the crap came from. Searching for the history of
complexity requirements seems to point to Microsoft NT 3.5. And we
know complex passwords result in weaker passwords from Security
Usability studies.

Another load of crap is password rotation policies. You never throw
away a good secret unless there's evidence of misuse or breach. And
forcing users to gratuitously change their password results in users
choosing weaker and weaker passwords over time as they are constantly
grinded on to change good passwords. We know this from Security
Usability studies.

Anyone designing an authentication system would be well served to read
Peter Gutmann's Engineering Security,
<https://www.cs.auckland.ac.nz/~pgut001/pubs/book.pdf>. Chapter 7
covers Passwords.

Jeff
--
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue



[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux