Re: How do I read result of a QR Code

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 1/21/24 06:22, Jeffrey Walton wrote:
On Sun, Jan 21, 2024 at 6:31 AM Tim via users
<users@xxxxxxxxxxxxxxxxxxxxxxx> wrote:

On Sun, 2024-01-21 at 02:56 -0800, ToddAndMargo via users wrote:
This all goes back to using easy passwords.  And the
same passwords on different sites:

https://www.nist.gov/itl/smallbusinesscyber/guidance-topic/multi-factor-authentication

       "In fact, databases of known breached account information
       reveal the actual passwords in use around the world, and
       we can see that people typically fail to choose sufficiently
       long, complex, and unique passcodes. A study of the most
       common passwords used globally has “123456”, “qwerty”
       (six consecutive keys on a keyboard) and “password” among
       the top 5."

Password construction rules were always a crock of crap.  Must have one
capital, symbol, number, etc just gave a series of clues to crackers.
While making it harder for you to come up with a code you can remember
and type (and just watch dyslexic people try to get these things right,
illiterate people who can't spell, or anybody on a mobile phone touch
screen).  Then have to go through it again and again on forced periodic
changes.

Password complexity requirements are still a load of crap. No one
knows where the crap came from. Searching for the history of
complexity requirements seems to point to Microsoft NT 3.5. And we
know complex passwords result in weaker passwords from Security
Usability studies.

I thought so.


Another load of crap is password rotation policies. You never throw
away a good secret unless there's evidence of misuse or breach. And
forcing users to gratuitously change their password results in users
choosing weaker and weaker passwords over time as they are constantly
grinded on to change good passwords. We know this from Security
Usability studies.

I can personally attest to this from my travels as
a computer consultant

Anyone designing an authentication system would be well served to read
Peter Gutmann's Engineering Security,
<https://www.cs.auckland.ac.nz/~pgut001/pubs/book.pdf>. Chapter 7
covers Passwords.

Jeff


I needed a password eight characters long
I picked "Snow White and the Seven Dwarfs".

Okay, that was a "Dad Joke" but it probably is a really
strong password and easy to remember.  I recommend run on
phrases to my customers.  When I make them up for them,
I often use a phrase that flatters their business.
Those they never forget.
--
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue



[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux