[colug-432] password survey
Rob Funk
rfunk at funknet.net
Sat May 24 13:00:31 EDT 2014
On Saturday, May 24, 2014 12:38:42 PM Bill Baker wrote:
> OK, so let's say we all start immediately using public key
> authentication (in reality, I would bet that we will still be using
> password authentication 20, 30 or even 50 years into the future). How
> long until the next tool comes along that renders even that useless?
There's always a progressive arms race. Both sides continually improve
their methods. Recognition of that doesn't mean the answer is unilateral
surrender.
> I guess my point here is that the user in the joke is probably an office
> drone who is not keeping any sensitive information on her computer.
I vaguely recall Kevin Mitnick addressing that in his book about social
engineering. People don't realize the value, to the right person, of the
information that they have access to.
> A cracker would most likely not invest much time trying to crack her
> password, and move on to her more vulnerable co-workers.
Yes, a lot of personal security choices boil down to being a harder target
than your neighbor.
More information about the colug-432
mailing list