This is a bit scary, especially given that some systems put a limit on the size of passwords you may use. Of course, they need to get hold of the encrypted (or hashed) password in the first place so that should provide a basic line of defence, but it is a remarkable feat, using incredibly cheap hardware. Time to make my passwords longer and stronger, I think. Recent reearch suggests that the strongest are not those that have weird and wonderful mixes of letters and symbols and numbers (easily forgotten), but that use sentences (but not obvious ones that can be found with a web search - poems and song lyrics are not a good choice!)
Bookmarks are a great way to share web pages you have found with others (including those on this site) and to comment on them and discuss them.
We welcome comments on public posts from members of the public. Please note, however, that all comments made on public posts must be moderated by their owners before they become visible on the site. The owner of the post (and no one else) has to do that.
If you want the full range of features and you have a login ID, log in using the links at the top of the page or at https://landing.athabascau.ca/login (logins are secure and encrypted)
Posts made here are the responsibility of their owners and may not reflect the views of Athabasca University.
Comments
Biometrics anyone?
Maybe - apart from difficulties in assuring accuracy (there are too many false positives and false negatives in all existing forms, though using multiple methods can lead to a more acceptable failure rate) and the fact that what gets stored is a bunch of what are still (we hope) encrypted or hashed data, AKA passwords.
how about public key infrastructure for authentication.
Even worse. Symmetric encryption is at least provably secure (up to a point which, for 6 character passwords, turns out to be 4 seconds on cheap hardware), whereas asymmetric encryption (at least SSL) not only uses crackable passphrases but relies on the complexity of finding the prime-numbers that are factors of a big number. This is not only lacking formal proof of difficulty but there has been some notable progress in shortening the time it takes which suggests that formal proof will never arrive. In fact, I strongly suspect there are agencies out there that can crack it already, but governments are notoriously secretive about such discoveries. For instance, asymmetric encryption was invented in the UK well over a decade before it was invented in the US but no one knew about it because it was an official secret, and the Nazis never knew that Enigma machines had been cracked by Turing et al for the same reason (thus also keeping his electronic computers a secret). Plus, it is computationally very very very expensive indeed, which is why it is only used for key exchange today: if we relied on it for more than exchange of symmetric passwords, our computers would crawl at a tiny fraction of their current speed.
I just made a cryptic sentence for a password. I liked it. No poetry but my own.