Well, not quite, but there is one fundamental thing about passwords that I and almost every other security expert has overlooked. For a long, long time, we in the security business have been thinking about maximal strength, maximum entropy, minimal length passwords; we have been saying things like “minimum eight characters, upper and lower case letters and special characters in a random mix” is the best approach. That certainly makes for unguessable passwords, but it also makes them very difficult to remember.
So, throw out everything I have told you about creating strong passwords. I’m going to start over with a simple concept that will not only allow you to create completely hacker-proof passwords, but those passwords will be so easy to remember, you’ll never have to write them down. You can even use the word “password” if you want. It all starts with the fact that a hacker has no idea what your password is to begin with.
All will be revealed in my next three posts entitled, “The new password paradigm,” parts one, two and three.
5 thoughts on “Everything I’ve ever said about passwords was wrong”
Oooh, very nice teaser! Can’t wait to hear the rest!
i meant after going to #3
How to create and use an unguessable password
that’s where you lost me after the first paragraph.
I can’t wait to hear your take on a concept that on the face of it, doesn’t sound so good.
I’m reminded of this comic:
So true, Chad. So true… and funny! 🙂
Comments are closed.