Everything I’ve ever said about passwords was wrong

Well, not quite, but there is one fundamental thing about passwords that I and almost every other security expert has overlooked. For a long, long time, we in the security business have been thinking about maximal strength, maximum entropy, minimal length passwords; we have been saying things like “minimum eight characters, upper and lower case letters and special characters in a random mix” is the best approach. That certainly makes for unguessable passwords, but it also makes them very difficult to remember.

So, throw out everything I have told you about creating strong passwords. I’m going to start over with a simple concept that will not only allow you to create completely hacker-proof passwords, but those passwords will be so easy to remember, you’ll never have to write them down. You can even use the word “password” if you want. It all starts with the fact that a hacker has no idea what your password is to begin with.

All will be revealed in my next three posts entitled, “The new password paradigm,” parts one, two and three.

Stay tuned.

5 thoughts on “Everything I’ve ever said about passwords was wrong”

  1. i meant after going to #3
    How to create and use an unguessable password

    that’s where you lost me after the first paragraph.

Comments are closed.

Exit mobile version


Get great content like this delivered to your inbox!

It's free, convenient, and delivered right to your inbox! We do not spam and we will not share your address. Period!