Forgot your password?
typodupeerror
Security

+ - People Reuse Passwords. Minimize the Risk.->

Submitted by ergo98
ergo98 (9391) writes "Users reuse passwords, likely to a greater degree than they admit.

It clearly isn't going to change: This story has played out time and time again as password databases are compromised and accounts are exploited. While those attacks get the loudest attention, it seems likely that there are much quieter misuse of credentials by the people who you trust with them. If you used the same password for iTunes or PayPal that you used for some random site, for instance, it seems obvious that the rolls of the dice will yield a compromise at some point. Even if they carefully scrypt your password before putting it in their database, there are zero guarantees that the sites themselves aren't doing other things with it.

So what is the solution? A better input type="password"? OpenId, OpenAuth, or Facebook Connect, putting more eggs in one basket? Two-factor authentication (widely usable now with OATH implementations of HOTP/TOTP in smartphone apps)?

Something needs to improve because the same story keeps playing out."

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

People Reuse Passwords. Minimize the Risk.

Comments Filter:

"Consistency requires you to be as ignorant today as you were a year ago." -- Bernard Berenson

Working...