isoloisti - Slashdot User

Submission + - New UK password guidance says re-using OK, regular changing a waste (www.gov.uk) 1

Submitted by isoloisti on Thursday September 10, 2015 @11:40AM

isoloisti writes: New UK govt guidance on how to handle passwords "advocates a dramatic simplification of the current approach." "Unlike previous guidance, this doesn't focus on trying to get ever more entropy into passwords." For example: "Regular password changing harms rather than improves security, so avoid placing this burden on users." And "given the infeasibility of memorising multiple passwords, many are likely to be re-used. Users should only do this where the compromise of one password does not result in the compromise of more valuable data protected by the same password on a different system."

Blog launching the guidance: https://cesgdigital.blog.gov.u...
Main guidance doc: https://www.gov.uk/government/...

Submission + - Everything you know about password-stealing is wrong (microsoft.com) 1

Submitted by isoloisti on Monday February 11, 2013 @02:23PM

isoloisti writes: An article by some Microsofties in the latest issue of Computing Now magazine claims we have got passwords all wrong.

When money is stolen consumers are reimbursed for stolen funds and it is money mules, not banks or retail customers, who end up with the loss. Stealing passwords is easy, but getting money out is very hard. Passwords are not the bottleneck in cyber-crime and replacing them with something stronger won’t reduce losses. The article concludes that banks have no interest in shifting liability to consumers, and that the switch to financially-motivated cyber-crime is good news, not bad.

Article is online at computer.org site (hard-to-read multipage format)
http://www.computer.org/portal/web/computingnow/content?g=53319&type=article&urlTitle=is-everything-we-know-about-password-stealing-wrong-
or pdf at author’s site.
http://research.microsoft.com/pubs/161829/EverythingWeKnow.pdf

Submission + - Bank Robbing a terrible business (wsj.com)

Submitted by

isoloisti

on Thursday June 14, 2012 @11:29AM

isoloisti writes: "Three UK economists get access to national data on bank robberies. The conclusion is that robbing banks pays, but not very much. Average take is about $19k per person per robbery. But, there's a 20% chance of being caught per raid. To make a below average income a robber needs to do two jobs per year, and has greater than 50% chance to be in the slammer after 2 years."

Submission + - Passwords not going away. Not soon, not ever. (wired.com)

Submitted by isoloisti on Friday January 13, 2012 @12:08PM

isoloisti writes: Hot on the heels of IBM's "no more passwords" prediction Wired has an article about provocative research saying that passwords are here to stay.
Researchers from Microsoft and Carleton U. take a harsh view of research on authentication saying “no progress has been made in the last twenty years.”
They dismiss biometrics, PKI, OpenID, and single-signon: “Not only have proposed alternatives failed, but we have learnt little from the failures.”
The problem is that the computer industry so thoroughly wrote off passwords about a decade ago, that not enough serious research has gone into improving them and understanding how they get compromised in the real world.

“It is time to admit that passwords will be with us for some time, and moreover, that in many instances they are the best-fit among currently known solutions.”

The MS/Carleton paper: http://research.microsoft.com/pubs/154077/Persistence-authorcopy.pdf

Slashdot Top Deals