I am more or less 100% in agreement with the author.
Summary
pinning your security on an insanely complex password is a fool’s wager.
From the Article
According to Alex Holden, Hold Security’s founder, the “vast majority” of the passwords he uncovered had been stored in plain text on company servers.
says Donna Dodson NIST’s chief cyber security advisor. “Putting the burden of security on the end-user and making it more complex just doesn’t work,” she says. “The security has to be usable for the end-user. Otherwise they’re going to find workarounds.”
The cracking software that’s out there has known about all of these tricks for more than a decade,” says Herley.
What’s more, system administrators need to spend more time securing the passwords they store. If sysadmins had been taking care of business before the Russian hack—locking down their websites and protecting their users passwords with cryptography instead of storing them in plain text—users would be a lot better off.
Follow this link for additional details:
No comments:
Post a Comment