[Cryptography] Passwords are dying - get over it
Guido Witmond
guido at witmond.nl
Mon Dec 23 16:26:21 EST 2013
On 12/23/13 10:00, Alec Muffett wrote:
> On 22 December 2013 16:09, Bill Frantz <frantz at pwpconsult.com
> <mailto:frantz at pwpconsult.com>> wrote:
>
> Using passwords securely is inconvenient. You need a different
> password for each site because of the risk of site compromise. It is
> insecure to use variants of a common base because they are too easy
> to guess once one of them is known.
>
>
> All of the disbenefits of passwords are the same as their benefits, bar
> one, as explained here:
>
> http://dropsafe.crypticide.com/muffett-passwords
If get people to deploy software on their devices, please let them use
anonymous client certificates. All the benefits of passwords, none of
the downsides.
Make sure you have a different private key for each site.
It even can help to solve the MitM problem that passwords cannot.
Regards, Guido.
PS. I call it eccentric-authentication.org.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131223/530ab4a8/attachment.pgp>
More information about the cryptography
mailing list