At the GOVCERT.NL Security Conference 2008 in the Netherlands, William Cheswick (AT&T Labs) gave this talk called 'Rethinking Passwords'.
Abstract: Passwords and PINs are used everywhere these days, but their use is often painful. Traditional password advice and rules are seldom appropriate for today's threats, yet we labor on with the password rules and servers of yesteryear. Strong passwords are weakening our security, and it is time to fix that. There are numerous proposals for new password solutions. I will present a few half-baked ideas. But good solutions are currently available. We are facing much more worrisome security challenges: we ought to get this easy stuff right.
# ITS ©
# 2008 - 2009