Reply to post: Its not the users fault...

'Password rules are bullsh*t!' Stackoverflow Jeff's rage overflows

hammarbtyp Silver badge

Its not the users fault...

The whole problem of measuring security through password entropy is that you are putting the emphasis on the security on the weakest link and the area you have least control. The only reason that this seems to happen is that it reduces the provider liability.

As has already been stated, far better than longer and longer passwords is to introduce 2FA and login delays on incorrect logins. But this takes effort on the providers part, so we blame the users for choosing relatively easy to remember passwords.

The argument that if users choose short passwords means that passwords files are easy to decrypt again misses the point. It is not the users fault if a password file is stolen, nor is it there fault is the password is not stored in a salted method which should be at laest as good protection against dictionary attack as other password methods

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019