Reply to post: Re: DES

Father of Unix Ken Thompson checkmated: Old eight-char password is finally cracked

Roland6 Silver badge


>You run the password safe on your own machine. It's not in the cloud.

Okay if you only run one device etc. etc.

Once you start using multiple (real/virtual) devices (ie. ubiquitous computing) you need that safe to be in the cloud and sync'd.

We, in IT, need to simply accept that Joe Public will want to write credentials down and will want to use simpler passwords. Yes, there are security risks however, we can mitigate some by good design of the login process (specifically the handling of failed attempts, but also use additional information to increase effective password length) and others by appropriate security of the at rest credentials on the server.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2019