Wednesday, July 28, 2010

Passwords in the wild

Hey folks,
today I wanna point out this interesting post on the gap between theory and implementation regarding the use of the password practices.



This is a secure password glued to the wall suggesting its use for security purposes. Well originally it might be secure enough, but after being glued to the wall ... :)

Going back to the article:


The motivation for our report was a lack of technical research into real password deployments. Passwords have been studied as an authentication mechanism quite intensively for the last 30 years, but we believe ours was the first large study into how Internet sites actually implement them. We studied 150 sites, including the most visited overall sites plus a random sample of mid-level sites. We signed up for free accounts with each site, and using a mixture of scripting and patience, captured all visible aspects of password deployment, from enrolment and login to reset and attacks.

Have a nice reading !

No comments: