My funny G+ post from yesterday:
I told my colleagues that we receive at least 5000 "hack attempts" aka failed logins daily to any of our public Internet facing servers. One of my colleagues just said to me: "Well, you're having such a password policy, that maybe those are actually failed login attempts and not hack attempts at all." - It really got me laughing, yes, passwords, especially long complex and random ones are painful for users.
Here's password of the day (opening and closing quotes aren't included in the password):"^j'lb#K-€3,<_úgWJdXå(n_6=41Bµ%cj!"
Btw. Good luck guessing the password or finding it out using SHA-1 hashs or so. I know it's possible, it just might take a while. ;) p.s. This password still got less than 256 bits of entropy.
I prefer to think "password" as a shared secret, instead off a password. I hate it when people even say password. It's random set of shared secret bits, only a blob of data. Got it?
I prefer to think "password" as a shared secret, instead off a password. I hate it when people even say password. It's random set of shared secret bits, only a blob of data. Got it?
https://plus.google.com/u/0/106938703242944328523/posts/8r2K...