I’ve said it before, and I’ll say it again: passwords are a horribly outdated and clunky approach to security, and it’s time to consign them to history. That view has been underlined by the Federal Trade Commission’s chief technologist Lorrie Cranor, who this week told a security conference that official government advice to change passwords regularly can actually make things worse.
Her argument is based on something I’ve not only seen myself, but done myself – when I worked for a large company which required monthly password changes. When you force people to change their passwords regularly, they will use a predictable pattern – often nothing more than incrementing a number (something001, something002 and so on). This not only makes it easier to crack existing passwords, but also to predict what a future password will be …
more…Filed under: Apple