Today's Hard|Forum Post
Today's Hard|Forum Post

Saturday August 06, 2016

Changing Passwords Is Bad For Security

While Carnegie Mellon faculty and government agencies sweat and debate over the consequences of routinely coming up with new passcodes, all the rest of us with common sense just turn to password generators/managers.

آ…researchers identified common techniques account holders used when they were required to change passwords. A password like "tarheels#1", for instance (excluding the quotation marks) frequently became "tArheels#1" after the first change, "taRheels#1" on the second change and so on. Or it might be changed to "tarheels#11" on the first change and "tarheels#111" on the second. Another common technique was to substitute a digit to make it "tarheels#2", "tarheels#3", and so on. "The UNC researchers said if people have to change their passwords every 90 days, they tend to use a pattern and they do what we call a transformation," Cranor explained. "They take their old passwords, they change it in some small way, and they come up with a new password."

Comments