Monday, 6 September 2010

A Strong Password Isn’t the Strongest Security

Great article over a the New York Times on password security.

“Keeping a keylogger off your machine is about a trillion times more important than the strength of any one of your passwords,” says Cormac Herley, a principal researcher at Microsoft Research who specializes in security-related topics.

Least Privilege Security, as part of a defence-in-depth security strategy, can help to keep keyloggers and other malware off users’ systems.

Herley continues by adding:

Security advice simply offers a bad cost-benefit tradeoff to users.

And according to the research:

“If an account is locked for 24 hours after three unsuccessful attempts,” they write, “a six-digit PIN can withstand 100 years of sustained attack.”

No comments: