[1784] in WWW Security List Archive
Re: Is password good enough?
daemon@ATHENA.MIT.EDU (David M. Chess)
Thu Apr 4 12:55:03 1996
Date: Thu, 4 Apr 96 10:24:05 EST
From: "David M. Chess" <chess@watson.ibm.com>
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
Passwords are theoretically Pretty Awful, but in practice they're
the thing that is most often implemented, that users are used to,
that we know the most about, and that are most commonly used. The
security community knows of lots and lots of alternatives that are
better than passwords (for various values of "better"), but none
of them are ever actually used except in small niches here and
there. If you actually want secure security, passwords are probably
not actually good enough. But finding and implementing something
else will be difficult, at least this year...
Isn't that helpful? *8) Hopefully I've stated it controversially
enough to get other people to weigh in with more substantial
information...
- -- -
David M. Chess / On the Net,
High Integrity Computing Lab / *everyone* can hear you scream...
IBM Watson Research
