Password validation security issue
Steven D'Aprano
steve+comp.lang.python at pearwood.info
Mon Mar 3 12:41:43 EST 2014
On Mon, 03 Mar 2014 08:41:10 -0500, Roy Smith wrote:
> In article <mailman.7619.1393815421.18130.python-list at python.org>,
> Chris Angelico <rosuav at gmail.com> wrote:
>
>> The greatest threats these days are from the network, not from someone
>> physically walking into an office. (That said, though, the low-hanging
>> fruit from walking into an office can be *extremely* tempting. Pulling
>> off a basic password leech off sticky notes is often so easy that it
>> can be done as a visitor, or at least as a pizza deliveryman.)
>
> Doesn't even require physical presence. With the ubiquity of various
> video chat applications, as long as the sticky note is in the field of
> view of the camera, you've leaked the password. With the right
> lighting, I wouldn't be surprised if you could pick up the reflection of
> a sticky note in somebody's eyeglasses.
Let's see now...
- one in a ten thousand chance that somebody will hack my account because
it has a weak password; versus
- one in a thousand million chance that somebody will view my strong
password reflected in my glasses and be able to identify what account
name for which system it goes with, and be the sort of opportunistic
black-hat who will use it to break into my account.
Nobody is saying that writing passwords down is secure against every and
any possible attack. (When the Secret Police smash your door down at 3am,
you probably won't have time to eat the passwords, even if you remembered
to print them on rice paper instead of a sticky note.) The concept is
that writing down strong passwords is preferable to remembering weak
passwords given the typical threats most people are exposed to.
--
Steven D'Aprano
http://import-that.dreamwidth.org/
More information about the Python-list
mailing list