The Security Prophecies of Leo Howell

By 2020 passwords will cease to exist in the corporate world. By 2030 passwords will be dead and burried!

The time has come, passwords have served their time, they have served us well, but with the increasing security risk due to weak passwords and poor management, a new strategy is needed - passwords must die! Here is why...

* Too many darn passwords! Stop for just a second... count...can you remember all the passwords you have? That's right, too many to remember... see the problem?
* Too many password changes. So let's take a modest number, say you have 10 passwords between work and your personal life (5 at work, 1 Gmail, 1 MySpace, 2 banks, 2 ATM PINS, 1 home alarm code...oh wait, we are over 10!). Anyway, say we have 10 passwords, if you must change 'em on average every 30 to 90 days, that's 40 to 120 password changes a year।
* Passwords are too hard to remember. O.k., don't use dictionary words, don't use birth dates and stuff that's easy to guess...by the way use something that is easy for you to remember but difficult for others to guess.....what the hell kind a rambling is this? And don't write 'em down? That will work!! Yeah, really!
* The same passwords are used for work and play. I would like to meet the security genius that will be able to enforce this rule. LOL! Can you say lame brain?
* Free password cracking tools make it so easy to crack your passwords। So after you have gone through all the trouble of picking the strongest password you can think of and feel real safe, here comes the multitude of free password cracking tools at Google - I mean, online!
* The rainbow tables is the last straw. The rainbow tables makes brute force attacks against hashed passwords much faster and more feasible।
* Lack of user loyalty. I hate to say this, but the tougher your little password policies get, the more your little disloyal, underpaid users try to find creative ways to get around them in search of "ease of access" and convenience.