On Tue, Dec 17, 2024 at 10:59:40AM -0500, Michael Stone wrote: > On Tue, Dec 17, 2024 at 06:45:05AM +0100, to...@tuxteam.de wrote: > > Do you have a reference? > > > > I ask because I'm in the middle of a discussion (and that was my advice, > > too). Seeing what Schneier has to say on that would be very interesting. > > All of this advice is overly simplistic. The right answer depends on > understanding your threats and making a conscious decision what risks you > want to mitigate [...]
I know, I know. My introductory sentence is almost literally yours. As times shift, threat models shift accordingly. Back then, when computers and environments were more shared, post-its and shoulder surfing were the main password leak threat, in-between it was the (clear text) transport, these days it's probably phishing and server-side breaches, which -- hopefully! -- yield a database of salted hashes, in which case strong passwords are vital. I'm still very interested in those references, not to follow them blindly, but because they may contain insights I haven't had myself. Especially in the case of Schneier, I'm doubly eager to listen. Cheers -- t
signature.asc
Description: PGP signature
