-
Notifications
You must be signed in to change notification settings - Fork 0
The Myth of Security
The myths of “secure” passwords
First and foremost, the word “secure” is frequently thrown around like it’s an absolute term. It’s not. Look no further than the Stuxnet virus; computers running the centrifuges in Iranian nuclear facilities entirely disconnected from the internet were successfully targeted by the virus. Surely those systems would have been considered “secure” by any reasonable definition of the word.
It’s a little bit like saying a car is “safe”. Some are better than others, no doubt, but at the end of the day it becomes a risk mitigation exercise. You trade some things off – such as the simplicity of a password or price paid for a car – and you get a better risk profile in return such as longer to crack the password or more airbags in the car.
http://www.troyhunt.com/2011/03/only-secure-password-is-one-you-cant.html