Sign In

Communications of the ACM

ACM News

A Strong Password Isn't the Strongest Security

View as: Print Mobile App Share:
Security passwords

Stuart Goldenberg

Make your password strong, with a unique jumble of letters, numbers and punctuation marks. But memorize it—never write it down. And, oh yes, change it every few months.

These instructions are supposed to protect us. But they don’t.

Some computer security experts are advancing the heretical thought that passwords might not need to be "strong," or changed constantly. They say onerous requirements for passwords have given us a false sense of protection against potential attacks. In fact, they say, we aren’t paying enough attention to more potent threats.

Here's one threat to keep you awake at night: Keylogging software, which is deposited on a PC by a virus, records all keystrokes—including the strongest passwords you can concoct—and then sends it surreptitiously to a remote location.

From The New York Times
View Full Article


No entries found