I am currently studying for a couple more certificates, this time in cyber security. One will be the CESG Certified Professional scheme and the other is looking at becoming an assessor or consultant for the Cyber Essentials certifications.

Password policy is always a bone of contention; many professionals and websites insist you use what they want to call a ‘complex’ password in order to boost security. This often finds its’ way into cyber security policies including those supported by the government. However this cartoon from the ever reliable XKCD gives lie to many of the underlying assumptions in these policies…

Password strength from XKCD

I can think of one client that has completely nailed this. Their codebook generates them four random but recognizable English words so their users have memorable, but (very) hard to guess passphrases with no irritating punctuation to remember.

by Mr T on Feb 5, 2017 at 11:17 PM


Comments are closed.