[PLUG] About password strength

shirish शिरीष shirishag75 at gmail.com
Sat Dec 23 01:21:06 IST 2017


at bottom :-

On 25/11/2017, Arun Khan <knura9 at gmail.com> wrote:
> XKCD PoV
> <https://xkcd.com/936/>
>
> A PoV on long phrase like password.
> <https://blog.codinghorror.com/password-rules-are-bullshit/>
>
> Password generator using Unicode inspired by above
> <https://www.sethserver.com/unicode-random-password-generator.html>
>
> -- Arun Khan


<snipped>

Dear Arun,

<rant>

Thank you for sharing those links. I have seen these on so many Indian
sites including our own Income Tax Department ( to file ITR Returns)
that it has become a joke.

There is a term called 'Security theater'
https://en.wikipedia.org/wiki/Security_theater which is apt for this
occasion.

To top it with the new Firefox release, you cannot even use addons
like Certificate Patrol to see what kinds of TLS encryption the site
https://addons.mozilla.org/en-US/firefox/addon/certificate-patrol/ . I
have seen lots of reputable sites using pretty poor ciphers for
encryption and for end-users there is no reasonable way for them to
take a call as to what's best or needs to be changed, including most
of the private and public banks.

FWIW I have written to some banks whose customer I am and had been
thinking of shifting to digitial platforms but haven't received any
sort of substantial answers from them.

What you have highlighted is that only 0.0001 percent fools like us
want security and are a bit paranoid like us. The rest just go about
their merry way.

I don't have solutions other than building awareness on the bottom of
the pyramid but that is kind of slow death. When people are ready to
give their fb usernames and passwords at the drop of the hat without
doing any social engineering than this feels like a long task

</rant>

I do wish we had better ways to enhance and mass-reach on sensitive
topics like these.

-- 
          Regards,
          Shirish Agarwal  शिरीष अग्रवाल
  My quotes in this email licensed under CC 3.0
http://creativecommons.org/licenses/by-nc/3.0/
http://flossexperiences.wordpress.com
EB80 462B 08E1 A0DE A73A  2C2F 9F3D C7A4 E1C4 D2D8


More information about the plug-mail mailing list