Why even let users set their own passwords? (www.devever.net)

submitted 1 year ago* (last edited 1 year ago) by andromedusgalacticus@lemm.ee to c/theandrocollection@lemm.ee

7 comments fedilink hide all child comments

TLDR:

Here is generated summary of the article:

The author argues that passwords are not a secure way to authenticate users, and that websites should instead issue randomly generated passwords to users.
The author points out that websites already do this for API keys, which are used to secure high-stakes applications.
The author argues that this model of password issuance would be more secure than the current system, and would also simplify the login process for users.
The author also discusses the limitations of TOTP-based two-factor authentication, and argues that it is not as secure as it is often made out to be.

Here are some of the key points from the article:

Passwords are often weak and easy to guess.
Users are often not good at choosing secure passwords.
Websites often do not implement password best practices.
TOTP-based two-factor authentication is not as secure as it is often made out to be.
A more secure system would be to issue randomly generated passwords to users.

you are viewing a single comment's thread
view the rest of the comments

[-] c_ezra_m@lemm.ee 2 points 1 year ago* (last edited 1 year ago)

Passwords are a very simple system that has been used since antiquity, its distribution in the Roman military having been described by Polybius.

Passwords found use in early computing. The Compatible Time-Sharing System (CTSS) developed at MIT in 1961 implemented a PASSWORD command, which only hid the characters to be typed.

The notion of hashing passwords was created in the early 1970s by Robert Morris. He also invented the crypt(3) algorithm, which used a 12-bit salt and invoked a modified form of the Data Encryption Standard (DES) algorithm 25 times to reduce risk of pre-computed dictionary attacks.

The ease of implementation is why password-based authentication is used everywhere. But I might argue this is too simple and can be exploited by attackers. Year after year, a new hashing algorithm becomes considered not secure enough.

this post was submitted on 23 Jul 2023

4 points (100.0% liked)

The Andromedus Galacticus Collection

600 readers

1 users here now

This is a personal collection of things I find around the internet.

Alright, so somehow you found this place. Here's what to expect:

Posts will be random; there are absolutely no themes here.
Posts may be overwhelmingly frequent (sorry about your sub feed).
Posts may be unbearably infrequent; you may forget you subscribed here.
Posts may be oh, so very boring to you.

Due to the nature of this place, you may find a bunch of stuff that you don't care about, but you may also find a new passion.

So, the gist is, this is a place where I'll share random things, and you'll discover the internet with me.

Oh yeah, I didn't advertise this place anywhere, so hey, how did you even get here?

Check out the sister sub where you discover music with me! !andromusiccollection@lemm.ee

founded 1 year ago

MODERATORS

andromedusgalacticus@lemm.ee