Hardware requirements=not gonna catch on, except perhaps at ATMs and other vendor-controlled hardware. You can;t expect everyone who wants to access legitsite.gov to buy a new $30 piece of hardware just to log in, methinks.
If a cracker gets to the point where brute-forcing is an option, the system is already compromised. Which is why I think password-security is overhyped. Aside from "God", "password", $username, 0123456789 and a few other favorites, most passwords are sufficient as long as they're kept secret. Everyone is much more vulnerable to key-logging, leaving private information on a public terminal, roommate-peeking, and phishing than to brute forcing.
That said, passphrases are my preferred method of secure-password generation. For example,
This passphrase is well-nigh impossible to brute force.
Is a totally secure passphrase. Under current attack searchspace algorithms, it's virtually uncrackable. If passphrases become more popular, the old brute-force algorithms and pre-computations can be adapted to attack them, they won't hold up quite as long, but even then they're pretty strong.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
sforzinda
no subject
Date: 2005-10-20 05:45 pm (UTC)If a cracker gets to the point where brute-forcing is an option, the system is already compromised. Which is why I think password-security is overhyped. Aside from "God", "password", $username, 0123456789 and a few other favorites, most passwords are sufficient as long as they're kept secret. Everyone is much more vulnerable to key-logging, leaving private information on a public terminal, roommate-peeking, and phishing than to brute forcing.
That said, passphrases are my preferred method of secure-password generation. For example,
This passphrase is well-nigh impossible to brute force.
Is a totally secure passphrase. Under current attack searchspace algorithms, it's virtually uncrackable. If passphrases become more popular, the old brute-force algorithms and pre-computations can be adapted to attack them, they won't hold up quite as long, but even then they're pretty strong.