Core Concepts
The author explores the importance of uniqueness over complexity in passwords, advocating for unique passwords for each account to enhance security.
Abstract
The author delves into the significance of password uniqueness and the evolution of password cracking methods. Jeremi Gosney's insights challenge traditional beliefs on password strength, emphasizing uniqueness as a key factor in securing accounts.
Stats
Diceware passphrases have 77.5 bits of entropy.
Rockyou.com had over 32 million users' passwords leaked in plain text.
LinkedIn breach revealed in 2016 was cracked to about 96 percent over a week.
Password cracking is more art than science, exploiting human psychology patterns.
Most people tend to put uppercase characters at the beginning and numbers at the end of their passwords.
Unique passwords for each account are crucial to contain breaches effectively.
Quotes
"Most passwords are stolen in plain text, not from hashed databases." - Jeremi Gosney
"Having a password manager create a unique, machine-generated password for every sign-in service is by far the best way to do it." - Jeremi Gosney
"We should use something like FIDO, which allows users to log in using a security key or biometric information." - Jeremi Gosney