Исходное сообщение
"В ходе аудита удалось подобрать 21% паролей сотрудников МВД ..." Отправлено birdie, 11-Янв-23 17:42
> NIST SP 800–63 explains that if agencies implement longer passwords through the use of passphrases, the additional complexity requirements of mixing and matching characters (e.g., uppercase, lowercase, special) become less necessary because of the added difficulty of cracking the password hash of a lengthy phrase versus that of a single word. The enhanced security provided by using these longer passphrases also allows for less frequent password changes due to the lower risk of compromise. Randomized passwords that appear to be complex are often hard for users to remember but easy for a computer to crack. In contrast, lengthy, yet simple passphrases are much easier for a human to remember and are not as susceptible to hash-cracking methods such as brute force attacks. > Frequent password change requirements, while crucial when weak passwords are permitted, tend to encourage users to continue to use passwords that are easy to crack. NIST SP 800–63 states that when frequent password changes are required, users are most likely to change a single character, or append a character to the end of an existing password (e.g., Password-1234 might become Password-1234!). This ensures that the password remains memorable to the user, but it also remains weak and easy to crack. Similarly, passwords derived from keyboard patterns tend to keep the same pattern but shift to new keys. This creates a feedback loop that frustrates users, perpetuates the weak password cycle, and does not improve security. Здравый смысл восторжествовал.

Ваше сообщение
Имя*:
EMail:	Для отправки ответов на email укажите знак ! перед адресом, например, !user@host.ru (!! - не показывать email). Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.
Заголовок*:
Сообщение*:
	Введите код, изображенный на картинке: