‘Password rules don’t help’, Jeff Atwood Says
Jeff Atwood, founder of the popular coding site Stack Overflow, has presented a provoking and rather interesting pompous speech about dire state of the password policy.
His post, entitled “Password rules are bullshit”, reveals that the present format of the password instructions, e.g. using particular combinations of characters, isn’t actually secure. What is more, he claimed that such instructions usually do have the reverse effect and do harm to those people who are using secure password generators.
The next high-priority issue is length of a password. Jeff underlined that majority of people should use over 10 characters’ password. In his opinion, developers failed to create really secure password strategy.
He insisted on the Unicode to increase passwords length in order to make the system more secure.
According to the data he has been analyzing, passwords of about 30 per cent of users would be in the list of top 10,000 passwords, which attackers by all means will use. As a result, there is a big number of consumers complaining about hackers’ attacks on their system.
As a partial solution, Heather Adkins, Google’s director of information security and privacy, recommends turning on two-factor authentication.