|reply to antdude |
Re: P@$$1234: the end of strong password-only security
So use a two phase password system.
1st password will be accepted and send you to the second password screen, even if first password is incorrect, the second one will kick you back to start all over. It will not tell if the first, or second password was correct, or incorrect. Therefore brute force/dictonary will be completely ineffective.
So lets say your first password is just 5 characters long and the second one is roughly the same. Going to a second password screen only to be kicked back out will make brute-force useless...
not in ohio
Two 5 character passwords affords the same protection as one 10 character password.
(To a first approximation, ignoring the fact that you often don't need to know the password, you just need to know something that hashes to the same thing the password hashes to).