

On the evolving security of password schemes - NateLawson
http://rdist.root.org/2012/01/10/on-the-evolving-security-of-password-schemes/

======
NateLawson
Most people who deal with password security treat it as a one-time thing. You
come up with a good scheme and stick to it for a lifetime. But there have been
a number of large shifts in attacks on passwords, and you have to keep up.

The main focus is usually on entropy. But the admin can also adjust factors
that limit attacker guess rate and respond to attacks. These other factors are
easier to control than users' password choices, but have as big an impact as
entropy in the realized security.

