

Passwords are broken because they're incompatible with human behavior - charzom
http://www.codinghorror.com/blog/archives/000360.html

======
Goladus
random character strings aren't really all that hard to remember, so long as
you don't have to change it every month. The problem is that people won't
choose random passwords on their own, and if you have someone (or something)
assign the password then it's not something only the user knows.

I think one of the things that pisses me off the most are challenge-response
systems that only let you pick from 7-8 different questions. One of the sites
I use a lot just started requiring you to answer your security questions every
single time you log in (or at least once per month, which is how often I use
the site). And there is no way to fill out your own questions, and several of
them would clearly only apply to subsets of people. (Married people, people
with pets, etc).

The best security questions, in my experience, are the ones I fill out myself.
I could, for example, use a pattern of always answering the question wrong in
the same way. "What was the name of your first crush?" Your answer is her
favorite band. When you can't choose the question, that sort of thing gets a
lot harder to do.

------
rkts
Completely off topic, but can we all stop using the word "humans" to make
ourselves sound objective and scientific? Unless it's part of a comparison
with other species, the word is "people."

------
thehigherlife
i think that passphrases are a good start, however as the article suggests
some websites are to fault. My bank, until it updated it's system recently,
didn't allow for special characters in passwords.

