Identity and Access Management Framework Book

I recently read a story at CNN.COM in which the author quotes a study by the Georgia Institute of Technology in which researchers say we should all be using twelve-character passwords. They were able to crack a bunch of eight-character passwords in a couple of hours, but estimated it would take thousands of years to crack a bunch of twelvers.

The story quotes other security experts who say we should use entire sentences as passwords.

The one speck of sanity in the story says we should use special characters in our passwords.

Let me use a technical term here. That term is “dumbass.” Longer passwords are a dumbass idea. STRONG passwords are the way to go. Anybody who uses a full sentence as their password should not be allowed near a keyboard, since they’re likely to take down the whole Net by typing very stupid things into it.

Any non-dumbass IdM system in the world will foil the eight-char password brute force hack n multiple ways.

1)      Require strong passwords with a combo of alphanumeric, case-sensitivity, and special char’s.

2)      Allow a finite number of invalid attempts before freezing the account until 15-20 minutes passes, or an admin reactivates it

3)      Alert the admin of repeated bad attempts.

4)      Require password changes every X number of weeks or months.

This story purports to quote security “experts.” These are experts? Holy sh|t, Batman, we’re all in a lot of trouble.