Rethinking Passwords

William Cheswick


Abstract

Passwords and PINs are used everywhere these days, but their use is often painful. Traditional password advice and rules are seldom appropriate for today's threats, yet we labor with the password rules and servers of yesteryear. Strong passwords are weakening our security, and it is time to fix that. There are numerous proposals for new password solutions. I will present a few half-baked ideas. But there are good solutions available now. We are facing much more worrisome security challenges: we ought to get this easy stuff right.