1 comment

[ 4.4 ms ] story [ 15.4 ms ] thread
Most people who deal with password security treat it as a one-time thing. You come up with a good scheme and stick to it for a lifetime. But there have been a number of large shifts in attacks on passwords, and you have to keep up.

The main focus is usually on entropy. But the admin can also adjust factors that limit attacker guess rate and respond to attacks. These other factors are easier to control than users' password choices, but have as big an impact as entropy in the realized security.