cregox#braindumb #rant #technical #computers #developers
after having some difficulty to find jsisweird.com again, and having issues with trying to just look at the relevant teachings from the end of the cool quiz, i ended up reading more about the author and getting very disappointed to read further into the first promoted blog article on his page https://towardsdatascience.com/why-password-validation-is-garbage-56e0d766c12e
such a completely outdated idea of bad passwords permeated by xkcd, which i already debunked over 6 years ago http://cregox.net/talk/t/xkcd-was-dead-staple-horse-wrong-about-passwords/7743.html
today i also want to update my password view there, but it goes mostly unchanged on the technical aspects:
+ we need password managers today, for near maximum safety (nothing ever beats proper #backup), and;
+ 2 factor authentication, or something on those lines (yes, yet again, it could simply mean a good #backup).
{side note
i have changed a lot, however, on the computer aspect by itself. back then, i always assumed the future would always have better and better electronic computers in one format or another.
but now i can envision a much more interesting (let's call it better) world without electricity or computers.
in practice, however, i have no idea how we can get there yet. and, as such, i obviously still use computers a lot. and still rely on passwords for the most part.
}
whenever possible (i mean, nearly always), however, if you work as a dev to create any kind of software that needs authentication, know that we can already do much better than using passwords, even without web3.
remember, if you ask a password from an user, you will need to offer a way to "recovery lost password" anyway, so it will be better to...
+ send expiring email with a link! or;
+ use good old key, such as used for ssh;
+ simply use no password when no need. 2 rules of thumb for such cases: no sensitive data, no need. software as a service substitute, make it as a good app instead and monetize with a more efficient way.
and i probably forgot at least another interesting option, since i wrote all this now #fromthetopofmymind 😁
after having some difficulty to find jsisweird.com again, and having issues with trying to just look at the relevant teachings from the end of the cool quiz, i ended up reading more about the author and getting very disappointed to read further into the first promoted blog article on his page https://towardsdatascience.com/why-password-validation-is-garbage-56e0d766c12e
such a completely outdated idea of bad passwords permeated by xkcd, which i already debunked over 6 years ago http://cregox.net/talk/t/xkcd-was-dead-staple-horse-wrong-about-passwords/7743.html
today i also want to update my password view there, but it goes mostly unchanged on the technical aspects:
+ we need password managers today, for near maximum safety (nothing ever beats proper #backup), and;
+ 2 factor authentication, or something on those lines (yes, yet again, it could simply mean a good #backup).
{side note
i have changed a lot, however, on the computer aspect by itself. back then, i always assumed the future would always have better and better electronic computers in one format or another.
but now i can envision a much more interesting (let's call it better) world without electricity or computers.
in practice, however, i have no idea how we can get there yet. and, as such, i obviously still use computers a lot. and still rely on passwords for the most part.
}
whenever possible (i mean, nearly always), however, if you work as a dev to create any kind of software that needs authentication, know that we can already do much better than using passwords, even without web3.
remember, if you ask a password from an user, you will need to offer a way to "recovery lost password" anyway, so it will be better to...
+ send expiring email with a link! or;
+ use good old key, such as used for ssh;
+ simply use no password when no need. 2 rules of thumb for such cases: no sensitive data, no need. software as a service substitute, make it as a good app instead and monetize with a more efficient way.
and i probably forgot at least another interesting option, since i wrote all this now #fromthetopofmymind 😁
