When I was doing research for my book Authentication a few years back, I came to realize just how crazy password management has become. The rule comes down to this:

The password must be impossible to remember and never written down.

This is, of course, ridiculous. The ideal password has to be both memorable and hard to guess. Ideally, a password should be hard to crack, which means that it even takes a computer a really long time to guess it.

My thoughts on these issues yielded these articles:

The Center for Password Sanity

• Replacing a Hacked Password
• Picking Passwords
• Famous Passwords
• Password Expiration Considered Harmful
• The Strong Password Dilemma

Copyrights

Some of this material may be reproduced under a Creative Commons license. The copyright for some material is held by Addison-Wesley, the publisher of Authentication.