funsec mailing list archives
thoughts on a tool to educate users in the wake of password breaches
From: Stephanie Daugherty <sdaugherty () gmail com>
Date: Thu, 7 Jun 2012 20:59:47 -0400
In the wake of the LinkedIn, eHarmony, and last.fm password breaches, I've been thinking about how to make a tool that will educate users on password security in a way that will hit home. It's relatively cheap to do sha1 hashing of a password and then compare it to a database of compromised hashes, like several sites are now doing. What I'd love to see done with this is to turn this data into something that helps people avoid stupid password mistakes. Distribute a list of weak and previously compromised passwords as a list of SHA1 hashes (since they are probably going to keep getting leaked anyway.). Tag the entries with source information. Have a simple component that can be integrated into a site's login and password reset processes. When someone tries to log in, compare their password to known compromised passwords at the same time you compare it to their stored hash. If you find their password in list of compromised ones, give them a warming message, and make them go through whatever forgot password process your site uses. +------------------------------------------------+ Your password is no longer valid. This password was exposed publicly by a security breach on $site $link_to_news_headline If you have used this password on other sites, you should change your password there a well. As a reminder, it's a bad idea to use the same password on more than one site. +------------------------------------------------+ It would be a little creepy, but I think creepy is what's needed to teach people not to reuse passwords. -Stephanie
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- thoughts on a tool to educate users in the wake of password breaches Stephanie Daugherty (Jun 07)