|
Synopsis: A publicly known password scheme does not provide as much protection as one that is kept secret.
Password schemes can get compromised by publishing them (as is done here). A determined cracker can use the knowledge about the scheme to develop an attack.
Therefore, if public exposure reduces the effectiveness of your password scheme, do not publish it. Or, if you do, use a secret variation of the password scheme.
Also, if you see your personal variation published somewhere else, change it.
Previous Pattern: Lay It Open
Next Pattern: Account Category
Contributors: Joe Bergin, Dirk Riehle
But as the number of passwords a person has and the complexity of the password schemes a person has increases, there is a great desire to record something somewhere. A link to the group of patterns beginning at Password Externalization, all of which address this force, might be nice. -- EugeneWallingford
With publishing I mean something different than Password Externalization. That information should still be kept secret! -- DirkRiehle
I think I see now. This pattern is about the "technology" of generating passwords, whereas Password Externalization is more about memory devices for a particular password. Is that right? -- EugeneWallingford
I wouldn't say "technology". It really is as simple as the advice to keep your secrets secret, under certain circumstances. It is the companion pattern to Lay It Open. Maybe it is too trivial a pattern. -- DirkRiehle
|