On Wed, Mar 20, 2024 at 2:34 PM Pierre-Elliott Bécue <p...@debian.org> wrote: > > Jeffrey Walton <noloa...@gmail.com> wrote on 20/03/2024 at 19:16:16+0100: > > [...] > >> Noone asks someone to remember more than two or three passwords. The > >> rest belongs to a password manager. > > > > Huh? This is discussed in detail in Peter Gutmann's Engineering > > Security, <https://www.cs.auckland.ac.nz/~pgut001/pubs/book.pdf>, > > Chapter 7. In particular, pages 565-567 discussed the Selfish Security > > Model. > > And because it's discussed in an irrelevant pdf means it's what one asks > in this thread?
I don't think I would call Gutmann's book on Security Engineering "irrelevant." Gutmann earned his PhD in Security Usability. He's written two books on the subject. He also wrote a book on Security Engineering (cited above). He participates in IETF Working Groups, and has authored a few RFCs. I would not make the mistake of dismissing his work as irrelevant. > Do you want to also bring in security practices from the 80's? Jeff