Chris Angelico <ros...@gmail.com> writes: > as a sysadmin, I have lots of control over the hashing, and very > little on passwords. I could enforce a minimum password length, but I > can't prevent password reuse, and I can't do much about the other > forms of weak passwords.
Right, 2FA helps with re-use, and difficult hashes like Argon2 help against dictionary attacks. Whether 2FA is worth the hassle to depends on what's being secured. You can also assign system-generated passwords rather than having people choose their own. It's ok for them to write down the system-generated passwords as long as they keep the paper in a safe place (similar to how they would carry cash). There's a Schneier blog post about that someplace. -- https://mail.python.org/mailman/listinfo/python-list
