Shifting The Focus

As modern encryption, authentication, and message digest formulas get stronger, the attack vector for authentication is shifting3:
- Away from computationally breaking the password storage method (MD5, SHA-1, etc.) or brute-forcing the password
- Toward intelligently guessing a user’s password (dictionary attacks and context word targets)
The user’s choice in passwords is today’s weakest link in authentication methods

As modern encryption, authentication, and message digest formulas get stronger, the attack vector for authentication is shifting3: