Opinion: Passwords as a concept are completely broken

One thing you get to do as you get older, or have been around the industry for a long time, is to pontificate. My pet topic today is passwords. I think that they are, as a concept, now completely broken and have been for a long time.

We tell users:

1. Pick something really complex

2. Don't write it down

3. Change it regularly

4. Use a different password for each site, and often each role that you hold in each site

5. Deal with the fact that we apply different rules for passwords on each site

etc, etc.

Is this even humanly possible? I don't think it is. Yet we blame the users when "they" get it wrong. How can they be getting it wrong when we design a system that requires super-human ability to comply. (These guys are potential exceptions: http://www.worldmemorychampionships.com/)

We are the ones that are getting it wrong and it's long overdue that we, as an industry, need to apply our minds to fixing it, instead of assuming that users should just deal with it.

SQL Down Under Show 51 – Guest Conor Cunningham – Now online

Late last night I got to record an interview with Conor Cunningham.

Most people that know Conor have come across him as the product team wizard that knows so much about query processing and optimization in SQL Server. Conor is currently spending quite a lot of time working on Windows Azure SQL Database, which we used to know as SQL Azure.

I'm still trying to think of a good way to say "WASD". I suppose I'll pronounce it like "wassid". Windows Azure SQL Reporting is easier. I think it just needs to be pronounced like "wazza" with a very Australian accent.

In the show, we've spent time on the current state of the platform, on dispelling a number of common misbeliefs about the product, and hopefully on answering most of the common questions that seem to get asked about it. We then ventured into Federations, Data Sync, and Reporting.

You'll find the show (and previous shows) here: http://www.sqldownunder.com/Resources/Podcast.aspx


PS: For those that like transcripts, we've got the process for producing them much improved now and the transcript should also be up within a few days.

SQL Down Under Podcast 50 – Guest Louis Davidson now online

Hi Folks,

I've recorded an interview today with SQL Server MVP Louis Davidson. In it, Louis discusses some of his thoughts on database design and his latest book.

You'll find the podcast here: http://www.sqldownunder.com/Resources/Podcast.aspx

And you'll find his latest book (Pro SQL Server 2012 Relational Database Design and Implementation) here: http://www.amazon.com/Server-Relational-Database-Implementation-Professional/dp/1430236957/ref=sr_1_2?ie=UTF8&qid=1344997477&sr=8-2&keywords=louis+davidson


Query Performance Tuning class now has online option

The query performance tuning class has been a popular class but we've only been running it in local cities. We're now running it in a fully-interactive instructor-led online class, complete with hosted hands-on labs. Later this year it will also be available amongst our upcoming on-demand training offerings.

If you're keen to spend some time in a query performance tuning class, let us know.

For the online offering, we've spread it over 4 x 1/2 days to make it easier to attend. We've got the same hands-on-labs and course content as the in-person class. The labs are hosted so you don't need to provide equipment but we have a lower cost attendance option if you don't need the hosted labs.

The initial course is offered to suit Asia-Pacific timezone but we intend to alternate it with an offering to suit US timezone.

Details are online here: http://www.sqldownunder.com/Training/SQLServerQueryPerformanceTuning.aspx