#214629 - 01/09/11 06:02 PM
Things you need to know about passwords.
|
Pooh-Bah
Registered: 09/01/07
Posts: 2432
|
Modern survival isn't just about food, water and warmth. You have to protect yourself on the your computer and on electronic systems that control most of what goes on in modern life and the first line of defense is usually setting up a password. In this some are clearly better than others. Surprisingly longer is not always better, and harder to remember passwords are not necessarily any better than easy remember ones. http://www.baekdal.com/tips/password-security-usability
|
Top
|
|
|
|
#214631 - 01/09/11 06:34 PM
Re: Things you need to know about passwords.
[Re: Art_in_FL]
|
Geezer in Chief
Geezer
Registered: 08/26/06
Posts: 7705
Loc: southern Cal
|
Thanks, Art. I am in the throes of making a new computer operational, and that article is very enlightening, as I sit here, surrounded by passwords written on post-it notes......
_________________________
Geezer in Chief
|
Top
|
|
|
|
#214634 - 01/09/11 08:01 PM
Re: Things you need to know about passwords.
[Re: Art_in_FL]
|
Pooh-Bah
Registered: 04/01/10
Posts: 1629
Loc: Northern California
|
Good article, thanks, I learned something in the second half when the article discussed 2 and 3-word passwords. I guess a space is a character that's hard to decipher.
Here's a more difficult technique I have used. Make a password. Then, mentally encrypt the password to generate an encrypted password in your head. The encrypted password should look like gibberish. Use such an encrypted password for important stuff. Don't write down your encrypted password or your encryption technique.
The human element is almost always the weakest link in computer security.
_________________________
If you're reading this, it's too late.
|
Top
|
|
|
|
#214638 - 01/09/11 08:23 PM
Re: Things you need to know about passwords.
[Re: Art_in_FL]
|
day hiker
Addict
Registered: 02/15/07
Posts: 590
Loc: ventura county, ca
|
art, thanks for the link to that article. some food for thought.
_________________________
“Everyone should have a horse. It is a great way to store meat without refrigeration. Just don’t ever get on one.” - ponder's dad
|
Top
|
|
|
|
#214639 - 01/09/11 08:46 PM
Re: Things you need to know about passwords.
[Re: Art_in_FL]
|
Old Hand
Registered: 10/19/06
Posts: 1013
Loc: Pacific NW, USA
|
Hmm - "None can remember a password like "J4fS<2", which evidently mean that it will be written on a post-it note."
Tend to disagree. I've been able to remember passwords incorporating 1-3 symbol characters for better than 25 years, without writing them on post-it notes. What it takes is another potential insecurity - settle on a symbol, settle on a typical sequence of letters and numbers, and settle on a contrary sequence of letters and numbers, said sequences meaning something only to you. You can then vary these sequences over time and mandatory password resets. This becomes potentially insecure if you allow anyone to watch you enter a password, or someone can get a keylogger on your system - you'll need to change your sequences.
Better still, I like two factor authentication, something you have like a smartcard, your thumbprint, a secure token, and something you know, like a password. Either the token or the password won't get you in, you need them both. That has also worked for me better than anything else.
|
Top
|
|
|
|
#214648 - 01/09/11 11:12 PM
Re: Things you need to know about passwords.
[Re: Lono]
|
Carpal Tunnel
Registered: 08/03/07
Posts: 3078
|
The easiest way to get a password is just to ask for it. Most ISPs will tell you what a persons primary email password is or reset the password without too much hassle. Sometimes they will ask for a security phrase (e.g. your favourite colour or mothers maiden name) or a billing account number and or address (a little dumpster diving) and sometimes not at all (many an ISP chicken couldn't care less). Once you have gained the email password, you will most likely be able to access their web hosting server as well (they rarely change the FTP password). You can then order domains and have them hosted on their account as many business ISP accounts rarely query their billing account. You can then setup up criminal Phishing websites and spamming operations with very little traceability. Then you can go around and try your hand with some of the big retailers such as Amazon, Ebay etc, or just perform a password reset with these companies and capture those details using webmail in real time. All because someones favourite colour is blue. http://en.wikipedia.org/wiki/Gary_McKinnonEven Gary was able to access high level Pentagon and NASA servers by writing a simple script to scan .mil web sites for UN=Admin and PW=NULL. He apparently was quite successful and wouldn't have even been caught had he used a Laptop and an unsecured Wireless Access Point (remember to spoof your MAC address and factory reset the unsecured router when finished) instead of a dial up connection. So it just goes to show that even a basic password such as 'qwerty' is better than none at all. Wireless WEP encryption is basically useless and can be cracked in minutes using a netbook. All the other wireless encryption protocols are design to be cracked by the likes of the NSA and GCHQ using portable custom ASIC logic machines. The local university offer graduate degrees in hacking and countermeasures, where they practice walking into businesses as the computer geek (nobody is interested in the computer geek ) .
Edited by Am_Fear_Liath_Mor (01/09/11 11:27 PM)
|
Top
|
|
|
|
#214650 - 01/10/11 12:34 AM
Re: Things you need to know about passwords.
[Re: Am_Fear_Liath_Mor]
|
Sheriff
Carpal Tunnel
Registered: 12/03/09
Posts: 3867
Loc: USA
|
Wireless WEP encryption is basically useless and can be cracked in minutes using a netbook. All the other wireless encryption protocols are design to be cracked by the likes of the NSA and GCHQ using portable custom ASIC logic machines. When talking to customers I tell them that insecure encryption like WEP is worse than useless, as it provides a false sense of security. I'd be interested to learn why you say that other encryption protocols are designed to be cracked by government cryppies.
|
Top
|
|
|
|
#214655 - 01/10/11 02:54 AM
Re: Things you need to know about passwords.
[Re: Art_in_FL]
|
Pooh-Bah
Registered: 04/01/10
Posts: 1629
Loc: Northern California
|
The article recommends using 2 or more words. Unfortunately, a space has NOT been an acceptable character anywhere I use a password. I'm not talking about underscore "_", and the article is not talking about underscore either. The article is talking about 2 or more words with a space between words.
_________________________
If you're reading this, it's too late.
|
Top
|
|
|
|
#214658 - 01/10/11 04:55 AM
Re: Things you need to know about passwords.
[Re: Art_in_FL]
|
Journeyman
Registered: 04/13/10
Posts: 98
|
While I don't really use it at the moment my degree was in CompSci, and I still stay up to date with things. Even with the advance in computers, you can't check that many passwords a second, and most all systems have limits. There are at least 96 different characters you can type (lowercase, caps, numbers, symbols, and punctuation). So at 6 characters long, you're at 782,757,789,696 combinations. Even trying to brute-force at 1,000,000 passwords a second (completely infeasible on pretty much every system out there), your looking at days of time to crack it. Government agencies might be able to, depending on the system. If you're talking about data encryption, with reasonable key-length this is more than enough for a password (the math involved to check keys, or even to compute a key from a given password takes time). If you're really paranoid, bump it up to 8 characters long (your up to hundreds of years at 1,000,000 a second). Just make sure its random. I know its hard to memorize, but just take some extra time. (I would also tend to disagree with his conclusion to use combinations of words).
Edited by speedemon (01/10/11 04:56 AM)
|
Top
|
|
|
|
|
|
|
|
1
|
2
|
3
|
4
|
5
|
6
|
7
|
8
|
9
|
10
|
11
|
12
|
13
|
14
|
15
|
16
|
17
|
18
|
19
|
20
|
21
|
22
|
23
|
24
|
25
|
26
|
27
|
28
|
29
|
30
|
31
|
|
|
0 registered (),
661
Guests and
102
Spiders online. |
Key:
Admin,
Global Mod,
Mod
|
|
|