Equipped To Survive Equipped To Survive® Presents
The Survival Forum
Where do you want to go on ETS?

Page 1 of 3 1 2 3 >
Topic Options
#214629 - 01/09/11 06:02 PM Things you need to know about passwords.
Art_in_FL Offline
Pooh-Bah

Registered: 09/01/07
Posts: 2432
Modern survival isn't just about food, water and warmth. You have to protect yourself on the your computer and on electronic systems that control most of what goes on in modern life and the first line of defense is usually setting up a password. In this some are clearly better than others. Surprisingly longer is not always better, and harder to remember passwords are not necessarily any better than easy remember ones.

http://www.baekdal.com/tips/password-security-usability

Top
#214631 - 01/09/11 06:34 PM Re: Things you need to know about passwords. [Re: Art_in_FL]
hikermor Offline
Geezer in Chief
Geezer

Registered: 08/26/06
Posts: 7705
Loc: southern Cal
Thanks, Art. I am in the throes of making a new computer operational, and that article is very enlightening, as I sit here, surrounded by passwords written on post-it notes......
_________________________
Geezer in Chief

Top
#214634 - 01/09/11 08:01 PM Re: Things you need to know about passwords. [Re: Art_in_FL]
ireckon Offline
Pooh-Bah

Registered: 04/01/10
Posts: 1629
Loc: Northern California
Good article, thanks, I learned something in the second half when the article discussed 2 and 3-word passwords. I guess a space is a character that's hard to decipher.

Here's a more difficult technique I have used. Make a password. Then, mentally encrypt the password to generate an encrypted password in your head. The encrypted password should look like gibberish. Use such an encrypted password for important stuff. Don't write down your encrypted password or your encryption technique.

The human element is almost always the weakest link in computer security.
_________________________
If you're reading this, it's too late.

Top
#214638 - 01/09/11 08:23 PM Re: Things you need to know about passwords. [Re: Art_in_FL]
bsmith Offline
day hiker
Addict

Registered: 02/15/07
Posts: 590
Loc: ventura county, ca
art, thanks for the link to that article. some food for thought.
_________________________
“Everyone should have a horse. It is a great way to store meat without refrigeration. Just don’t ever get on one.”
- ponder's dad

Top
#214639 - 01/09/11 08:46 PM Re: Things you need to know about passwords. [Re: Art_in_FL]
Lono Offline
Old Hand

Registered: 10/19/06
Posts: 1013
Loc: Pacific NW, USA
Hmm - "None can remember a password like "J4fS<2", which evidently mean that it will be written on a post-it note."

Tend to disagree. I've been able to remember passwords incorporating 1-3 symbol characters for better than 25 years, without writing them on post-it notes. What it takes is another potential insecurity - settle on a symbol, settle on a typical sequence of letters and numbers, and settle on a contrary sequence of letters and numbers, said sequences meaning something only to you. You can then vary these sequences over time and mandatory password resets. This becomes potentially insecure if you allow anyone to watch you enter a password, or someone can get a keylogger on your system - you'll need to change your sequences.

Better still, I like two factor authentication, something you have like a smartcard, your thumbprint, a secure token, and something you know, like a password. Either the token or the password won't get you in, you need them both. That has also worked for me better than anything else.

Top
#214648 - 01/09/11 11:12 PM Re: Things you need to know about passwords. [Re: Lono]
Am_Fear_Liath_Mor Offline
Carpal Tunnel

Registered: 08/03/07
Posts: 3078
The easiest way to get a password is just to ask for it. Most ISPs will tell you what a persons primary email password is or reset the password without too much hassle. Sometimes they will ask for a security phrase (e.g. your favourite colour or mothers maiden name) or a billing account number and or address (a little dumpster diving) and sometimes not at all (many an ISP chicken couldn't care less). Once you have gained the email password, you will most likely be able to access their web hosting server as well (they rarely change the FTP password). You can then order domains and have them hosted on their account as many business ISP accounts rarely query their billing account. You can then setup up criminal Phishing websites and spamming operations with very little traceability. Then you can go around and try your hand with some of the big retailers such as Amazon, Ebay etc, or just perform a password reset with these companies and capture those details using webmail in real time.

All because someones favourite colour is blue.

http://en.wikipedia.org/wiki/Gary_McKinnon

Even Gary was able to access high level Pentagon and NASA servers by writing a simple script to scan .mil web sites for UN=Admin and PW=NULL. He apparently was quite successful and wouldn't have even been caught had he used a Laptop and an unsecured Wireless Access Point (remember to spoof your MAC address and factory reset the unsecured router when finished) instead of a dial up connection. So it just goes to show that even a basic password such as 'qwerty' is better than none at all.

Wireless WEP encryption is basically useless and can be cracked in minutes using a netbook. All the other wireless encryption protocols are design to be cracked by the likes of the NSA and GCHQ using portable custom ASIC logic machines.

The local university offer graduate degrees in hacking and countermeasures, where they practice walking into businesses as the computer geek (nobody is interested in the computer geek ) . wink



Edited by Am_Fear_Liath_Mor (01/09/11 11:27 PM)

Top
#214649 - 01/10/11 12:31 AM Re: Things you need to know about passwords. [Re: Art_in_FL]
chaosmagnet Offline
Sheriff
Carpal Tunnel

Registered: 12/03/09
Posts: 3842
Loc: USA
This article was written in August of 2007. Computers are dramatically faster than they used to be. Also, some bad guys are using botnets for password cracking. This means that some bad guys can apply several orders of magnitude more computing power to password cracking than they were able to when the article was written.

Unfortunately that means that some of the conclusions of the article are dangerously wrong. It's hard to get a true consensus on passwords from the thought leaders in the IT security industry, but in general an eight character password with three out of the four possible types of characters (upper case, lower case, numbers, symbols) would be considered adequate for low-security applications. Privileged accounts and higher-value targets should use longer passwords or two-factor authentication.

It's worth noting that there's a significant difference in security between offline password cracking and online password cracking. In the latter, the attacker is subject to account lockout settings and access method limitations that usually increases the time needed to crack a password such that it becomes infeasible. In offline password cracking, the attacker is not subject to any of those limitations and password security needs to be significantly greater to prevent attacks from succeeding. Many authentication systems are subject to offline attacks.

Top
#214650 - 01/10/11 12:34 AM Re: Things you need to know about passwords. [Re: Am_Fear_Liath_Mor]
chaosmagnet Offline
Sheriff
Carpal Tunnel

Registered: 12/03/09
Posts: 3842
Loc: USA
Originally Posted By: Am_Fear_Liath_Mor
Wireless WEP encryption is basically useless and can be cracked in minutes using a netbook. All the other wireless encryption protocols are design to be cracked by the likes of the NSA and GCHQ using portable custom ASIC logic machines.


When talking to customers I tell them that insecure encryption like WEP is worse than useless, as it provides a false sense of security.

I'd be interested to learn why you say that other encryption protocols are designed to be cracked by government cryppies.

Top
#214655 - 01/10/11 02:54 AM Re: Things you need to know about passwords. [Re: Art_in_FL]
ireckon Offline
Pooh-Bah

Registered: 04/01/10
Posts: 1629
Loc: Northern California
The article recommends using 2 or more words. Unfortunately, a space has NOT been an acceptable character anywhere I use a password. I'm not talking about underscore "_", and the article is not talking about underscore either. The article is talking about 2 or more words with a space between words.
_________________________
If you're reading this, it's too late.

Top
#214658 - 01/10/11 04:55 AM Re: Things you need to know about passwords. [Re: Art_in_FL]
speedemon Offline
Journeyman

Registered: 04/13/10
Posts: 98
While I don't really use it at the moment my degree was in CompSci, and I still stay up to date with things. Even with the advance in computers, you can't check that many passwords a second, and most all systems have limits. There are at least 96 different characters you can type (lowercase, caps, numbers, symbols, and punctuation). So at 6 characters long, you're at 782,757,789,696 combinations. Even trying to brute-force at 1,000,000 passwords a second (completely infeasible on pretty much every system out there), your looking at days of time to crack it. Government agencies might be able to, depending on the system. If you're talking about data encryption, with reasonable key-length this is more than enough for a password (the math involved to check keys, or even to compute a key from a given password takes time).
If you're really paranoid, bump it up to 8 characters long (your up to hundreds of years at 1,000,000 a second). Just make sure its random. I know its hard to memorize, but just take some extra time. (I would also tend to disagree with his conclusion to use combinations of words).


Edited by speedemon (01/10/11 04:56 AM)

Top
Page 1 of 3 1 2 3 >



Moderator:  Alan_Romania, Blast, chaosmagnet, cliff 
November
Su M Tu W Th F Sa
1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
Who's Online
0 registered (), 876 Guests and 29 Spiders online.
Key: Admin, Global Mod, Mod
Newest Members
Aaron_Guinn, israfaceVity, Explorer9, GallenR, Jeebo
5370 Registered Users
Newest Posts
Leather Work Gloves
by KenK
11/24/24 06:43 PM
Satellite texting via iPhone, 911 via Pixel
by Ren
11/05/24 03:30 PM
Emergency Toilets for Obese People
by adam2
11/04/24 06:59 PM
For your Halloween enjoyment
by brandtb
10/31/24 01:29 PM
Chronic Wasting Disease, How are people dealing?
by clearwater
10/30/24 05:41 PM
Things I Have Learned About Generators
by roberttheiii
10/29/24 07:32 PM
Newest Images
Tiny knife / wrench
Handmade knives
2"x2" Glass Signal Mirror, Retroreflective Mesh
Trade School Tool Kit
My Pocket Kit
Glossary
Test

WARNING & DISCLAIMER: SELECT AND USE OUTDOORS AND SURVIVAL EQUIPMENT, SUPPLIES AND TECHNIQUES AT YOUR OWN RISK. Information posted on this forum is not reviewed for accuracy and may not be reliable, use at your own risk. Please review the full WARNING & DISCLAIMER about information on this site.