Another plea for password sanity

August 15th 2009

Here’s a recent posting on password problems that suggests 10 hard-to-follow rules.

The author highlights an important problem: attackers can do systematic trial-and-error guessing attacks against on-line sites. She focuses on a Google Gmail problem recently reported on Full Disclosure.

Here’s the point: use strong protection on high-value targets. Take the time to protect your major e-mail account, your financial resources, and anything else you really value. If you’re going to slack off, do it when registering to post a one-off blog comment.

Let me take a stab at my own list of recommendations.

Continue Reading »

Posted under Security | No Comments »

Mixed Bag: Lifehacker’s Top 10 Computer Annoyances

July 17th 2008

There’s some terrific stuff here. Unfortunately, it’s packaged with Internet-based password selection.

Get it straight: you’re only supposed to share your passwords with yourself and your keyboard. You aren’t supposed to ask your astrologer for one, or collect one from someone on the bus, or at a cocktail party. And never, ever from an Internet web site.

read more

Posted under Security | No Comments »

Secure Passwords: unclear with the concept

July 15th 2008

Another chuckle:

Someone picked up the domain ‘highsecuritypasswordgenerator.com‘ and has proceeded to implement a password generator on it. The generator applies a common technique (I described it in my book Authentication) wherein you choose two words from long lists and separate them with a special character of some sort.

The down side should be obvious to anyone who thinks about web security: the password is shared with the password generating site and with anyone who sniffs the web page as it travels across the Internet. Continue Reading »

Posted under Security | No Comments »

Picking Passwords

April 20th 2008

I’ve finished an article on Picking Passwords that outlines the three types of passwords and suggests ways to choose them. The three types are:

1. simple, traditional passwords
2. strong but memorable passwords
3. totally random, hard-to-memorized password

I need to post my old Mordac cartoon – I have an on-line license, but I get exactly ONE use somewhere on my site!.

Posted under Security | No Comments »