July 17th 2008
There’s some terrific stuff here. Unfortunately, it’s packaged with Internet-based password selection.
Get it straight: you’re only supposed to share your passwords with yourself and your keyboard. You aren’t supposed to ask your astrologer for one, or collect one from someone on the bus, or at a cocktail party. And never, ever from an Internet web site.
July 15th 2008
Another chuckle:
Someone picked up the domain ‘highsecuritypasswordgenerator.com‘ and has proceeded to implement a password generator on it. The generator applies a common technique (I described it in my book Authentication) wherein you choose two words from long lists and separate them with a special character of some sort.
The down side should be obvious to anyone who thinks about web security: the password is shared with the password generating site and with anyone who sniffs the web page as it travels across the Internet. Continue Reading »
April 20th 2008
I’ve finished an article on Picking Passwords that outlines the three types of passwords and suggests ways to choose them. The three types are:
1. simple, traditional passwords
2. strong but memorable passwords
3. totally random, hard-to-memorized password
I need to post my old Mordac cartoon - I have an on-line license, but I get exactly ONE use somewhere on my site!.