Spafford On Security Myths and Passwords 356
An anonymous reader writes "In a recent blog post, Eugene Spafford examines password security along with related issues and myths. In particular, he discusses how policies that may not necessarily make much sense anymore end up being labeled 'best practices,' and then propagated based on their reputation as such."
APG (Score:5, Funny)
I have found that using APG [nursat.kz] is a great way to generate passwords. They are easy to remember since you can pronounce them. For example, I just ran the generation and these are the passwords that popped out. I have found that most users can remember these kinds of passwords.
One attack he didn't mention... (Score:5, Funny)
MOD PARENT +5 Funny! (Score:3, Funny)
Heck, I forgot my 4 digit alarm code about 6 months ago... and you want me to remember how to "spell" glid-Tev-Pos-EIGHT???
I write passwords down... (Score:4, Funny)
They're not actually *to* the systems they're next to, but it's funny how long some baby cracker-d00d will just sit there and keep fiddling with them, trying to get them to work.
Re:Password change policy (Score:3, Funny)
I'm afraid that you have never seen a corporate environment; otherwise you wouldn't mention "doing the sensible thing".
Re:Advice on passwords (Score:2, Funny)
Easy for a Star Trek Fan Maybe... (Score:5, Funny)
Re:Advice on passwords (Score:5, Funny)
Passwords are like toothbrushes. Don't get too enameled with yours, or it'll cause a dentin security and may even expose your root.
Re:Password changing (Score:2, Funny)
Scenario 1:
Worker: What were you doing going through the drawers in my desk for while I was away?
Cracker: Sorry. I was looking for a stapler.
Scenario 2:
Worker: What were you doing crawling around under my desk, screwing with my computer?
Cracker: Sorry. I was looking for a stapler.
See, one of these is activities is a little more dubious than the other. Also, you don't have to be a 1337 hax0r to be a threat to security. All you have to do is have access to a file/account/system you shouldn't.
Re:Dupe (Score:3, Funny)
Requirements... (Score:5, Funny)
"Your surname name is too short. Surname must be at least 4 characters long."
Re:Couldn't agree more on some points (Score:4, Funny)
In other news: 87.3% of all surveys are made up on the spot.
biometrics (Score:1, Funny)
Passwords Suck (Score:3, Funny)
-Esme
Re:Password changing (Score:4, Funny)
Re:Diceware (Score:1, Funny)
cleft cam synod lacy yr
Which interestingly is Welsh for all your base are belong to us
My way (Score:2, Funny)
Increment as needed.
Re:Shoulder surfable. (Score:3, Funny)
I used Lotus Notes for a while, and it had a "cool" feature of echoing seemingly-random numbers of heiroglyphics when you typed each character of a password. You never knew if your finger slipped or if you did just type bird-bird-eye-"guy going like this"-bird-ankh-ankh-ankh. Worse then single stars, worse than nothing, really.