Archive for the Passwords Category

PassW*rd N0t Al!0wed

Posted in Passwords on 1 Sep 2011 by Stuart Aston

unlock lock securityI came across this article the other day, Nick Helm’s password joke is Edinburgh Fringe funniest and I said to some friends actually that’s not a bad password strategy add some complexity and some diversity for each site you go to and its pretty good (trust a security geek to take the fun out of it). One of my friends said “Sadly – at least in my experience – 99% of sites (and therefore developers?) still do not allow special characters and/or phrase long passwords”.

Hang on – What! Why on earth not? Back in the dim and distant past like the 1990’s that might have been acceptable, but, not today!

So I’m not much of one for “a call to action”, but, being secure with a password is hard enough without some developer denying me the complexity we need to make it “safe”…

So I would ask you when you next change your password on a site and it says something like “we don’t allow spaces or special characters” ask yourself what is it protecting and then complain to the site owner; get them to change it, after all it’s only protecting your data…

Advertisements

Cloud-Based Crypto-Cracking Tool To Be Unleashed At Black Hat DC – Darkreading

Posted in Cloud, Passwords, Security, Tools on 12 Jan 2011 by Stuart Aston

 

binary ring codeSo why is this news? Well, other than it is the first time that a researcher has made an announcement regarding it?

 

Largely any workload could be put into the cloud. Cloud vendors, ourselves included, have suggested that large mathematical functions that require intensive processing could and should be offloaded to the cloud either in part or in totality, since the launch of cloud based services and cracking passwords is a large maths function.

cloud illustration iconThat  the "cloud could be used for password cracking", should not surprise anyone, it will gain the same economic benefits as any other application when applied to the cloud, this was inevitable. 

In the meantime use a strong password, or two factors of authentication about stuff you care about…

Cloud-Based Crypto-Cracking Tool To Be Unleashed At Black Hat DC – Darkreading

I love my Kindle

Posted in Passwords on 17 Sep 2010 by Stuart Aston
People who know me know I love to read, and I have to say Kudos to Amazon in producing the Kindle 3, it’s brilliant fast light easy to use.  It enables me to shop easily and by new books with a click, it’s a great user experience and does exactly what it says on the tin… now without sounding like I am repeating myself … do remember to password protect your kindle, sure if you loose it people can only buy books on your account, but did you really want to max out your credit card with books?  

Lions and tigers and bears oh my!

Posted in Passwords on 15 Jun 2010 by Stuart Aston

The key to the door... A friend and I were chatting the other day and he pointed out to me that its not just that people use weak passwords,  and they do, but that they have a habit of re-using the same weak password that they use for posting on their ‘knitting’ site, as they do for banking.  Everyone looking at this must know that is a bad idea … so why do we still do it? Ease of use (aka its the password I can remember) is the only answer I can think of…

The good news is that older people seem to be okay remembering more passwords than younger… well sort of good news, if you are older anyway.

There are some interesting technologiesaround the place that hopefully will take off and in doing so make life easier from a point of view of numbers of credentials a person will have to remember. uProve for example has a great deal of potential to remove the need to remember multiple passwords, and then just strongly secure “one password (or form of proving who I am to any given system) to rule them all”… of course like the “one ring” it becomes “Precious” and the subject of greater scrutiny, so make sure you use a strong password where ever you use one.

Whilst we are on the subject, how many people have no password and run as admin on their home PC? Go and set a strong password for the administrator account right now!

imageWrite it down somewhere safe in case you forget it (no the post it note on the PC is not somewhere safe, put it in the same place you put your insurance household/documents).  You can also make the ‘bad guys’ job harder still by creating a separate standard user account (also with a strong password) for day to day activity, this is a lot easier on Windows 7 and Mac than it is under Vista (but still practical to do), but its very challenging for the average home user under XP.  Why do this, because it means that malware cannot trivially install unwanted software using your user privileges.

In the mean time, make the password you use for banking different from the one you use for ebay, from the one you use for paypal, from the one you use for IM, from the one you use to log on to the computer… think of it this way, you wouldn’t use the same key to your house as you would your car or your bank… would you?

%d bloggers like this: