Slashdot Mirror
Users feel Password Rage
Pcol writes "The Baltimore Sun is reporting on Password Rage, the frustration users have with the abundance of codes they are required to memorize. Some cope by remembering their passwords with the help of a tune or a phrase, some use three or four levels of passwords with the most complex protecting financial information, and others keep all their passwords in a database - protected by a password. Security experts say that with the increased use of biometrics, our reliance on passwords will lessen in the future. Until then, it's ok to cheat - but wisely."
Now THAT gives me password-rage.
Because no password is uncrackable. One issue about cryptography is that things don't have to be uncrackable, so long as by the time they are cracked it is irrelevant.
If it's possible to crack your password in 7 months but you change it every 6, then the cracked password is useless. If you never change your password it can always be cracked.
those are smartcards you are talking about. They contain a small general purpouse microprocessor and special storage for OS and data. Once locked, data cannot be read out of the device but only used within the programs stored within. It appals me that those things aren't ubiquitous and/or used for POS C/C systems. Some cryptalalysts managed to weasel some data out of them only by physically interfering with the operating device to cause program execution failures (heating or EM interference). Still much safer than a crummy magnetic strip and a numeric code.
Mi domando chi à il mandante di tutte le cazzate che faccio - Altan
Just protects the passwords so you don't have to lock down your whole PDA all the time (I don't really care if someone nabs my schedule/phone list). It works really well, and seems to be written with security in mind (as opposed to ease of use). According to the website, it uses "secure triple-DES encryption using a 112-bit key derived from the password". And the best part: it's open source. Pick it up here: http://gnukeyring.sourceforge.net/
Apple has a nice solution to the password problem in their Keychain. The Keychain was originally part of the Mac OS back in 1993 with System 7 Pro, part of the AOCE toolkit. Most of AOCE has been abandoned, but a few pieces survive.
The keychain is basically a small, encrypted database with an accompanying API that software developers can use to store passwords. The keychain itself is locked with one's login password. Basically, when one logs in, the keychain is unlocked, and various applications can retrieve the credentials that were previous written into the keychain.
Apple uses this for storing various passwords for email, file servers, as well as passwords for web sites accessed from Safari. The Camino web browser also uses it. The SSH Agent program stores my passphrase for unlocking my ssh private key.
Using the Keychain application, users can use it to store secured notes. I use this feature for storing credit card PINs and other things that do not use the Keychain API.
One thing that would be really nice would be if software developers would use the keychain to store their serial numbers. Since I make backups of my keychain, having all my software serial numbers stored in one place would make a system rebuild a lot easier since I would not need to track down and re-enter all my software serial numbers.