Slashdot Mirror


Spafford On Security Myths and Passwords

An anonymous reader writes "In a recent blog post, Eugene Spafford examines password security along with related issues and myths. In particular, he discusses how policies that may not necessarily make much sense anymore end up being labeled 'best practices,' and then propagated based on their reputation as such."

18 of 356 comments (clear)

  1. APG by wuzzeb · · Score: 5, Funny

    I have found that using APG is a great way to generate passwords. They are easy to remember since you can pronounce them. For example, I just ran the generation and these are the passwords that popped out. I have found that most users can remember these kinds of passwords.

    lewcyHirUx6 (lew-cy-Hir-Ux-SIX)
    drywaWrop2 (dry-wa-Wrop-TWO)
    ScekGul4 (Scek-Gul-FOUR)
    lacWaup7 (lac-Waup-SEVEN)
    IphIaft3 (Iph-Iaft-THREE)
    glidTevPos8 (glid-Tev-Pos-EIGHT)
  2. One attack he didn't mention... by patio11 · · Score: 5, Funny

    ... getting your server brute-forced by a Slashdotting.

  3. MOD PARENT +5 Funny! by WoTG · · Score: 2, Funny

    Uh... yeah, those passwords look easy enough to remember.

    Heck, I forgot my 4 digit alarm code about 6 months ago... and you want me to remember how to "spell" glid-Tev-Pos-EIGHT???

  4. I write passwords down... by cirby · · Score: 3, Funny

    Well, they *look* like passwords.

    They're not actually *to* the systems they're next to, but it's funny how long some baby cracker-d00d will just sit there and keep fiddling with them, trying to get them to work.

  5. Re:Password change policy by KiloByte · · Score: 2, Funny

    Thats just how politics work in a corporate environment. People will cover their arses first, do the sensible thing second.

    I'm afraid that you have never seen a corporate environment; otherwise you wouldn't mention "doing the sensible thing".

    --
    The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
  6. Re:Advice on passwords by raftpeople · · Score: 2, Funny

    It happened to me. I was logging onto some box after having passed through a few different operating systems on various boxes to get there, when I keyed in my password the damn thing got echoed back to the screen and the person behind me started laughing (it was one of those passwords you wouldn't tell your mom about!).

  7. Easy for a Star Trek Fan Maybe... by Qybylance · · Score: 5, Funny

    They do sound an awful lot like planet names... "Scotty, beam me down to Lac Waup 7!" "Can we recover the team on Sek Gul 4?" "The colony of Ip Laft 3 is under Romulan attack!"

  8. Re:Advice on passwords by wildsurf · · Score: 4, Funny

    Passwords are like toothbrushes; change them every three months and don't share them with your friends.

    Passwords are like toothbrushes. Don't get too enameled with yours, or it'll cause a dentin security and may even expose your root.

    --
    Weeks of coding saves hours of planning.
  9. Re:Password changing by MrLizardo · · Score: 2, Funny

    The biggest threat to security is often from within the corporation/organization itself. And there's a big difference between being able to walk by someone's desk and see the sticky note with the password on it versus climbing under their desk and putting a key-logger between the system and the keyboard. Think about the following two scenarios:

    Scenario 1:
    Worker: What were you doing going through the drawers in my desk for while I was away?
    Cracker: Sorry. I was looking for a stapler.

    Scenario 2:
    Worker: What were you doing crawling around under my desk, screwing with my computer?
    Cracker: Sorry. I was looking for a stapler.

    See, one of these is activities is a little more dubious than the other. Also, you don't have to be a 1337 hax0r to be a threat to security. All you have to do is have access to a file/account/system you shouldn't.

    --
    ^I'm with stupid.^
  10. Re:Dupe by Warg!+The+Orcs!! · · Score: 3, Funny

    If I recall correctly, posts pointing out duplicate posts have been posted before.

    --
    Travelling forward in time at a rate of 1 second per second.
  11. Requirements... by Vo0k · · Score: 4, Funny

    A real error message from a real e-store registration, denying access for a customer who entered his actual, legit personal data:

    "Your surname name is too short. Surname must be at least 4 characters long."

    --
    Anagram("United States of America") == "Dine out, taste a Mac, fries"
  12. Re:Couldn't agree more on some points by cyborch · · Score: 3, Funny

    ... there is a nearly 100% chance that anyone sneaking into 3 out of 4 offices ...

    ... 99% of security compromises ...

    ... 25% of people ...

    In other news: 87.3% of all surveys are made up on the spot.

  13. biometrics by Anonymous Coward · · Score: 1, Funny

    Hope I don't have to get new fingers every 30 days when they bring biometrics as password replacements....

  14. Passwords Suck by esme · · Score: 2, Funny
    We should all be using public keys.

    -Esme

  15. Re:Password changing by Phleg · · Score: 3, Funny

    A sentence would be an even better password, because it's easier to remember, has spaces, capitals, and punctuation.
    You must be new here.
    --
    No comment.
  16. Re:Diceware by Anonymous Coward · · Score: 1, Funny

    Your passphrase would then be:

                                    cleft cam synod lacy yr


      Which interestingly is Welsh for all your base are belong to us

  17. My way by sasdrtx · · Score: 2, Funny

    Abcd0001

    Increment as needed.

    --
    Most people don't even think inside the box.
  18. Re:Shoulder surfable. by Rob+the+Bold · · Score: 2, Funny
    You ever wonder why password fields don't echo the actual characters back to the screen?

    I used Lotus Notes for a while, and it had a "cool" feature of echoing seemingly-random numbers of heiroglyphics when you typed each character of a password. You never knew if your finger slipped or if you did just type bird-bird-eye-"guy going like this"-bird-ankh-ankh-ankh. Worse then single stars, worse than nothing, really.

    --
    I am not a crackpot.