Spafford On Security Myths and Passwords
An anonymous reader writes "In a recent blog post, Eugene Spafford examines password security along with related issues and myths. In particular, he discusses how policies that may not necessarily make much sense anymore end up being labeled 'best practices,' and then propagated based on their reputation as such."
I have found that using APG is a great way to generate passwords. They are easy to remember since you can pronounce them. For example, I just ran the generation and these are the passwords that popped out. I have found that most users can remember these kinds of passwords.
... getting your server brute-forced by a Slashdotting.
Help poke pirates in the eyepatch, arr.
Uh... yeah, those passwords look easy enough to remember.
Heck, I forgot my 4 digit alarm code about 6 months ago... and you want me to remember how to "spell" glid-Tev-Pos-EIGHT???
Well, they *look* like passwords.
They're not actually *to* the systems they're next to, but it's funny how long some baby cracker-d00d will just sit there and keep fiddling with them, trying to get them to work.
Thats just how politics work in a corporate environment. People will cover their arses first, do the sensible thing second.
I'm afraid that you have never seen a corporate environment; otherwise you wouldn't mention "doing the sensible thing".
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
It happened to me. I was logging onto some box after having passed through a few different operating systems on various boxes to get there, when I keyed in my password the damn thing got echoed back to the screen and the person behind me started laughing (it was one of those passwords you wouldn't tell your mom about!).
They do sound an awful lot like planet names... "Scotty, beam me down to Lac Waup 7!" "Can we recover the team on Sek Gul 4?" "The colony of Ip Laft 3 is under Romulan attack!"
Passwords are like toothbrushes; change them every three months and don't share them with your friends.
Passwords are like toothbrushes. Don't get too enameled with yours, or it'll cause a dentin security and may even expose your root.
Weeks of coding saves hours of planning.
The biggest threat to security is often from within the corporation/organization itself. And there's a big difference between being able to walk by someone's desk and see the sticky note with the password on it versus climbing under their desk and putting a key-logger between the system and the keyboard. Think about the following two scenarios:
Scenario 1:
Worker: What were you doing going through the drawers in my desk for while I was away?
Cracker: Sorry. I was looking for a stapler.
Scenario 2:
Worker: What were you doing crawling around under my desk, screwing with my computer?
Cracker: Sorry. I was looking for a stapler.
See, one of these is activities is a little more dubious than the other. Also, you don't have to be a 1337 hax0r to be a threat to security. All you have to do is have access to a file/account/system you shouldn't.
^I'm with stupid.^
If I recall correctly, posts pointing out duplicate posts have been posted before.
Travelling forward in time at a rate of 1 second per second.
A real error message from a real e-store registration, denying access for a customer who entered his actual, legit personal data:
"Your surname name is too short. Surname must be at least 4 characters long."
Anagram("United States of America") == "Dine out, taste a Mac, fries"
In other news: 87.3% of all surveys are made up on the spot.
Hope I don't have to get new fingers every 30 days when they bring biometrics as password replacements....
-Esme
No comment.
Your passphrase would then be:
cleft cam synod lacy yr
Which interestingly is Welsh for all your base are belong to us
Abcd0001
Increment as needed.
Most people don't even think inside the box.
I used Lotus Notes for a while, and it had a "cool" feature of echoing seemingly-random numbers of heiroglyphics when you typed each character of a password. You never knew if your finger slipped or if you did just type bird-bird-eye-"guy going like this"-bird-ankh-ankh-ankh. Worse then single stars, worse than nothing, really.
I am not a crackpot.