Slashdot Mirror
Ask Slashdot: How To Keep Students' Passwords Secure?
First time accepted submitter bigal123 writes My son's school is moving more and more online and is even assigning Chromebooks or iPads to students (depending on the grade). In some cases they may have books, but the books stay home and they have user names and passwords to the various text book sites. They also have user names/passwords to several other school resources. Most all the sites are 3rd party. So each child may have many user names (various formats) and passwords. They emphasized how these elementary kids needed to keep their passwords safe and not share them with other kids. However when asked about the kids remembering all the user names and passwords the school said they are going to have the kids write them down in a notebook. This seemed like a very bad practice for a classroom and to/from home situation. Do others have good password management suggestions or suggestions for a single sign-on process (no/minimal cost) for kids in school accessing school provisioned resources?
They log on on one site, and use that login to log in to all other sites.
I use Lastpass, but there are more: http://www.pcmag.com/article2/0,2817,2407168,00.asp
Other than that, kids will need to learn how to deal with passwords.
LastPass should help. There isn't really an easy solution though.
I suggest you make it easier for the kids to remember their passwords. Change them all to 123456.
Anyone have a good suggestion for a multi-user secure login repository? I'm in an IT department where we have lots of appliance/embedded systems that don't support multiple users and we need to share them among each other. Right now our solution is too embarrassing to say. Please help :'(
This scenario sounds like something a password manager can easily solve, especially something like LastPass Enterprise which has a Preloaded Password Vault and Policy configuration. While you can debate the security of having all your eggs in one basket (master password), the convenience from an administration perspective should outweigh whatever "sensitive" data is at stake to be compromised (homework, research resources), at least at the primary/secondary school level. Of course, if the roll-out has already begun then I would recommend your son install whatever password manager he prefers and choose a "secure" master password and lock his laptop/iPad when he isn't looking at it.
Yes! Use a password manager. But then also add 'a third password' to it, in the form of a finger print scan via a USB Yubi-Key for two-factor identification. Similarly you can also 'authorize' your specific mobile devices, (which can't accept a YubiKey). It's a hassle, but it is also an investment in security; which is how these things always work.
http://help.passpack.com/knowl...
You can't be ahead of the curve, if you're stuck in a loop.
For children age 6 and up, and also for adults, the most important thing is to Keep It Simple.
Writing down passwords is actually a good thing for adults, as long as the passwords are written down in a secure place. A note in your wallet qualifies, as you know how to keep your wallet secure (right?). This is even more secure than a password safe on your smartphone: inputting a strong password is a pain (and easily observed), and witht it your sm artphone becomes a prime target for theft (if it isn't already).
For children of 6 years old and older (I'm assuming a US centric view here, triggered by the word 'elementary'), the situation is not that much different. The only problem is that children at this age usually do not have a wallet.
This is then the only problem to solve: creating a secure place to write down passwords.
However when asked about the kids remembering all the user names and passwords the school said they are going to have the kids write them down in a notebook. This seemed like a very bad practice for a classroom and to/from home situation.
Bruce Schneier says:
"Microsoft's Jesper Johansson urged people to write down their passwords.
This is good advice, and I've been saying it for years.
Simply, people can no longer remember passwords good enough to reliably defend against dictionary attacks, and are much more secure if they choose a password too complicated to remember and then write it down. We're all good at securing small pieces of paper. I recommend that people write their passwords down on a small piece of paper, and keep it with their other valuable small pieces of paper: in their wallet."
https://www.schneier.com/blog/...
Excellent password manager. Syncs an AES-encrypted file to all your devices. It also has plug-ins for most web browsers (Firefox, Chrome, Safari) that allow you to login automatically on a web site. I personnally don't use the plugins, but it's really good on both Android and Mac OS X.
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
How To Keep Student's Passwords Secure?
How about we do away with passwords and have the kids get mandatory, government issued, RFID chips imbedded under their skin. Problem solved!
Brave Sir Robin ran away. ("No!") Bravely ran away away. ("I didn't!")
Just make sure they understand to keep the notebook safe. Ideally, they would write them down in a diary or the like, that contains other private information, bit at least here only girls usually have these.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Yes! Use a password manager. But then also add 'a third password' to it, in the form of a finger print scan via a USB Yubi-Key for two-factor identification. Similarly you can also 'authorize' your specific mobile devices, (which can't accept a YubiKey). It's a hassle, but it is also an investment in security; which is how these things always work.
http://help.passpack.com/knowl...
Erm... I'm looking at their site, but as far as I can see the "yubikey" product doesn't scan fingerprints. It's an authentication token, similar to an RSA SecurId card, only a little more automatic because it interfaces directly via USB to type the current password itself when you need it. It's also not what I'd describe as "minimal cost" for a school.
Have them write a poem as homework, where every second line or something can be used as a pass phrase and the line above contains a word that helps them remember which resource the pass phrase is for.
As long as they don't pick "The list of all my password" as a title for the poem, that should be more than secure enough for school stuff.
i am a classroom teacher and work on the technology staff for a school district. We work hard to keep it so the students only have one or two passwords and that theyn apply to all of the systems we use by using directory integration for all services.
We just have the student keep their password in their student agenda, the personal planner where they keep their assignments. It's the most personal and consistent tool they have.
A password manager is simply not practical for most second graders. Keep it simple and keep it together with what they need to use it for.
You still need to remember one password though; what I would with children is the following: ask them to say a poem/song they remember; pick a line of the lyrics that they are likely to recall clearly; tweak slightly the letters with *them* driving the process (e->3, o->0 etc); add a little salt in the beginning (one or two characters); use that for the password manager. Proposed solution is not of exotic entropy, yet will do the job with flying colours, for most children.
:-P
In fact, they would be in good enough shape to start teaching the adults around how to do the job
KeepassX with twofish.
Tell them to put them in a notebook. Accept that they will get shared. If that bothers the school admins, too bad.
I have a feeling that this school is wasting a bunch of money on stuff "third party" salesmen have sold them, but that is another issue.
I think the question is completely wrong, it's not how they should remember their passwords. It's why do they have several usernames and passwords in the first place?
First the resources that are school controlled should of course be behind one username/password pair, preferably SSO for the web parts (e.g. a CAS variant is quite simple).
For external resources, is there a real reason they really need to log in? E.g. can IP based access control or something work for some cases. I understand you don't control everything, but as users(/customers) one can at least complain, and try to push it in the right direction. If there is a reson to log in, do they support something like Shibboleth/SAML or OpenID for login federation? If so, that should be used. It's not trivial, but making the lives of the students hard for something stupid like that is even worse
I think that for an elementary school student, if the amount of username/password pairs they need is over 1, there's something wrong somewhere.
Use an encrypting text editor such as notepadcrypt.
Write all your username password combinations into a single file protected with a single pass phrase (it's up to you to use a secure, memorable, strong one). When you need to use one of the combinations open the file, copy & paste credentials into the login form etc.
if using notepadcrpyt then it can run from a portable install so you can carry a USB key with the program and your encrypted passwords file. As log as you use a good passphrase it's reasonably safe. It's a Windows executable but I'm sure variations could be knocked up for *Nix, Mac etc. (it's bascially just a notepad app which saves text using AES encryption)
There is no way I will use any sort of single sign in mechanism such as Open ID as I don't want my identity to be a fixed thing. The day that you are required to sign in to the internet is the day I will stop using it. I want a different user name for each resource I use.
It also seems that organisations are incapable of have anything less than a different user name and password requirement for each resource so I'm not even going to attempt to remember them all.
I've been using variations on this technique for years (used to use my own custom encrypting notepad app) and haven't had a problem (so far)
Oh and don't forget to write down your master passphrase on a piece of paper and keep it somewhere safe (obscured with lots of surrounding random text)
It's school; all the computers are locked down and limited in access only to approved sites (whitelist). No outside software may be installed, and all USB ports are frozen. No personal electronics are allowed to be brought in by kids.
Remind me again how LastPass, 1Password, and KeePass work in these environments?
Is it just my observation, or are there way too many stupid people in the world?
LastPass, and make your master key be a sentence-like phrase. Thats what I use, but then I run the sentence-phrase through a generator I wrote which outputs things like:
tsÃMÃ--Ã09kÃÃyW>Ã17gËoeÂâsÃzxéYÃwMã8w
Of course we are on slashdot, almost none of the high-ansi characters will display.
Notebooks are non-installable (no e-viruses), portable, inexpensive, and do not require access to a third party online service (school access whitelists work).
They are as secure as they need to be - students are to use their own notebooks and note share them, and as long as a notebook is closed it is secure from prying eyes. These aren't nuclear codes, they're access to textbook sites used by grade school kids. If you're so concerned, have your child get a small, pocket sized notebook and write them down there, and remind him or her that they should keep it with them at all times and bring it home every night and back to school each morning.
PS - The admonition not to share passwords is a good way to train kids that security information should not be shared, even though it's not really a critical safety concern at this point.
Is it just my observation, or are there way too many stupid people in the world?
THis, or just write them down in a notebook. Who cares about those passwords anyways? They are kids for christsake. Just give the teacher admin password to reset and change everything. They WILL steal eachothers passwords, they will share them, they will make up "funny" passwords if they get to choose. They are kids, let them be kids. Being impulsive, naive, and, well, juvenile, is integral part of being a kid. Also, they already remember all the important passwords, such as their facebook, online games etc.
As much as I would like to say technology is good for classrooms, It is showing its ugly head on why its bad. Teachers will have to deal with Johnny losing or forgetting his password. Or what happens when the internet goes down on a school day? What do you do? Send everyone home? What happens when your school get's broken into and all those iPads, Chromebooks and such get stolen? Some schools have already dumped tablets as being too fragile and expensive to replace. Parents complained that they end up footing the bill way too often for replacement costs. You want to stop the inequality of education in America? But yet, its the affluent school districts that can afford this technology. Then you have the sad news that districts with technology in the classrooms have not improved scores. So we now know that using a Chromebook in class is no better then reading from a book as far as student learning goes. Go figure.
Have whoever is in charge of these devices approve them.
Have you seen Memento?
It works. Creates secure passwords. Stores them.
Easy.
Tubby or not tubby. Fat is the question
That is so fucked up.
Oh, look, he's got a chromebook - he's a loser.
Watch this Heartland Institute video
They emphasized how these elementary kids needed to keep their passwords safe and not share them with other kids.
Yeah, it's still a crime, but at least the Software Protection Authority and Central Listening won't find out about it that way, right?
Ezekiel 23:20
Hi, I would suggest a "salt" - write down user names and passwords in all the books. However add the same "pin" to every password on the systems. The child then enters the user and password as given in the book. Adds their "pin" to the end of the password, and carries on.
This is by no means perfect but should be sufficient.
Print out a password cheetsheet. even in plain sight, if you don't know how to read it it is meaning less. See reference at Lifehacker in an article called "How to Write Down and Encrypt Your Passwords with an Old-School Tabula Recta."
So long as the administrator agrees to whitelist it, and allow the browser add-on, it should work fine. It doesn't require any USB, or separate software to be installed. It doesn't save passwords anywhere locally. Everything is stored encrypted on their server, and unencrypted by the browser add-on. This is both very secure and very convenient.
I'd think this is something most administrators in such environments would allow if asked, since it's going to make their own lives a lot easier.
It is better to have a good password written down somewhere, than using the name of your dog and knowing it by hard.
Passwords can be hard to remember, they are usually just within the minimum length and usually are so complex that they have to be written down. I use passphases instead. I basically write a sentence as my password using caps, numbers and maybe a symbol if required. A student can use something like "Myhomeroom226isveryloud!" Easy to remember but not something another student will easily figure out - that is the purpose of the exercise?
Rhymes can stick nicely in the mind. Twist a rhyme to form a password. Jack and Jill climbed up the Pill would stick in most kid's minds. Or twist a popular phrase. Jose can you see instead of Oh say can you see might work.
Grille
He could have a folded one in his wallet or whatever. If he loses his notebook, it's just a random set of letters.
Don't expect them to get it perfect the first time. And depending on their age, don't start them off with what you'd consider the best final approach. You're in a school, treat it like any other learning experience.
Just using passwords may be a new experience for some of them. Start with the basics. I wouldn't focus too much to start with on "strong passwords", they can work on that later. For now, work on selecting a password they can remember, NOT sharing their password, and changing their password as needed.
Once they've spent some time on that and feel more comfortable with it and don't feel like the world is going to explode if they forget their password, move on to password security. Using stronger, longer passwords, using different passwords in different places, password managers, advoiding and dealing with a password lockout, password resetting, etc.
This is just one of those "things they should have taught us in school", treat it as such. Like time/money management, basic cooking, resume writing / job huting etc.
I work for the Department of Redundancy Department.
Not always an option but why are these ebooks locked down. This is a limitation placed on the users by the vendors and it is a licensing and management issue. It has little to do with actually copying issues. A wonderful waste of money and resources and patience.
I mean thats the obvious question ... if all an attacker can do is read some textbooks then I don't give crap about how secure the password is.
Most kids are required to have school IDs now. Write the information on a card of the same size as the ID, laminate it, and attach it to the lanyard that holds the ID.
As a high school teacher almost every time I have kids get onto a website or log onto a computer I have somebody who forgot their password. Their passwords are defaulted to their student ID, and some kids change them, and then usually forget them. Instead of worrying about kids having great password security (which I end up having to reset and they lose an hour of instruction while I wait for an admin to do it) just tell them to not put anything important on these drives. In my experience it works out much better for the kid if I can easily get into his account by using a default student ID, to maybe grab a file for him when they're absent, than it is to have a secure password.
At the high school level we occasionally have shady things happen where students steal each other's accounts to do things like vote for homecoming queen or whatever, but nothing of value is lost.
I'd rather see kids have redundant copies of files on the web, on a flash drive, and then their workstation than have them worry about having great password habits.
The school imposes this burden; the school should shoulder the work of the solution. Set up a federated authentication IDP (using ForgeRock or some other OSS); store the passwords for each child in there, a central site maintained by the school district. Then the children need only one username/password for their time in the school district. Incidentally it will encourage the school district to streamline the process :-).
Issue the students smart cards or integrate them with their student ID. The costs have smartcards have come down so much now that my local laundromat uses them in place of coins. If a student loses their ID, an administrator simply deactivates the card.
"The dog chased 3 chickens around the house."=Tdc3cath. "I use Google to write emails to Grandma."=IuGtwetG.
If the school is going to have access to this notebook, assume from day 1 they are going to use it to log onto your child's account and monitor it, thus you should encourage your child to only use it for school activity and not for any personal activity. Schools have done worse.
I'd say keeping the list in the last page of a notebook or binder should be sufficient... and I feel like it's pretty reasonable for the teacher to have a copy of the students passwords in case they lose/forget the notebook.
What is more likely to happen to you? Getting a malware infection on any one of your dozens of electronic devices, or someone breaking into your house and stealing a notebook?
it's not the actual tattoo that helps them remember, but the trauma of getting the tattoo that fixes the password in their minds.
Master password system of some kind is about the only reasonable solution. KeyPass etc.
https://www.gnu.org/philosophy...
What assets are you protecting? What is the risk?
1 ) If the account is compromised can you get access to it again via alternate means?
Be the parent. Have all of the accounts go to an email box you control, or have all of the accounts go to an email box that you know you can get access to beyond the password. In case of breach make sure you have a path to regain access and control.
2) What are the accounts for? Minimize the risk.
Don't allow the kids accounts to be an attack vector for *YOU*. Consider them like an untrusted source. Don't open unknown attachments. Bad scenario: Opening an attachment entitled "My homework" with an attached malware. Then go check on your bank account... Don't be that guy/gal!
3) What do you want their learning experience or take away to be?
Chances are if they get compromised it won't be a focused attack, it will be someone they know. Decide what you want the worst case scenario to be and minimize the risk... Whether that is removing photo's or setting up rules on do's and don'ts. Don't post your journal on a school resource. Childhood is the chance to ramp up to adulthood.
"Don't fear death... fear not living..." -me
As a high school kid who uses online textbooks like this, I find that the system itself is riddled with problematic and broken DRM. (See LearningField Australia) Keep with the books. I find that it's much harder to learn when you don't know whether A: LearningField has broke on page turn, or B: LearningField is lagging and it's going to take 30 seconds+ to turn the page. If you're gonna give this to elementary kids, at least make the textbook accessible.
If the systems are proper, they should allow for the child to download the PDF raws without ANY DRM to allow easy access to their books. Hope some of what these other guys are suggesting will help in the case that there's no way to stay with physical textbooks.
Our school district has an information system parents can log into for registration, to check grades, etc. My wife and I each have our own logins.
Our HS student went up to register in person this year and although we'd already filled out the necessary paper work, the registrar demanded she do it again. She said, "I can't. I can't login as my parents." No, problem the school replied: here's your Mom's id and password!
Fortunately my wife had recently changed her password so it didn't work. No worries though, when that didn't work they simply gave my daughter my id and password. (Which of course did work.) When I found out about this I went back and changed my pwd to something crude and socially unacceptable. Can't wait till next year!
The software our district is using is installed in hundreds of similar school districts across the country...
Use Dropbox (or any cloud service that sync local files) and Keepass 2 (open source) to keep them in an encrypted file that is shared among anyone. You can also do group file sharing in dropbox, though I don't do that with my passwords file.
The keepass file is encrypted.
I've done this for several years. It's awesome. It allows you to change your password for the same site without depending on some algorithm to lock you into only one possible password for that site.
You can add and edit the file and it synchronizes. I can even use mini-keepass on my iphone, also with dropbox, so if I'm ever needing info without my PC, I can grab the password.
I keep credit card info (easier to cut and paste when ordering online) and game and website login info.
> I have too many important passwords that could ruin my life. ... If I kept the passwords for my bank/retirement fund/etc.'s web site in my wallet they could put my in the poor house. I haven't figured out what to do about this yet.
First, don't use the same password for Slashdot and Facebook that you use for your retirement account. Using the same password, or a similar password for two important accounts is fine. So let's say your PIN you use for important stuff is "5918", and the base password for important stuff is "LipCamLAG". Thats all you need to remember, a pin and a password stub. You then right down:
scottrade: pass + pin
schwab: pass + !?
wells fargo: pin + pass
A bad guy who gets the written information hasn't gained anything useful, and you only have to remember one password and one pin. Actually, two password: one for crap that doesn't matter, like Slashdot, and one more critical stuff like your bank account.
Start with a core that involves a Capital letter, a lowercase letter, a number and a symbol. You want it be about 7 letters long, something like this:
Sp1tab$
ALL your passwords will start with that. Next decide if you are going to use the first, second, last, or second to last letter.. Let's go with "first"
Add the "first" letter of the name of the device/software for which you are using a password. Then add the "first" letter of your username.
Conclusion: Using this system, my password for slashot would be:
Sp1tab$sg
My password for my Dell Laptop, with a username of "Me" would be:
Sp1tab$dm
If something says 'no symbols', drop the $.
If something says "at least 10 characters (haven't seen that yet), then add a 0.
You now have ONE not that hard to remember word, plus a few simple rules to figure out what the password is.
The only problem with this system is obnoxious requirements to change your password every X days, combined with prevents from reusing parts of old passwords. To solve that problem, Try continuously raising the number you inserted in the core password.
excitingthingstodo.blogspot.com
I'm the Google site admin for my elementary school where I teach 4th grade. That makes me responsible for maintaining my class's passwords, as well as the passwords of five other classes - that's nearly 200 4th and 5th grade kids with a fairly transient population. The Google username scheme is non-negotiable because of security issues and committee decision making and consists of the first three letters (if there are three) of the first name, the first three (if there are three) letters of the last name, and the first three digits of their numerical student ID (which they do not know). The password scheme I came up with has the kids choosing two words from a table of common four-letter words. They put those words together with the last digit of their year of birth. They must use this username and password to even get into the Chromebook for most purposes (anything that involves document editing). The classroom app that Google unveiled this Fall is awesome. It's simple and perfect for what it does. I have the kids write their username and passwords down on a post-it. Secure enough. 90% of them have no problem remembering it, but some of them come with their shoes on the wrong feet, so I've been satisfied. I just set the other kids passwords manually after making them write it neatly on a post-it note and usually finding their error. The only third-party thing I use is Scratch, and I make my kids manage their own credentials (I offer a post-it). Scratch is amazing and my kids are motivated to manage it themselves. Scratch, by the way, could be the best thing to happen to math in 200 years of education if people would stop teaching math and start doing math. [Brag warning] Check these out, and tell me you wouldn't have died to build them in 4th grade: http://goo.gl/pHF6Hd We do one every week now.
Dictionary attacks are not the only attack vector now days. With all of the account server break-ins lately, a very big problem is people re-using the same password and login (often an email address) on different websites. So if your account to l33twarez.com gets compromised and you used the same account info as your email or bank, then those too are compromised. This has been a big problem with online gaming for years.
I agree, but as with above this is a problem with eduction. If you teach people to use different passwords, and provide them a method of generating different (yet similar) passwords the problems are greatly reduced.
When was the last time you heard your security team remind people not to re-use passwords? This is of course in addition to training people on strong memorable passwords. If you can't remember, something is wrong.
As much as security experts enjoy hacking and finding vulnerabilities, their job extends way beyond those two things. If they are not good teachers they should be hiring someone that is to assist.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
what ou are securing as much as it's about the secrity.
I it just access to text books? then who cares. Are we worried one to many of the kids might learn?
Writing them down is fine for what we re trying to protect.
That said, it's a good time to teach them how to make easy to remember hard to crack passwords.
"Mary_Had_A_Little_Lamb_2004"
As an example.
The Kruger Dunning explains most post on
Give them hardware keys (RSA tokens or whatever they use these days.
The number of extremely viable suggestions to solve the OP's problem made here is significant, but in my experience another limiting factor will be the teachers' IT competence. The lack of basic understanding among some school instructors for anything IT related can be rather shocking. So I do hope they train their teaching staff well enough, so that they are indeed able to reset a student's account if the password is lost/stolen. Sounds simple, but you'd be surprised.
But seriously, why do primary school children (or 'elementary') need computers in class? I'm not saying that everything was better in the olden days (hey, I'm far too young to say anything like that), but some things of the modern day and age seem rather unnecessary. I get that not having to carry books is a good thing, but primary school books are usually pretty small and light anyway and there aren't that many of them, so it's not that much of an issue. And students forget them at home? Sure, then they'll get told off (and get penalty assignments, or whatever) and have to learn basic organisation skills.
Both of my kids are also being issued chromebooks this school year. The first thing that came to mind was, "what an effective way for someone to harvest wifi passwords, or even chrome remote desktop their way into someones home network". We've seen this type of activity before with schools spying via webcam. I figure I'll setup a secondary isolated wifi network just for those machines.
Writing down passwords isn't an automatic fail—it just means you need good physical security on whatever you write them down in. A notebook is bad advice, but writing them down on a wallet card or similar wouldn't be too bad.
Something like LastPass is probably your best bet, since it works everywhere (including Chromebook); though it isn't free if you want to use the mobile app, it is pretty inexpensive. Of course, if LastPass has an outage, you're gonna have a bad time.
As a security professional, I often recommend Password Cards (passwordcard.org) as a free, low-tech solution that hits a good balance among cost, security, and ease of use. The site generates a printable card (which is easy to make a backup of!) that has a row of symbols and then several rows of random text elements in color-coded rows. All you need to remember for each site is a symbol+color combo; then you simply start from that grid point and type the required number of characters. You could even safely note down the symbol+color for each site, because as long as you keep the card safe in your wallet, that information isn't useful.
It's not perfect, but it's quite good, free, and simple.
We may not imagine how our lives could be more frustrating and complex—but Congress can. – Cullen Hightower
I cannot vouch for it, but my next door office neighbor is using evernote for this specifically as well as other things.
Just use the school mascot for everyone's password.
See this game-changing open-source project, the ultimate solution: a wireless login dongle and password manager compatible with existing websites: http://identivasecurity.com/
Also published in Hack-a-Day's contest: http://hackaday.io/post/7759
You can login aty the press of a button, and security is unprecedented since passwords are never revealed to the computer runinng the browser.
A school website full of remote links. And only five years ago many ***** would consider this as a copyright infringement worth of sue 'n' settlement. Like certain large corporations and music labels lice.
I'd just show them how to use truecrypt. Create a truecrypt file, mount it, put a text file in it with all their usernames, passwords, urls etc... Another option is buy ewallet for them.
At that age, they should be able to memorize many accounts and passwords.
Tell them it's for their own good.
One previous post had a good suggestion - reuse passwords for the textbook sites.
I reuse passwords for throwaway sites. For example, I have accounts on a number of forum sites. They all have the same password (except slashdot), but that password in no way resembles any other password that I use in either content or the way it is constituted for other types of sites.
My few financial sites all have unique passwords of random characters and lengths.
That's all easy enough to memorize with a little effort.
My seldom used passwords, like ebay and amazon, I just reset them when I want to buy something online.
I also keep them in a truecrypt 10GB volume somewhere.
Btw, for long passwords keep in mind that some places truncate to eight characters, so Virginiasfhk2468 and Virginiab3u4d5d4y3 are the same password.
I'm anti single sign on, and against any form of storing passwords on any internet facing device.
If you have say password safe on a NON internet device that should be quite safe. Anything connected to the internet is vulnerable, the only way this one is if it was stolen.
Long passwords are your best bet. They can be quite easy.
ex "l10n&TIG3RS&b3ars0hmy!" lions and tigers and bears oh my! No spaces, second word caps, replace e's with 3s, os with 0 and some special characters.
MOST password "guessing" is done via scripts and based of most common passwords. This is easy to remember but hard to guess.
password alphabet only single case each character has a value of 2^26
upper and lower case 2^52
upper, lower and numbers 2^ 62
throw in special characters and it jumps higher. This is per character in a password.
Sounds like alot but a password cracking program can run several hundred passwords a second.
There are other variables in making a password, but this is a general statement.
Already being used by many educational institutes - specifically higher ed: https://shibboleth.net/
We are being told all the time about back problems in children, caused by the heavy school bags they need to take to and from school each day. The weight of the poor kids bags is well over the recommendations. Now young adults are complaining of back problems, and maybe this is, among other causes, related to the school bags they carried in their time. Tablet PCs are a very practical solution to the weight problem and also a very useful introduction into the future work environment, which will be more and more ruled by informatics. In my opinion it is both healthier and educational for today's children to use Tablet PCs or whatever, but PCs, for their school and home studies, and those who do will have a definite advantage in the search for a job, their education finished. Not to mention the obvious economies made in paper and the trees which are so vital for our atmosphere.
Sent from Puppy Linux, by an Ecig vaper
I want to write a book on bikram yoga lol. All the craziness that went on with them http://bikramyoga1.com/