Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Best Way To Protect Real Passwords: Create Fake Ones

Posted by samzenpus on from the that-was-my-fake-wallet dept.

jfruh writes: Many security-savvy users have a password manager that stores their randomly-generated passwords — but if that manager is cracked, the gig is up. Some security researchers are suggesting a technique to stop this: a password manager that offers up fake passwords when an attacker tries and fails to crack it, which makes the process of figuring out if you've broken in much more difficult.

9 of 152 comments (clear)

  1. Re:Difficult? by Anonymous Coward · · Score: 5, Funny

    No, this will solve the problem once and for all.

  2. They're missing the opportunity... by Parker+Lewis · · Score: 5, Funny

    We need a password managers manager!

  3. Recurse by Chrisq · · Score: 4, Funny

    We need a password managers manager!

    ... It's password managers all the way down.

  4. Re:Difficult? by jd2112 · · Score: 4, Funny

    My passwords are on a post-it note stuck to my monitor.
    Let's see them crack THAT!

    --
    Any insufficiently advanced magic is indistinguishable from technology.
  5. I use SSH keys everywhere. by Anonymous Coward · · Score: 2, Funny

    I've always heard that SSH keys are better than passwords. So I use them even with websites that don't use SSH.

    Here's what I do:

    1) I generate a new keypair using ssh-keygen.
    2) I put the public key in my GitHub repo, because the public key is meant to be shared.
    3) I use the private key as the password when I sign up for a new account on a web site. I copy and paste it into the password input since it's too big for me to type in.
    4) When I have to log in to the web site I copy and paste the private key into the password input since it's too big for me to type in.
    5) I live my life knowing that I'm using the most secure password possible: an unbreakable SSH key.

  6. Re:Difficult? by Instantlemming · · Score: 5, Funny

    Yeah, ask TV5 how that works...

  7. Re:Difficult? by GameboyRMH · · Score: 2, Funny

    Oh, the fools! If only they'd built it with 2 layers of password spoofing! When will they learn!?!?

    --
    "When information is power, privacy is freedom" - Jah-Wren Ryel
  8. Re:Difficult? by Paradise+Pete · · Score: 5, Funny

    My passwords are on a post-it note stuck to my monitor.

    Me too. But I've instructed my secretary to generate a fake set of post-it notes if someone comes into the office pretending to be me.

  9. Re:Difficult? by Zalbik · · Score: 4, Funny

    I have fake passwords on a post-it note stuck to my monitor.

    My REAL passwords are on a post-it note stuck to the bottom of my keyboard.

    You fools with your single layer of misdirection, thinking it will keep you safe!