That assumes that you actually change your passwords once a site tells it has been compromised. But even in worst case scenarios the chances are 1:100 compared to single/all passwords stolen.
Overall i would summarize:
- Memorizes passwords >> Stored passwords - Cryptographic Storage >> Written down passwords - Written down passwords >> Identical passwords - Individual passwords >> Generic passwords - Generic passwords >> Identical passwords
With ">>" as "better as". Special cases always applies, but i think those are good rules of thumb.
- Memorize passwords >> Stored passwords - Cryptographic Storage >> Written down passwords - Written down passwords >> Same passwords on multiples sites
1. The attacker got your password at a hacked site.
2. The attacker got your password by being on your PC:
In case 1 he has one password, in case 2 he has all passwords. In both cases the weakness you mentioned is not relevant.
It is a weakness, but a rather small one compared to re-using the same password everywhere.
Also it makes it hard for an attacker to decrypt your stored password. To succeed he has to hack two sites which both store the password in plain text. I think we can ignore that probability;-).
Another headline that may misslead people. Password stealing is not just a banking problem. Attackers may do a lot of damage to a person without needing to extract the money directly.
The most important lessons for passwords are:
1. One password, one service. Do not re-use passwords.
2. Prefer long to complex passwords.
Using a sentence that is important to you and modfy it per service.
E.g. "may the face be with you" for Facebook or "may the search be with you" for Google.
If the service allows such, you are beyond any rainbow table and those passwords are easy to remember and customize per service.
IID predicts for 2013 that criminals will leverage networked healthcare devices to carry out murders. My counter-theory is, that the first murder probably has already occurred; we and the police just didn't notice it. So 2013 may be the year the first murder via Internet device is proven.
I wish the cinemas would finally drop dead. Perhaps then i would get the movies on DVD/Blu-Ray at the release date. I sincerely dislikes cinemas.
Why shell i watch a movie at a fixed times with several (sometimes unpleasent) strangers in a room that cannot compete with my living room in terms of comfiness? To purchase overprices soda? To have a very, very small collections of food stuff to buy? To get the brother of Hulk sitting in front of you and block 20% of the image?
Picture quality and sound at home can compete with 90% of all cinemas and i have enough space for my friends to join.
Nope. Usually that doesn't include dead neighbors;-).
Really, i don't freaking care if he was smoking his mattress, eating seaweed or running 30-day-trials of fancy pills. As long he is not offfering that stuff at the kindergarten, i could not care less. That his behavior may cause problems with law enforcement should not come completely unexpected for him. They are not as understanding as we are....
What i care about is: he had regular altercations with his neighbor about his dogs, first the dogs turn up dead, than the neighbor turns up dead and he flees the country while the police wants to question him (which i would not consider unreasonable).
He was in custody a few months prior to the incident. He was treated as roughly as everybody else there. He wasn't killed, not even close. So the claims that he has to fear for his life from the police are not credible.
I am not to say if he's guilty or not. I am saying that he should face the investigation and the subsequent trial (if it comes to that). If he wishes to escape justice, he has to be arrested (as it is custom everywhere in the world). It is the country he has chosen to live in. So he has to follow the rules there.
You'd lock him up based on some sketchy details you read about online. I think the world would be a much safer place without that kind of gross injustice.
No, i would lock him up for constituting a flight risk while being involved in a murder case. If the things happened in the US as they happened in Belize, don't you think he would be in custody now (or having paid at least so much bail to make his appearance in trial likely). He takes pride in escaping the police of the country he decided to live in.
Lego sold out already decades ago. The horse isn't just out the barn door, it foals already had foals in the wild. They even added weapon grade gendering a year ago: http://friends.lego.com/ï
I was making a fun about the concentration on pure horsepower. Of course horesepower matters (a 0 hp car is surely now fun), but it isn't the most critical thing. Usually you get the best experience by balancing things out. To my experience, Nintendo is good at balancing.
I am a PC gamer by heart, but surely my WII is a hell lot of fun with just a fraction of the horsepower of my PC.
I always thought, playing was about fun and not horsepower. Maybe the incapability to distinguish between those two explains a lot about what happens on the streets;-).
Try to say "I hope you'll dont find the bomb" while being patted down by the TSA. That will get you in handcuffs faster than you can say "free speech".
That's stupid, but neither insulting or offensive.
There ain't such thing as total freedom as long as you share this galaxy with others.
Boundaries are being checked and moved every day.
Currently they are moving the wrong way (in UK and elsewhere). We have to hold against it. But don't live under the assumption, there ever will be no boundaries.
Slashdot Mirror
Less than 1:1000
That assumes that you actually change your passwords once a site tells it has been compromised. But even in worst case scenarios the chances are 1:100 compared to single/all passwords stolen.
Overall i would summarize:
- Memorizes passwords >> Stored passwords
- Cryptographic Storage >> Written down passwords
- Written down passwords >> Identical passwords
- Individual passwords >> Generic passwords
- Generic passwords >> Identical passwords
With ">>" as "better as". Special cases always applies, but i think those are good rules of thumb.
Of course:
- Memorize passwords >> Stored passwords
- Cryptographic Storage >> Written down passwords
- Written down passwords >> Same passwords on multiples sites
With ">>" as "better as".
100% agreement. 60+% of all password policies (of those i see) are bad.
There are two typical cases:
1. The attacker got your password at a hacked site.
2. The attacker got your password by being on your PC:
In case 1 he has one password, in case 2 he has all passwords. In both cases the weakness you mentioned is not relevant.
It is a weakness, but a rather small one compared to re-using the same password everywhere.
Also it makes it hard for an attacker to decrypt your stored password. To succeed he has to hack two sites which both store the password in plain text. I think we can ignore that probability ;-).
When the question is wether to use a single password on multiple sites or writing all the passwords down, i vote for the second option.
Usually such things can be avoided, if the person is taught a password generating algorithm which modifies the password per site.
But writing them down (the safer with tools the better) is a lot better than re-using passwords all the time.
Another headline that may misslead people. Password stealing is not just a banking problem. Attackers may do a lot of damage to a person without needing to extract the money directly.
The most important lessons for passwords are:
1. One password, one service. Do not re-use passwords.
2. Prefer long to complex passwords.
Using a sentence that is important to you and modfy it per service.
E.g. "may the face be with you" for Facebook or "may the search be with you" for Google.
If the service allows such, you are beyond any rainbow table and those passwords are easy to remember and customize per service.
I had the best sucess using Wii Sports Games where she would usually outclass me :-).
The Onion already knew about this back in 2009: http://www.youtube.com/watch?v=rYaZ57Bn4pQ
The brand name McAfee is getting thoroughly trashed. Now all that remains from the purchase is a bloated digital placebo software.
IID predicts for 2013 that criminals will leverage networked healthcare devices to carry out murders. My counter-theory is, that the first murder probably has already occurred; we and the police just didn't notice it. So 2013 may be the year the first murder via Internet device is proven.
During a BKA (German version of the FBI) conference, i made a remark that got me nationwide media attention in 2000: "In the Internet you'll find anything but murder." I wish i could say this with the same conviction today as i did back then (http://www.heise.de/newsticker/meldung/BKA-hat-Muehe-mit-der-Internet-Kriminalitaet-16354.html).
I think those happy days Daniel Suarez envisioned have already arrived.
I don't think so (i would expect them to cost $50). But even if: then it would be my choice.
I wish the cinemas would finally drop dead. Perhaps then i would get the movies on DVD/Blu-Ray at the release date. I sincerely dislikes cinemas.
Why shell i watch a movie at a fixed times with several (sometimes unpleasent) strangers in a room that cannot compete with my living room in terms of comfiness? To purchase overprices soda? To have a very, very small collections of food stuff to buy? To get the brother of Hulk sitting in front of you and block 20% of the image?
Picture quality and sound at home can compete with 90% of all cinemas and i have enough space for my friends to join.
Nope. Usually that doesn't include dead neighbors ;-).
Really, i don't freaking care if he was smoking his mattress, eating seaweed or running 30-day-trials of fancy pills. As long he is not offfering that stuff at the kindergarten, i could not care less. That his behavior may cause problems with law enforcement should not come completely unexpected for him. They are not as understanding as we are....
What i care about is: he had regular altercations with his neighbor about his dogs, first the dogs turn up dead, than the neighbor turns up dead and he flees the country while the police wants to question him (which i would not consider unreasonable).
He was in custody a few months prior to the incident. He was treated as roughly as everybody else there. He wasn't killed, not even close. So the claims that he has to fear for his life from the police are not credible.
Because having someone out there who thinks that the laws don't apply to him is unsafe by my book ;-).
I am not to say if he's guilty or not. I am saying that he should face the investigation and the subsequent trial (if it comes to that). If he wishes to escape justice, he has to be arrested (as it is custom everywhere in the world). It is the country he has chosen to live in. So he has to follow the rules there.
You'd lock him up based on some sketchy details you read about online. I think the world would be a much safer place without that kind of gross injustice.
No, i would lock him up for constituting a flight risk while being involved in a murder case. If the things happened in the US as they happened in Belize, don't you think he would be in custody now (or having paid at least so much bail to make his appearance in trial likely). He takes pride in escaping the police of the country he decided to live in.
He might as well say, "nanna nanna booboo, come and get me!".
Thanks for the hope your giving us ;-).
I have to confess that i am a bit disappointed. My impression is, that the world would be a safer place with him being behind bars.
Lego sold out already decades ago. The horse isn't just out the barn door, it foals already had foals in the wild. They even added weapon grade gendering a year ago: http://friends.lego.com/ï
http://www.python.org/
Also very long python there ....
I was making a fun about the concentration on pure horsepower. Of course horesepower matters (a 0 hp car is surely now fun), but it isn't the most critical thing. Usually you get the best experience by balancing things out. To my experience, Nintendo is good at balancing.
I am a PC gamer by heart, but surely my WII is a hell lot of fun with just a fraction of the horsepower of my PC.
I always thought, playing was about fun and not horsepower. Maybe the incapability to distinguish between those two explains a lot about what happens on the streets ;-).
Same problem happens with closed source software. Some people don't understand the difference between license, support and consulting.
Try to say "I hope you'll dont find the bomb" while being patted down by the TSA. That will get you in handcuffs faster than you can say "free speech".
That's stupid, but neither insulting or offensive.
There ain't such thing as total freedom as long as you share this galaxy with others.
Boundaries are being checked and moved every day.
Currently they are moving the wrong way (in UK and elsewhere). We have to hold against it. But don't live under the assumption, there ever will be no boundaries.
Everywhere in the world you can get investigated, charged and arrested for saying something stupid. The Brits don't have a monopoly on that.