"that's a heck of a lot safer than a post-it note"
I'm not so sure you're right. I think that post-it notes may be the way to go these days. As much as I loathe making "war on terror" references, one big point illustrated in that whole struggle is that one of the best ways to defeat a high-tech giant is to go uber-low-tech. The NSA's ability to hack into any system on Earth didn't do a bit of good when the enemy didn't use computers. We've forgotten how to be low-tech spies.
I think the analogy here is obvious -- password theives are freaking good today against your average Joe (who, admittedly, is a tech-wise moron... he would type his same password into a hot new web group). One thing they don't do too often, though, is actual footwork. Finding the post-it note requires actually going to your desk and physically stealing your stuff (or just looking at it). For a hacker, this is freaking hard.
I think a handwritten page of passwords kept in a relatively secure location in the average Joe's office would be tons more secure than these lame password rules that companies implement that end up having the problems discussed here.
The biggest advantage is that even tech morons understand how to keep a secret list! Also, if physical documents are compromised by an entreprenurial janitor or officemate, they tend to leave physical evidence. I suspect that cyber-criminals are not very good at covering their actual tracks, CSI-style.
I think the most secure thing companies and organizations could do to fight against the kind of talented amateur hackers that are all too prevalent today is to secure their data as much as possible without computers. Personally, I think it would be sweet-assed to see a return to some Cold War-era steganographic techniques, esp. considering that they are relatively cheap now and give us all the chance to feel a little like James Bond.
What I've suggested makes you less secure against a hypothetical enemy with huge resources, like if you might be investigated by the government, but makes you very powerful against the nameless horde of zombies roaming the internet and snatching everything they can get a hold of. If you keep your most secure codes in the real world, nobody in the matrix can get you. Can you dig it?
So, print out a big-assed page of weekly passwords... if you want to be really secure, type the bitch on a typewriter! You don't have to remember jack, it's easy to list on the paper where you've used each one, and if you do the proper 1990's era password safety that companies are using now, you'll be pretty damn secure.
Slashdot Mirror
I'm not so sure you're right. I think that post-it notes may be the way to go these days. As much as I loathe making "war on terror" references, one big point illustrated in that whole struggle is that one of the best ways to defeat a high-tech giant is to go uber-low-tech. The NSA's ability to hack into any system on Earth didn't do a bit of good when the enemy didn't use computers. We've forgotten how to be low-tech spies.
I think the analogy here is obvious -- password theives are freaking good today against your average Joe (who, admittedly, is a tech-wise moron... he would type his same password into a hot new web group). One thing they don't do too often, though, is actual footwork. Finding the post-it note requires actually going to your desk and physically stealing your stuff (or just looking at it). For a hacker, this is freaking hard.
I think a handwritten page of passwords kept in a relatively secure location in the average Joe's office would be tons more secure than these lame password rules that companies implement that end up having the problems discussed here.
The biggest advantage is that even tech morons understand how to keep a secret list! Also, if physical documents are compromised by an entreprenurial janitor or officemate, they tend to leave physical evidence. I suspect that cyber-criminals are not very good at covering their actual tracks, CSI-style.
I think the most secure thing companies and organizations could do to fight against the kind of talented amateur hackers that are all too prevalent today is to secure their data as much as possible without computers. Personally, I think it would be sweet-assed to see a return to some Cold War-era steganographic techniques, esp. considering that they are relatively cheap now and give us all the chance to feel a little like James Bond.
What I've suggested makes you less secure against a hypothetical enemy with huge resources, like if you might be investigated by the government, but makes you very powerful against the nameless horde of zombies roaming the internet and snatching everything they can get a hold of. If you keep your most secure codes in the real world, nobody in the matrix can get you. Can you dig it?
So, print out a big-assed page of weekly passwords... if you want to be really secure, type the bitch on a typewriter! You don't have to remember jack, it's easy to list on the paper where you've used each one, and if you do the proper 1990's era password safety that companies are using now, you'll be pretty damn secure.