?

Log in

No account? Create an account

Why passwords are important - Life is strange...

Mar. 29th, 2007

09:46 am - Why passwords are important

Previous Entry Share Next Entry

Hi!

For the security-conscious among you, this is likely old hat (and not a talking one, either). For the rest of you, please read on.

This lovely article was recently passed to me by a co-worker under the title "Why IT wants us to have good passwords." It is a blog that explains how weak passwords can be hacked, how weak or nonexistent protection / encryption schemes for passwords do not serve us, and how the author could hack his way into our bank accounts and confidential information if he so desired.

Summary (from the blog entry):

What I do personally is put access to various things (and thus the credentials associated with those things) into these criticality classes:

The passwords for each of the criticality classes must be quite distinct. Here are the rules I recommend:

In general, all passwords should be at least seven characters long, none should be dictionary words (in any language), all should include both letter and number characters, and all should be personally memorable, while not being based on birth-dates, SSNs, pet or significant-other names, and none should have to be written down. Paradoxically, the activities that have the highest criticality are those for which you want to use the most obscured passwords, and so those are the ones you are most likely to write down. Please don't succumb to this temptation.

Cheers! generalist

Tags:
Current Mood: worriedworried

Comments:

[User Picture]
From:hennepin
Date:March 29th, 2007 05:26 pm (UTC)
(Link)
Oh dear. I've long suspected that all my passwords were inadequate, but I've been procrastinating and making excuses for so long that I haven't done anything about it.

The not writing down the difficult to remember ones seems like a difficult rule to follow... but necessary, I know. And I tend to remember words and not numbers, so there's another difficult rule. Sheesh.
(Reply) (Thread)
[User Picture]
From:ironkite
Date:March 29th, 2007 07:57 pm (UTC)
(Link)
I had a friend who was working on biometrics for credit cards. I've passed this onto a few people. Thanks!
(Reply) (Thread)
[User Picture]
From:generalist
Date:April 3rd, 2007 03:59 pm (UTC)
(Link)
Glad to be helpful. I made this one 'Public', so that's what it's meant to be.
(Reply) (Parent) (Thread)
[User Picture]
From:gomijacogeo
Date:March 30th, 2007 01:09 am (UTC)
(Link)
I've given up. I have very strong passwords now, but keep them in a (password-protected) file. I simply have too many to remember (work shell, work Windows, work POP, work HR, bank, 401K, utilities, autopay, Amazon, LJ, ....). Way too many of them have some subset of IDing information, so I don't want to share passwds any more.

To generate a password, I take a block from /dev/random, use base64 to turn it into ASCII, then take a sizeable chunk.

I get passwords like: PpulNRc8XJEO and W0MinOTtX

Of course, if I lose that file, I'd be sunk. Maybe I should print it out...
(Reply) (Thread)