|What you don't know about security could sink your company....
||[Jul. 21st, 2013|11:57 am]
Achievement unlocked boneheads, your random character/case/number password requirements are so strict that my password is now on a post-it note on the side of my monitor. I hope none of you design bridges too.
Add me: [LiveJournal] [Facebook] [Twitter] [Google+] [Tumblr]
I hate passwords. Here is xkcd on the subjet:https://xkcd.com/936/
This would make things so much simpler.
|From: dd_b — |
2013-07-21 06:28 pm (UTC)
I use this
. Most of my passwords are 20-character random strings that I've never set eyes on, and they're all different.
+1. Since even getting the password hash can be good enough to compromise an account if you use the same password everywhere, I just store it all in Keepass, which I then secure with an XKCD-style passphrase, above. This means that the passwords I need to remember are:
1. Work login
2. Work keepass and ssh key unlock (same password)
3. Home hard drive decryption (so the box boots)
4. Home computer login (same on all home machines)
5. Home keepass and ssh key unlock (same password)
That's about the limit of my stack. Everything else is a different, random password which I don't know.
I also don't use known answers to the "security questions". I come up with something random and put it in the keepass notes section so I have a record of it.
+1. Learn one good passphrase (eg. via http://correcthorsebatterystaple.net
) and use that on your password safe. No more post-it notes :)
If you're on a mac, 1password is popular too and has browser plugins for added convenience.
|From: dd_b — |
2013-07-22 05:01 pm (UTC)
I ended up with KeePass, some years ago, because it ran on Linux, Windows, and Android, which matched my needs. Still does, pretty much. But there are in fact many such products available.
I actually started out with "Password Safe" from Counterpane Systems, but moved on when I started needing support on more OSes.
KeePass is free and open source, and there are contributed builds or versions for IOS, Android, OS-X, etc.
KeePass even supports multi-factor authentication, like a file plus a password being needed to get into the database.
I actually keep the encrypted database in Dropbox, and access it from multiple desktops plus my smartphone.
Yeah I use keepass myself. Mac client desperately needs an update though, stuck on an app that only opens the old format db and only opens one at a time.
I use a trick that a friend taught me--a sentence that easy to remember, and then use whatever character of the string I choose (plus appropriate number/punctuation character subs). Comes up with some screwy weird stuff that is pretty easy to remember for me, but not something that would be easy to crack.
There's a growing school of thought that it's not a bad thing to write passwords down. The chances of someone breaking into your house and finding that odd bit of paper are actually much less than the chances of being hacked online.
Some words on the subject here
And lots more words
on why passwords often aren't all that safe anyway.
I write all my passwords down. It's a very secure system....because for the life of me I can't remember where I put the bit of paper...
This actually happened to me when I worked at a Very Famous Internet Company in the '80's. Passwords had to be 10-character random alpha-numeric and they changed them every day "for security". A guy would come around with your password for the day and you would write it down and put it on a post-it on the side of your monitor.
Bruce Schneier (the Chuck Norris of computer security) suggested writing your passwords down, but keeping that piece of paper in your wallet - along with your driver's license, cash-card, and other things that you're likely to defend pretty vigorously.
I think it's pretty sound advice, if an app-based solution isn't feasible.
|From: dd_b — |
2013-07-22 05:03 pm (UTC)
Yeah, except my wallet isn't thick enough to hold it all. Well, maybe if I wrote a lot of passwords on the same sheet of paper. Then you have to be careful to not lose them as the folds wear.
Then again, it provides kind of an automatic aging out of passwords :-).
My handwriting is pretty fine, and I've learned to avoid the creases :)
although then if someones steals your wallet, they have your paypal password too.....
There is that catch.
Both Bruce and I live and work in relatively low-crime areas (I've never felt the need to carry a decoy wallet) so it's a reasonable bet for us.