tag:blogger.com,1999:blog-6322916946732811685.post1672866318854395578..comments2024-03-28T04:52:18.318-04:00Comments on Borepatch: How strong is your password?Borepatchhttp://www.blogger.com/profile/05029434172945099693noreply@blogger.comBlogger10125tag:blogger.com,1999:blog-6322916946732811685.post-30120840162908521632017-08-31T11:53:37.135-04:002017-08-31T11:53:37.135-04:00What? It's a STRONG password. 15 characters,...What? It's a STRONG password. 15 characters, upper and lower, number, and special characters.New Jovian Thunderbolthttps://www.blogger.com/profile/09452246769246304612noreply@blogger.comtag:blogger.com,1999:blog-6322916946732811685.post-4566934824713326242017-08-31T09:59:28.572-04:002017-08-31T09:59:28.572-04:00T-Bolt, that's slightly terrifying. ;-)
Rich...T-Bolt, that's slightly terrifying. ;-)<br /><br />Richard, the problem with Target and Anthem was not that the bad guys got passwords, but rather got credit card numbers. We don't have control over that, but we do have control over our accounts. No need to make it easier than it is.Borepatchhttps://www.blogger.com/profile/05029434172945099693noreply@blogger.comtag:blogger.com,1999:blog-6322916946732811685.post-82152313441254966092017-08-31T08:06:29.769-04:002017-08-31T08:06:29.769-04:00Do passwords really matter? Why bother cracking i...Do passwords really matter? Why bother cracking into an individual account when you can hack Target or Anthem and get millions. I can see them for a system administrator but for a private account? Plus a lot of things that need passwords are things that I don't really care who knows like my medical records. I do care about anything connected to banking but the vulnerability seems to be on the other end. Increasingly, the whole thing seems like security theater. Richardhttps://www.blogger.com/profile/13416410052064018322noreply@blogger.comtag:blogger.com,1999:blog-6322916946732811685.post-70717970370059046142017-08-31T08:04:45.287-04:002017-08-31T08:04:45.287-04:00My password is: I<3Borepatch69!
Been that wa...My password is: I<3Borepatch69! <br /><br />Been that way for years. I'll never forget that one.New Jovian Thunderbolthttps://www.blogger.com/profile/09452246769246304612noreply@blogger.comtag:blogger.com,1999:blog-6322916946732811685.post-1981569224855507002017-08-31T06:31:31.810-04:002017-08-31T06:31:31.810-04:00Gibson Research has several tools to check on and ...Gibson Research has several tools to check on and help you with security issues. https://www.grc.com/default.htmChrishttps://www.blogger.com/profile/08015544320906146949noreply@blogger.comtag:blogger.com,1999:blog-6322916946732811685.post-22845008926652768502017-08-30T19:25:45.870-04:002017-08-30T19:25:45.870-04:00Oh gawd. I'm old. I can't remember thing...Oh gawd. I'm old. I can't remember things. And this system and that system want me to change passwords every whip-stitch? I've been reduced to things like I*Hate*Passwords. Except then I had to change that one and I can't remember what I changed it to.ProudHillbillyhttps://www.blogger.com/profile/14305205710265854978noreply@blogger.comtag:blogger.com,1999:blog-6322916946732811685.post-4759235824796593232017-08-30T18:31:44.526-04:002017-08-30T18:31:44.526-04:00Use pass *phrases*: several words strung together ...Use pass *phrases*: several words strung together that have no meaning except for being able to remember, replace vowels with numbers, insert upper case characters at strange locations, and embed special characters.<br /><br />Almost completely unguessable, passes all kinds of dictionary checks, and very VERY long (mine are always at least 18 characters long).<br /><br />A phrase with random extra characters works really well too.<br /><br />LastPass is a good tool... but remember to change your master password regularly and to keep a local copy of your database, just in case. I print mine out, stick it in a file folder, and delete/scrub the file from the system.<br />Eaglehttps://www.blogger.com/profile/14471264704254326723noreply@blogger.comtag:blogger.com,1999:blog-6322916946732811685.post-63439548814732895602017-08-30T17:28:50.660-04:002017-08-30T17:28:50.660-04:00Use linux. Run 'pwgen 16'. Open up your ...Use linux. Run 'pwgen 16'. Open up your favorite editor, and type the characters given from the pwgen command repeatedly until you can do it from muscle memory. Wait a few hours and type the characters again until you are certain you have the muscle memory down. Change your password. I do this every ~6 months. For higher-security uses I join a few of the 16-character passwords I've memorized over the last few years into 24 or 32-character passwords. Bonus: Helps keep your memory fresh and elastic. ;) (My GPG passphrase is about 80 characters of random garbage long)Aaron C. de Bruynhttps://www.blogger.com/profile/04898305272010592221noreply@blogger.comtag:blogger.com,1999:blog-6322916946732811685.post-25691979509540376842017-08-30T16:34:15.035-04:002017-08-30T16:34:15.035-04:00I use an app that is a password wallet. It's c...I use an app that is a password wallet. It's called LastPass. The only password you need to remember is the master. The passwords are stored as an encrypted file on the cloud, and shareable between all of your devices. This enables me to generate a long random password for each website. I am using 15-20 characters. <br /><br />There are 2 obvious (to me) weak points: Your master password, and the strength of the encrypted file. I am not sure about the second. What is your opinion? <br />Divemedichttps://www.blogger.com/profile/14583007051962299381noreply@blogger.comtag:blogger.com,1999:blog-6322916946732811685.post-57462082561937514002017-08-30T15:23:47.185-04:002017-08-30T15:23:47.185-04:00Preaching to the choir! I'm also of the opini...Preaching to the choir! I'm also of the opinion that having policies like password changes every 90 days do more harm than good.<br /><br />I also think that too many companies enforce high complexity requirements, while still allowing relatively short passwords (like 6-8 characters).<br /><br />I would much rather see policies requiring passwords of 15 characters or more but ease up on some of the complexity requirements.Matt Whttps://www.blogger.com/profile/17100543194533034378noreply@blogger.com