Comments on: Choose a good password http://richardkmiller.com/249/choose-a-good-password Fri, 05 Mar 2010 18:03:18 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Rickety http://richardkmiller.com/249/choose-a-good-password/comment-page-1#comment-76465 Rickety Tue, 15 May 2007 09:33:01 +0000 http://www.richardkmiller.com/blog/archives/2007/05/choose-a-good-password#comment-76465 I just ordered one, I'll try the experiment. I just ordered one, I’ll try the experiment. ]]> By: Richard K Miller http://richardkmiller.com/249/choose-a-good-password/comment-page-1#comment-76361 Richard K Miller Tue, 15 May 2007 06:10:43 +0000 http://www.richardkmiller.com/blog/archives/2007/05/choose-a-good-password#comment-76361 Rickety, I don't know specifics about the PayPal security key but I know a lot of corporate networks use a physical token as part of their security, in addition to passwords. Sounds like an experiment worth trying. Rickety, I don’t know specifics about the PayPal security key but I know a lot of corporate networks use a physical token as part of their security, in addition to passwords. Sounds like an experiment worth trying. ]]> By: Richard K Miller http://richardkmiller.com/249/choose-a-good-password/comment-page-1#comment-75951 Richard K Miller Mon, 14 May 2007 13:12:55 +0000 http://www.richardkmiller.com/blog/archives/2007/05/choose-a-good-password#comment-75951 Brian, good article. Tara, a password manager doesn't seem like a bad idea, but the password used to lock the manager has to be particularly safe to protect all the other passwords. One must also trust your service to be secure. Brian, good article.

Tara, a password manager doesn’t seem like a bad idea, but the password used to lock the manager has to be particularly safe to protect all the other passwords. One must also trust your service to be secure.

]]> By: Tara (PassPack) http://richardkmiller.com/249/choose-a-good-password/comment-page-1#comment-74718 Tara (PassPack) Sat, 12 May 2007 07:03:54 +0000 http://www.richardkmiller.com/blog/archives/2007/05/choose-a-good-password#comment-74718 I can't help but notice that you forgot to mention the golden rule in this article: Choose - and USE - a Password Manager. That should be the zeroth law (Asimov fans eat your heart out). By getting your passwords safely stored and organized, you can make them as ludicrously long, complicated and senseless as need be, without having to commit them to memory. If you've never use a password manager before, here are the steps to follow to get set up, and get all your weak passwords changed into strong ones: http://passpack.wordpress.com/passpack-getting-started/ Then you're done, all you'll need to do is look them up when you need them. PassPack is an online service so you'll have access 24/7 via internet. Yes, it's secure - not even PassPack itself can read your passwords. It uses a techniques that leverages your browsers number crunching ability. Here's more info: http://passpack.wordpress.com/2006/12/14/password-security-packing-keys/ Cheers, Tara PassPack Founding Partner I can’t help but notice that you forgot to mention the golden rule in this article:

Choose – and USE – a Password Manager.

That should be the zeroth law (Asimov fans eat your heart out).

By getting your passwords safely stored and organized, you can make them as ludicrously long, complicated and senseless as need be, without having to commit them to memory.

If you’ve never use a password manager before, here are the steps to follow to get set up, and get all your weak passwords changed into strong ones:
http://passpack.wordpress.com/passpack-getting-started/

Then you’re done, all you’ll need to do is look them up when you need them.

PassPack is an online service so you’ll have access 24/7 via internet. Yes, it’s secure – not even PassPack itself can read your passwords. It uses a techniques that leverages your browsers number crunching ability. Here’s more info:
http://passpack.wordpress.com/2006/12/14/password-security-packing-keys/

Cheers,
Tara
PassPack Founding Partner

]]> By: Rickety http://richardkmiller.com/249/choose-a-good-password/comment-page-1#comment-74256 Rickety Fri, 11 May 2007 16:38:00 +0000 http://www.richardkmiller.com/blog/archives/2007/05/choose-a-good-password#comment-74256 What is your opinion on online protection schemes like PayPal's Security Key? What is your opinion on online protection schemes like PayPal’s Security Key? ]]> By: Hans http://richardkmiller.com/249/choose-a-good-password/comment-page-1#comment-74253 Hans Fri, 11 May 2007 16:20:37 +0000 http://www.richardkmiller.com/blog/archives/2007/05/choose-a-good-password#comment-74253 The point of having capital and non-alpha characters is that the search space is bigger. But when 45% of numeric are the number 1, and ! is far and away the most-used special character, what you're getting instead is a LESS SECURE password. Congratulations, you just traded your 26 letter search space (for that digit) for 2 or 3 characters that account for 95% of the special/numeric characters used. But by far the biggest enemy to secure passwords are these brain damaged policies that require you to change it every 3 months. I just don't have the human RAM to store a new set of 10 passwords every month, and coming up with a secure password isn't an on-the-spot pastime, so I am forced to use fewer and less secure passwords. Brilliant. The point of having capital and non-alpha characters is that the search space is bigger. But when 45% of numeric are the number 1, and ! is far and away the most-used special character, what you’re getting instead is a LESS SECURE password. Congratulations, you just traded your 26 letter search space (for that digit) for 2 or 3 characters that account for 95% of the special/numeric characters used.

But by far the biggest enemy to secure passwords are these brain damaged policies that require you to change it every 3 months. I just don’t have the human RAM to store a new set of 10 passwords every month, and coming up with a secure password isn’t an on-the-spot pastime, so I am forced to use fewer and less secure passwords. Brilliant.

]]> By: David http://richardkmiller.com/249/choose-a-good-password/comment-page-1#comment-74241 David Fri, 11 May 2007 15:38:51 +0000 http://www.richardkmiller.com/blog/archives/2007/05/choose-a-good-password#comment-74241 I hate passwords. I hate passwords. ]]> By: Brian Stucki http://richardkmiller.com/249/choose-a-good-password/comment-page-1#comment-74222 Brian Stucki Fri, 11 May 2007 14:38:35 +0000 http://www.richardkmiller.com/blog/archives/2007/05/choose-a-good-password#comment-74222 I read an article recently titled "How'd I'd Hack Your Weak Password" and decided it was time to do refresh of passwords. I went to my five most sensitive accounts (bank, email, credit card, etc) and changed all the passwords. I think that is a good suggestion about the length. The way that the Mac Keychain does such a good job keeping your passwords organized, it makes sense to just make them super long since you don't have to type them each time. Here is a link to that article. It gives 10 guesses to break most passwords. http://onemansblog.com/2007/03/26/how-id-hack-your-weak-passwords/ I read an article recently titled “How’d I’d Hack Your Weak Password” and decided it was time to do refresh of passwords. I went to my five most sensitive accounts (bank, email, credit card, etc) and changed all the passwords.

I think that is a good suggestion about the length. The way that the Mac Keychain does such a good job keeping your passwords organized, it makes sense to just make them super long since you don’t have to type them each time.

Here is a link to that article. It gives 10 guesses to break most passwords.
http://onemansblog.com/2007/03/26/how-id-hack-your-weak-passwords/ ]]>