LinkBack URL
About LinkBacksI carry physical tokens for some of the computers I use. They are cards with chips like debit cards, that require both the physical presence of the card in the card reader, along with a password to access. I would not use this for a personal system!
I carry physical tokens for some of the computers I use. They are cards with chips like debit cards, that require both the physical presence of the card in the card reader, along with a password to access. I would not use this for a personal system!
Indeed. I have a little plastic fob with an encryption key that, in combination with a password, grants access. Neither is sufficient by itself.Originally Posted by TeePee
Nothing wrong with dictionary words, even sticking to the 3000 most common words gives acceptable levels of entropy with just 5 words (~10^17) and is much easier to remember. You'd need 9 alphanumeric characters to equal the entropy (assuming 72 possible states, for lowercase, uppercase, 10 digits and 10 common punctuation symbols), and that's 9 entities to remember vs 5Passwords are secure enough when used appropriately. If you're using a randomized 8-10 digit or longer password that contains no dictionary words or names, you're pretty much set. Find something that's easy for *you* to remember and there's absolutely no problem with passwords.
The idiots who use 'password' and '12345678' deserve, 100% deserve, to be hacked. End of sentence. End of story. Period.
What's sad, is that I used to work for a medical group in Southern California with about 17 doctors. Not quite half of them insisted upon threat of cancellation of our IT contract that they continue to be allowed to use their passwords like 'Password' and 'Password123', and that we not inconvenience the doctors or MAs or RNs with needing to remember a complicated password. We tried to convince them for over 10 years to be more secure.
Yep. Some of your medical records are being secured somewhere in the world with the password 'Password' or 'Password123'.
It might stop the brute force hacks but what about when someone manages to steal the biometric data from a compromised app or website then 3D prints it onto a plastic thumb? At least you can change your password...
I get a bit annoyed by companies implying users are always at fault with regards to data loss.
I've only ever had any breaches of my data thanks to companies being slack.
With regards personal responsibility, nowadays you're probably safer writing down very complicated passwords and keeping them safe in your house - less likely to be burgled than having an easy password worked out.
Grab that. Get that. Check it out. Bring that here. Grab anything useful. Take anything good.
Well done if you can remember a different random 10 character string for every site and mailbox and app you use that needs one - unless you use a password manager when the compromise of one password compromises the lot! Passwords like that tend to get written down.
As was posted recently, a dictionary word still gives a high level of entropy. Combine two or three to form a phrase, joined by some non alphanumeric character and you have a reasonably secure set up. The real protection to weaker passwords is a lockout system that locks the user out for a set period of time after (say) three unsuccessful attempts.
(\__/)
(='.'=)
(")_(")
Been helped or just 'Like' a post? Use the Thanks button!
My broadband speed - 750 Meganibbles/minute
Or in the case of the company I work for, someone decided that our handhelds that hold customer data should be secured with "1234".a large number of users still regularly use passwords such as 'password' or '12345' to secure their access/data
It's fine blaming users and everything, but when the companies can be the issue with sloppy processes in place? Anyway, I'm happy with my passwords that are all completely and utterly random and recovery of them should I forget is protected by 2FA.
Microsoft isn't getting my biometric data, even if stored locally, I simply don't trust them with it.
They are not removing passwords but adding bio-metric functions into the OS instead of users buying a separate piece of software to do it.
Just toss in another dictionary word. Counting on my keyboard, there's about 34 difference punctuation characters easily available. Factor in that, for a password with 5 words & a punctuation character, there's 6 possible permutations for the order (doesn't matter what order the words are in, since they're unknown to the brute force attempt), and you've gained a factor of 204 increase in entropy. Add in another word, OTOH, and even limited to the 3000 most common words (and most adults know >20,000!) you've added a factor of 3000 to the entropy (>14 times better!).
Dictionary words, all lowercase. Strongest password there is that can still be remembered.
peterb (29-12-2017)
Although the idea of not using and having to remember passwords is appealing, I'm not sold on the tech yet. I'll wait and see what comes next.
If you want good password, just get a sentence, and put first letter for every word. Like iywgp,jgas,apflfew frome previous. Easy do remember, and be like random, so very strong if have more that few character. Adding a big letter and numbers easily.
'12345'? That's amazing! I have the same combination on my luggage!
As for it being time to kill the password, it's clear to me that technology is not yet at a point for it to be reliably feasible. Even if it was, I'd most likely prefer to stay with the password route due to the sensitivity of biometric data as Saracen said.
Add to that when the ones you are trying to make an account with won't accept your long password then, their reason in my mind is moot, has happened to several places i tried to make an account. Best one was the bankWell done if you can remember a different random 10 character string for every site and mailbox and app you use that needs one - unless you use a password manager when the compromise of one password compromises the lot! Passwords like that tend to get written down.
As was posted recently, a dictionary word still gives a high level of entropy. Combine two or three to form a phrase, joined by some non alphanumeric character and you have a reasonably secure set up. The real protection to weaker passwords is a lockout system that locks the user out for a set period of time after (say) three unsuccessful attempts.
If I start having to do Biometrics I'll stop with the internet.
This ^ with bells and whistles and big FO klaxon and neon flashing lights. Biometric data cannot be changed but can be hacked. Plus I don't want generic websites getting any of my biometric information - I'll stick with passwords thanks, and so should we all. It's a crack-pot idea to do this, and so open to big-brother exploitation. MS gets everyone's face and other info... then sets up cameras in public places to recognise you and advertise, track, monitor etc etc. NO THANK YOU. (and I don't think that's being fanciful, iirc FB already have publicly admitted they are working on targetted public-space advertising in a similar way)
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote
