atlaz on "Man who wrote password guidelines says he got it all wrong...."
I've done password reset requests on websites before now and been sent an email containing my password. This shouldn't be possible - it means that they're storing your password completely...
View Articlepoly on "Man who wrote password guidelines says he got it all wrong...."
Deadkenny - how do you know how good the tools that show how hackable a password is? E.g. One site I use says my 18 character password made up from words in a Horse Staple etc style, is WEAK (their...
View Articleatlaz on "Man who wrote password guidelines says he got it all wrong...."
"The result is that people create odd-looking passwords and then have to write them down, which is of course less secure than something you can memorize"Balls.Of course it is, but 90% of password...
View Articledeadkenny on "Man who wrote password guidelines says he got it all wrong...."
Written down can of course be (in a secure way) online, but that's a single point of vulnerability, but store it in a way custom and only known to you and it's not an obvious target. Unlike password...
View ArticleFuzzyWuzzy on "Man who wrote password guidelines says he got it all wrong...."
One of our rules specifies 25+ char randomised passwords for admin accounts (in certain 'special' environments) and although we use password DBs copy and paste is also disabled in these environments as...
View Articleatlaz on "Man who wrote password guidelines says he got it all wrong...."
Interestingly NIST are also saying SMS for two-factor auth is also out.SMS is a funny one. In theory, like email, it's insecure. In practice, short of a targeted attack it's safe. I assume nobody wants...
View ArticleClik here to view.
DezB on "Man who wrote password guidelines says he got it all wrong...."
I usually print off a little pic and leave it with my laptop to remind me of my new password when I change it. After a day or 2 they become automatic. This was the last password reminder pic Pic left...
View ArticleGrahamS on "Man who wrote password guidelines says he got it all wrong...."
Gizzard, Lizard, Wizard?
View ArticleDezB on "Man who wrote password guidelines says he got it all wrong...."
.. or maybe a combination of those. We have some bizarre policies in place here. It's a right pain when you have to change them.
View Articlemaxtorque on "Man who wrote password guidelines says he got it all wrong...."
I think they've messed up there security analysis tbh.The reason "HORSE" is less secure than "HOR5E" is because you can complete the rest of the word from the starting few letters, because the words...
View ArticleClik here to view.
zilog6128 on "Man who wrote password guidelines says he got it all wrong...."
The most likely attacker on a singlular basis is going to be someone you know,you mean like a friend of family member with e.g. money worries?Writing passwords down on a piece of paper kept in your...
View ArticleDezB on "Man who wrote password guidelines says he got it all wrong...."
Is it mingebiscuit?No, but they're good live.
View ArticleCougar on "Man who wrote password guidelines says he got it all wrong...."
The reason "HORSE" is less secure than "HOR5E" is because you can complete the rest of the word from the starting few letters, because the words architecture is set by the English language...
View ArticleDrac on "Man who wrote password guidelines says he got it all wrong...."
Pffff! You can decrypt MD5 online no need for a PC.
View ArticleGrahamS on "Man who wrote password guidelines says he got it all wrong...."
maxtorque: I think at least some of the analysis is also based on how hard it is to get to your password if a hacker gets hold of the hashed/encrypted version of it.In the good ol days of NT passwords...
View ArticleCougar on "Man who wrote password guidelines says he got it all wrong...."
Pffff! You can decrypt MD5 online no need for a PC.You can decrypt many MD5 hashes simply by Googling the hash.In the good ol days of NT passwords that Cougar mentioned you'd have L0phtCrack banging...
View Articlemechanicaldope on "Man who wrote password guidelines says he got it all...
Looking forward to Pissgibbon getting so popular my very corporate employer is forced to add it to the list of easily guessed passwords we aren't ment to use.
View ArticleCougar on "Man who wrote password guidelines says he got it all wrong...."
I wasn't sure whether to post this here or on the "women in tech" thread, but this seems to be a little less "men are good with computers because they have a penis." So, in the context of your password...
View ArticleClik here to view.
GrahamS on "Man who wrote password guidelines says he got it all wrong...."
Like that Cougar. Cheating Watching her tweet feed and still she got in. I've visited plenty of similar client sites: biometric fingerprint scanners and RFID tags? Just wait for someone to hold the...
View Article