Linked by Howard Fosdick on Sat 10th Nov 2012 07:28 UTC
Bugs & Viruses If you want to ensure you have adequate passwords but don't have the time or interest to study the topic, there's a useful basic article on how to devise strong passwords over at the NY Times. It summarizes key points in 9 simple rules of thumb. Also see the follow-up article for useful reader feedback. Stay safe!
Permalink for comment 541807
To read all comments associated with this story, please click here.
RE: Comment by Luminair
by darknexus on Sat 10th Nov 2012 11:50 UTC in reply to "Comment by Luminair"
darknexus
Member since:
2008-07-15

Passphrases don't work everywhere. Many sites either won't let you have spaces, require you to have numbers, limit you between 8 and 12 characters, disallow certain punctuation marks, etc. In principal I actually agree with you (although I doubt people would pick more secure passphrases than they currently pick passwords now). The other thing we really need is intelligence on the part of people who design service web sites. There is no reason, for example, that a dictionary attack should ever work, ditto for brute force attacks. If someone tries a wrong password more than three times, the account should be locked and the account owner notified at once by all means of contact that they have on file. A temporary block on the IP address initiating said transaction wouldn't be unwise as well. That account will then be absolutely disabled until the account owner can take whatever steps necessary to reactivate it and, in the mean time, good luck hacking into a disabled account with a dictionary. Period. That is as it should be. Sadly, it seems like very few institutions, including banks and other financial sites, don't implement such basic security for the sake of convenience. I would think that the potential inconvenience of a three-strike password would outweigh the inconvenience if, let's say, your bank account gets hacked and someone takes all your cash. No, it won't protect against key logger trojans and other, more sophisticated forms of attack but, if you've got a key logger on your machine, no amount of strong passwording is going to help you anyway.
Security is a two-way street. Intelligence on the part of the end-user, and intelligence on the part of the system designer. Both, sadly, are lacking right now. Password safety is not rocket science, and that applies to both parties.

Reply Parent Score: 5