Linked by Howard Fosdick on Sat 10th Nov 2012 07:28 UTC
Bugs & Viruses If you want to ensure you have adequate passwords but don't have the time or interest to study the topic, there's a useful basic article on how to devise strong passwords over at the NY Times. It summarizes key points in 9 simple rules of thumb. Also see the follow-up article for useful reader feedback. Stay safe!
Permalink for comment 541822
To read all comments associated with this story, please click here.
Some tips of mine
by Lennie on Sat 10th Nov 2012 13:40 UTC
Lennie
Member since:
2007-09-22

First tip: it is already mentioned in the article, but needs repeating: don't reuse passwords.

Second tip: use a password that can't be guessed. Which is getting harder every day: Ars Technica: Why passwords have never been weaker - and crackers have never been stronger:

http://arstechnica.com/security/2012/08/passwords-under-assault/

Third tip: use a password-generator and -manager to handle your passwords.

Fourth tip: there are "single sign in" / "federated login" solutions:

- https://browserid.org/ (Mozilla project for "verified email address", only do email verification ones)

- http://openid.net/ and http://oauth.net/ Some examples: Google-, Yahoo-, Hotmail-account, Twitter- and yes even Facebook connect is based on oAuth. At least Google and probably others also have 2 factor authentication.

- http://en.wikipedia.org/wiki/SAML_2.0 (the solution certain enterprises use)

HTTP/2.0 might get builtin support for "federated login" as well.

There is a tradeoff in using one account of course, but many normal users just don't want to deal with password managers and prefer to use one password.

Edited 2012-11-10 13:43 UTC

Reply Score: 3