Posted on 12/05/2017 9:28:59 AM PST by Gennie
In part I of “The Password Pandemic”, I advised (in the same vein as NIST SP 800-63b) the use of passphrases, instead of passwords. This is because hackers have built massive databases of stolen passwords and tables full of password “hashes” (known as rainbow tables.) Also, those of us in the InfoSec community know that when we force the use of complicated passwords on people, they will write them on Post IT notes under their keyboards. I have even seen this happen in very high security environments — this is bad.
(Excerpt) Read more at strongholdcybersecurity.com ...
Select a short sentence from an obscure book you know.
Thanks for posting this. It will make updating my passwords easier.
Or mash some song titles together.
Don’t use “Awesome Passprhase”
Either way. There are some programs you can download that generate passwords; string two of them together.
> Select a short sentence from an obscure book you know. <
I use WhatHappenedByCrybabyHillary
Oops. Maybe I shouldn’t have posted that.
Fine, as long as I DON’T HAVE TO CHANGE THE DAMNED thing all the time.
InfoSec types should be reminded that computers are supposed to be used by people, and people just aren’t going to change some long passphrase every few weeks or months. I swear that some of my fellow IT folks wouldn’t be happy unless they yanked the hard drives out of all computers, shot them repeatedly with a .50 Barrett, encased them in lead and sank them in the Marinas trench, after physically cutting all the cables connecting the computer to either power or network.
Still, you should spell one word in the sentence “rong”
Our IT geeks make us change passwords several times a year.
Between Amazon, Netflix, Hulu, Home Depot, Lowes and 30 other places, I must have several hundred passwords.
And they all have different rules. No consecutive letters, no consecutive numbers, at least 1 capital letter, at least 1 lower case letter, numbers and punctuation, but only their allowed punctuation and sometimes no special characters allowed.
I long for the days of just 1234.
I switched to using LastPass - an app/web browser plugin which will store all your passwords in the cloud (kinda risky) but also generate random passwords for you and auto fill them.
Combined with work I was having to keep up with over several dozen passwords. We’re talking websites requiring real security (credit cards, banks, online accounts, etc) and I just couldn’t keep up anymore. Especially with my work accounts requiring changing every 4 months.
Password managers are becoming a necessity.
Worked like a charm!
One of my college professors used “secret” as his password.
I take my “retired” hard drives apart, and save the fastening hardware and anything else useful. Aluminum spacer rings, for example.
Back in the day my password was itsme.
Also the use of asterisks in place of being able to see what you typed- I mean it makes (some) sense in an environment where someone else might see it, but NONE if the screen is in my room or office; it should be able to be turned off.
I spent the last 10 years of my military career, part of it in a SIPR/JWICS environment, complaining that the IT folks were making us so secure that we couldn’t do our jobs.
Colonel, USAFR (ret)
This is what arcane and difficult password rules result in. Less security but the illusion of more. IT departments, take not.
Misspell Hillary as Hilldebeeste. Thant should do it.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.