On Apr 26, 2011, at 1:34 PM, Tina K. wrote:

> It doesn't have to be complex. Using a random generator such as RPG and
> an *encrypted* password repository such as Pastor, PasswordWallet,
> Keychain Access, 1Password, etc… provides good security without having
> to resort to memorizing or writing them down.

Sigh. Never EVER EVER rely on a single encrypted source to remember important 
stuff like passwords. A plain text (as in written on a piece of paper!) backup, 
locked securely away is important. What if something happens to the encrypted 
file? You're SOL. (and that goes 10X higher if you're a compamny and it was the 
root password for the 'Accounts Receivable' DB.)

"Hey look! 8-) it's sn0w1ng Macintoshes outside!" is AS SECURE as anything RPG 
will generate, because while it's true that a truly random password string is 
more secure against cracking, the passphrase chosen is secure enough. And more 
importantly, I NEVER need to write it down....

The bestest, mostest random password RPG will ever give you is USELESS if the 
method of cracking in doesn't involve cracking the password, but a social 
engineering attack, a MITM attack, a keylogger, etc. 

Far too many people fetishize long, random passwords as teh shizzle of computer 
security, when they're not (and there's not a whole lot of evidence that 
they've been all that good at preventing compromise in the first place, mainly 
because of the human element). 

This is why banks (among other reasons like people using 'password' for their 
passwords) have moved to multi-factor authentication. you need to enter your 
username/password AND the little picture needs to be correct; or they use RSA 
dongles. (themselves hacked at a higher level. RSA *claims* that SecurID is ok, 
but I'll wager there was a mass need for pants dry-cleaning 

Bruce Johnson
University of Arizona
College of Pharmacy
Information Technology Group

Institutions do not have opinions, merely customs

You received this message because you are a member of G-Group, a group for 
those using G3, G4, and G5 desktop Macs - with a particular focus on Power Macs.
The list FAQ is at http://lowendmac.com/lists/g-list.shtml and our netiquette 
guide is at http://www.lowendmac.com/lists/netiquette.shtml
To post to this group, send email to g3-5-list@googlegroups.com
For more options, visit this group at http://groups.google.com/group/g3-5-list

Reply via email to