On Tue, Apr 27, 2010 at 3:21 PM, Ken D'Ambrosio <k...@jots.org> wrote: > I, myself, got bitten by that using what *I*, at least, > thought was a fairly esoteric password.
If you're still using a passWORD on today's Internet, you're already in a very high risk category. Using an English word for a password is supposed to be roughly equivalent to using "12 bit encryption" or something like that. I recommend complex passphrases, minimum 15 characters in length, containing a mixture of upper- and lower-case letters, digits, spaces, and punctuation. Generally speaking, a phrase like "Ben eats purple paperclips? Why?" is much easier for people to remember than a shorter but completely random string of random characters, and just about as strong. *NEVER* use the same password on more than one system. A lot of people use the same password everywhere, or have a "system" they use to derive passwords formulaically. This is a very bad idea. Systems get compromised and password loggers installed all the time. Now one compromised account becomes *all* your accounts. In most cases, changing your password frequently is not worth it. Far better to use strong, unique passwords. *NEVER* use anything but a trusted terminal to log in to a website. That means "Internet cafe" computers, public library computers, computers belonging to friends/family, etc., are all out. Unless you have very strong evidence to the contrary, you should assume every computer you encounter is compromised. Because it probabbly is. (The above applies to assets actually worth protecting. I use cheap passwords on some sites (mainly message boards I've had to log into once) simply because I don't care if my account is hijacked.) -- Ben _______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/