So. Someone replied directly to me instead of the list suggesting that
character length is an important factor in password security.
Letter count is a pointless factor in password security. Four score and
seven years ago is 30 characters and still trivially vulnerable to
dictionary attacks.
I see a lot of people and businesses out there, that just don't care about
their own privacy. They email passwords to each other, W2's with salary and
social security information, photocopies of drivers' licenses and passports to
be used by HR to complete I-9 forms...
As an IT person advising
From: Kent Borg [mailto:kentb...@borg.org]
An only half facetious suggestion: write passwords down, but ONLY on
$100 bills. Now guard them accordingly.
LOL, I like it. Ironically, however, a tightly held $100 bill is worth
precisely $0, because if you'll never spend it, then it's just
On 02/17/2015 08:42 AM, Edward Ned Harvey (blu) wrote:
As an IT person advising a business to be more responsible, what areas do you
advocate securing most urgently? IT admin credentials? HR records? Financial
records? Other stuff? Simply everything, bar none?
I would lower the priority
On 02/17/2015 12:25 PM, Edward Ned Harvey (blu) wrote:
Agreed - however - in my experience, there is a high correlation
between the use of bad passwords, and the use of insecure systems. The
people who choose bad passwords are the same ones who email it to
other people, or stick their ssh keys
On 02/17/2015 12:51 PM, Kent Borg wrote:
I think the only way to fix the password problem is to get people to
discard security theater and think and understand and be disciplined.
But if you can fix the password problem, I think the next problems
~start~ to fix themselves.
But I don't know,
On 02/17/2015 01:29 PM, Matthew Gillen wrote:
Most of the people I want to think and understand are actually the
people running systems that need passwords and coming up with
obnoxious requirements for passwords that essentially force you to
write everything down.
But writing down passwords
Passwords have serious problems, but they are bit like the problems with
one-time-pads: cumbersome but otherwise perfect.
There is never going to be a generalized crack of the password system.
Even with some fancy Quantum Cryptography, passwords are not about to
suffer a catastrophic failure.
From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
Behalf Of Kent Borg
Writing down
passwords is good.
Well, writing down passwords for a little while until you memorize it is good.
Writing it down and keeping it around changes it from something you know, to
something
On 02/17/2015 04:05 PM, Edward Ned Harvey (blu) wrote:
All the talk about solving the password problem is interesting - but not
related to the original question -
What is the most common, or most important, area that you actually see people
communicating insecurely, that should be secured?
All the talk about solving the password problem is interesting - but not
related to the original question -
What is the most common, or most important, area that you actually see people
communicating insecurely, that should be secured? Email has got to be #1, and
I'm guessing
On 02/17/2015 04:03 PM, Edward Ned Harvey (blu) wrote:
Well, writing down passwords for a little while until you memorize it
is good. Writing it down and keeping it around changes it from
something you know, to something you have. You might as well write
down a 256-bit random key, if you're
On 2/17/2015 4:05 PM, Edward Ned Harvey (blu) wrote:
What is the most common, or most important, area that you actually
see people communicating insecurely, that should be secured? Email
has got to be #1, and I'm guessing Dropbox/Box/Google Drive #2. Is
that it? Or is there more?
Given the
13 matches
Mail list logo