|
IT Rant
Passwords--- give me a break!
Just got my new password from IT. Which is more likely....that someone will guess the local name of the field I took shortcuts through walking to school in another state 40 years ago, OR that I will remember a password similar to "P35S3y.7f" amongst the other 5 passwords I routinely use for work. In Medicine we have a phrase "First do no harm". Maybe we should suggest that approach to IT Rant over. |
Create a word doc with all your passwords/logins in it. Keep a password on that word doc.
|
Yup. It sucks.
Don't call them 'Passwords'. Its a 'Passphrase'. Really. Try it. "P35S3y.7f" is hard to recall. "P@ollyzPant!es74".....not so much. |
I want my goddamn retina scanner, already.
|
Quote:
|
A couple of common ones... "Pa55w0rd" "Welcome1" Not recommended but a lot of my customers use these.
As a suggestion for a periodic complex password ... "Mar.2013" ... Just change the month/year to the current month/year when prompted. This is especially good for passwords you seldom use. Obviously you can vary this to make it more secure. |
IT Rant
Quote:
|
Quote:
|
the length of the password is more important than the variations of characters.
in normal brute force password cracking, you incrementally increase length of the password. so even "abcdefghijklmnopqrstuvwxyz" password isn't going to be at the front of the line. although "aaaaaaaaaaaaaaaaaaaaaaaaa" is probably the first of the 26 character password attempts. http://imgs.xkcd.com/comics/password_strength.png |
actually, password hacking is not done sequentially with brute force
it's done with rainbow tables Rainbow table - Wikipedia, the free encyclopedia 26 letter passwords are really not required It's not practical The goal is to get a password that has enough variation in it to prevent it from being guessed or brute forced to easily. use multiple characters, numeric, letters , small CAPS and some kind of symbol pelicanparts would be bad PelicanParts would be a lot better P3lic@P@rts is even better And P3!icanP@rts! is the dogs bollocks except you probably shouldn't build it up around a single word, as everybody does the same. Spelling errors are great in passwords B!u3-Pe!!iC@n5 Actual brute force hacking is pretty hard to do these days, because most have a minimum brute force security built in, such as a time lock after x number of errors |
I have spreadsheets of passwords too but, I'm quasi-IT so I have no choice.
|
Enterprise Password Management Software | Secret Server password management software, enterprise password manager
also with an online version... |
As I started to get to many user names and passwords to remember I found an app for my iPhone.
I use one called msecure. The crazy thing is I have 68 user names and passwords now. Freakin stupid. |
The IT world is overpopulated with folks whom I (as a 7 time CIO) call professionally Paranoid. They are partly driven by a fear of hacking attacks against what is usually very poorly designed networks, partly driven by an unfounded fear that any data stored in computer servers is to be protected at all costs whereas the reality is that if it was stolen by the competition it would set them back 10 years and lastly driven by a desire to be important and puffed up "pigeon style".
Most of them generally do not subscribe to the balanced risk model where businessmen take measured and reasonable risks as a tradeoff against benefits in other areas. They are not wired that way. In my last CIO gig I had a vociferous debate with the security team as to why my bank only needed a 6 character password with one special character, yet they were advocating a 12 digit password. They could not explain why I could get a mortgage or move money with 6 character protection whereas the company's email drivel required 12.... There are now new people in that role.... Dennis |
People need to understand that when they set the bar too high for the user (complexity, frequency of change, lack of uniformity across systems) they reduce security because the passwords end up on a post-it note on the monitor.
|
Quote:
|
Quote:
|
I have a smart card and a pin. Insert the card, put in my pin and that's it for the next 16 hours.
|
You know what I tell my users?... to suck it, because Windows and other applications require certain criteria for passwords and I can't change that. Out of all of the users, I have 1 that forgets his login password(and ever other effing password) on a weekly basis. It got to the point of a post-it on the monitor and guess who stillll messed it up? And quit trying and subsequently failing with the same password over and over and end up locking your account!.. ok IT rant over.
|
Quote:
I deal with sensitive material for the government. We have devices that hold encryption keys. These devices hold up to thousands of keys that are what protect our networks (radio, voice, computer networks, etc.). When I was in Iraq, it was very, very common to find one of these devices, remove the battery from the back and see a big sticky note with the password right on there. This falls into enemy hands...goodbye secure communications. Worst one I ever saw had the sticky note between battery/device and also had a listing of all the keys and what they were used for on a label running down the side of the device. Sometimes, the stupidity of humans truly astounds me. |
| All times are GMT -8. The time now is 03:44 AM. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0
Copyright 2025 Pelican Parts, LLC - Posts may be archived for display on the Pelican Parts Website