Online Password Security Tactics

re: Online Password Security Tactics

ABob — Tue, 22 Mar 2011 09:36:16 GMT

I would disagree about MS office encryption. It was trivial in previous versions but since 2007 they have implemented AES which

makes brute forece search much harder.

There is one more thing I wanted to point here.

Unfortunately security and usability are somewhat fighting each other.

I mean the more security you impose the harder it is to use the system.

Talking about strong passwords.

Imagine you are using some really strong password like random letters as "k43,9a§%$Zha".

What are the chances that you will eventually forget it after a good vacation? I bet the chances are big.

This means a system designer must put measures to allow users to restore their passwords, recover them or allow generating new.

These special tools are also have to be implemented with highest details, one single mistake could break the entire system.

I was astonished once when I read about guys at http://passwordnow.com, which use clusters to run brute force search for users which

want to recover their data. It is really amasing how many poor people face the issue of getting their forgotten password.

My final advise is that users should think about forgetting their password and make a hard copy somewhere in the safe place.

re: Online Password Security Tactics

Speedbird186 — Thu, 16 Dec 2010 15:36:48 GMT

From a risk perspective, it might actually make sense to have a few different root passwords. Perhaps one root for banking sites, another for e-commerce sites and a third for online comments only. That way, the number of variations for each root is reduced, making it easier to remember.

The third root might as well not have any variations. Doesn't really matter if my commentx.com account gets hacked if the only place it'll work is on commenty.com -- provided the implications of hackers having access to both sites carries the same weight (as in, someone could post a comment on my behalf, but not shop or see credit card history, etc.)

re: Online Password Security Tactics

Rowlandg — Wed, 15 Dec 2010 17:31:57 GMT

Password Safe is the only way I've found to keep my various worlds safe. Nice topic Buck.

re: Online Password Security Tactics

Ronald Dameron (@RonDBA) — Wed, 15 Dec 2010 16:57:47 GMT

So far I've survived by having a root password that is not a dictionary word, uses mixed case, numerics and special characters that I will never forget. Then, I tack on a mnemonic suffix for the different sites that I use that require a password. I'm very near the point of migrating to something like Password Safe because I find that I sometimes forget the suffix for a particular site if I don't visit enough. I second Password Safe as a recommendation. Used it at my last employer to store important passwords securely.

re: Online Password Security Tactics

Kirchner — Tue, 14 Dec 2010 18:54:09 GMT

Wow, that was fast :)

I'll give Password Safe a try. Thanks.

re: Online Password Security Tactics

BuckWoody — Tue, 14 Dec 2010 18:46:54 GMT

Kirchner - I wouldn't trust it, personally. Not for enterprise level stuff. It has a use-case, but not for my password safe.

re: Online Password Security Tactics

Kirchner — Tue, 14 Dec 2010 18:44:22 GMT

Hum, what about Office OneNote password protection? MS says it's based on a strong encryption algorithm...