How To Manage Your Passwords With KeePassX
Last week I suggested a do-it-yourself approach to generating pass phrases. Using an available list of 80,489 4-to-6-character strings of words and word fragments, and randomly selecting five such strings, plus 5 digits, plus one of the 30 or so punctuation marks, that scheme could generate this many possible pass phrase strings: 804895 × 105 […]
How Can We Create Secure Passwords?
What makes a password secure? We have to keep the bad guys out while letting the legitimate user in. We need to protect authentication and prevent user identity masquerading or spoofing, so it must be impractical for the attacker to guess it. I didn’t say “impossible” because any string could be guessed eventually. But impractical, […]
Change Your Password Once, Not Often
I got in the habit of changing my password often when I started using UNIX back in the late 1970s. Everyone said, it was “the thing to do,” and I believed it. Security pros are saying something different now, and it is important to look at why. Lorrie Cranor, Chief Technologist of the US Federal […]
Master passphrases: keys to the kingdom
Longtime readers of this blog will know that I am a fan of password managers. I use one myself and I have recommended them to others including my wife, who uses one too, now. I like them because they generate complex passwords and save them so I don’t have to remember them. Participants in Learning […]
How Secure Are Password Managers?
In Learning Tree’s System and Network Security Introduction course we talk about the tradeoff between security and convenience. They’re usually at either end of the seesaw: If one is going to go up, the other has to go down. For clear examples of this, see the password managers implemented as parts of web browsers and […]