Showing 117 results for the search term "passwords".
This past week (as I write this) security researcher Mark Burnett (who literally wrote the book on passwords) released ten million passwords gathered from security breaches. He went one step further and released the account names (without the domain part) of the associated email addresses. That’s a lot of passwords. Here’s why you should care. […]
“Don’t share your passwords with anyone!” We say it repeatedly in Learning Tree’s System and Network Security Introduction, and I’m sure I’ve said it on this blog more than once. It’s bad practice; it leads to potential insecurity, and it means systems aren’t able to properly account for use. Sharing passwords is also illegal in some […]
A technology called repeated hashing provides user authentication that can only be defeated by guessing the user’s secret or traveling back in time. Since the second is impossible, this is as good as user authentication security can get. Hashing, Again and Again In Learning Tree’s System and Network Security Introduction course we explain hash functions. […]
Last week I suggested a do-it-yourself approach to generating pass phrases. Using an available list of 80,489 4-to-6-character strings of words and word fragments, and randomly selecting five such strings, plus 5 digits, plus one of the 30 or so punctuation marks, that scheme could generate this many possible pass phrase strings: 804895 × 105 […]
What makes a password secure? We have to keep the bad guys out while letting the legitimate user in. We need to protect authentication and prevent user identity masquerading or spoofing, so it must be impractical for the attacker to guess it. I didn’t say ”impossible” because any string could be guessed eventually. But impractical, […]