On the h4xx0ring of p4sswordZ

[sunrat 2,353]

Dan's Data is one of my old favourite sites, Aussie, kinda geeky, with hints of XKCD and rather addictive. And lots of really useful tips. Although his posts are less frequent lately, there's a goldmine to explore.

I just happened across this article, a fascinating insight on passwords. Put your protective sarcasm goggles on.

 

On the h4xx0ring of p4sswordZ

[ross549 1,256]

This type of problem (strong passwords) is why I am really interested to see where SQRL ( http://grc.com/sqrl ) goes.

 

Adam

[Temmu 1,931]

true, sunrat, most folks can't password for nothin'

 

adam, interesting, but looks like the rsa-key, and like the rsa-key, a second form of id should be required

(so the key holder does not automatically become the authenticated user, in the case of the lost hardware key.)

[ross549 1,256]

It is not the RSA key. It is only two party authentication versus three party in the case of RSA.

 

 

Adam

[Temmu 1,931]

watt i should've said is, unlike the rsa-key which requires another password, the sqrl thingy has the potential of saying, just because i am, i am the authorized owner and therefore believe me.

[ross549 1,256]

Yes, and the model behind SQRL makes it extremely difficult (impractical to attempt) to spoof your identity.

 

Unless someone commandeers your device. they would have to get into the application that contains your identity.

 

Adam

[V.T. Eric Layton 6,769]

I use reverse psychology when choosing a password because I figure all the hackers are expecting something complicated these days, so I use passwords like "password1", "eric1", and "drowssap".

[Guest LilBambi]

No matter what methodology you use for creating secure passwords, just make sure you only use them once, each.

[V.T. Eric Layton 6,769]

I'm sure everyone realizes my comment above was most definitely tongue-in-cheek. In actuality, I use 128 character minimum passwords created on a CRAY system with random number/character generators using specialized string theorems in conjunction with advanced logarithmic functions. They are so secure even I can't remember them.

[amenditman 931]

They are so secure even I can't remember them.

Well, that will prevent you from accidentally pissing off everyone you know when you are in a drunken stupor.

Try that on Facebook!

[ross549 1,256]

I'm sure everyone realizes my comment above was most definitely tongue-in-cheek. In actuality, I use 128 character minimum passwords created on a CRAY system with random number/character generators using specialized string theorems in conjunction with advanced logarithmic functions. They are so secure even I can't remember them.

 

Everyone knows string theory is the biggest scientific scam since Tesla's earthquake machine.

 

write your passwords on a 512 qbit quantum computer for REAL security.

 

Adam

[V.T. Eric Layton 6,769]

Tesla's earthquake machine a scam? Say it ain't so, Joe!

[Temmu 1,931]

dunno - he took his magnetic resonator to a construction site, set it to hum at the primary freq of the iron beams and pretty much toppled the site (or almost did, may have stopped short.)

[V.T. Eric Layton 6,769]

Tesla was a character from history with whom I would love to go back in time and have a nice dinner and some conversation.