0 Members and 2 Guests are viewing this topic.
UK cyber-security chief: 'the password abc123 is better than nothing'Overcomplicating cybersecurity advice risks scaring the people who most need help away, says the head of a government-supported online safety organisationPublic safety isn't helped by being absolutist about password strength, the head of the Government's Get Safe Online has warned.Although strong passwords are better than weak ones, Tony Neate argues it is just as important to impress upon the public that any password is better than none - even if it's as simple as abc123.
So consider the following two passwords: ngdh$82K and 3333333333333333333. Which of these two passwords will be cracked last? The answer is the longer one, despite the fact that it has almost no entropy.
Which of the following two passwords is stronger,more secure, and more difficult to crack?D0g.....................PrXyc.N(n4k77#L!eVdAfp9You probably know this is a trick question, but the answer is: Despite the fact that the first password is HUGELY easier to use and more memorable, it is also the stronger of the two! In fact, since it is one character longer and contains uppercase, lowercase, a number and special characters, that first password would take an attacker approximately 95 times longer to find by searching than the second impossible-to-remember-or-type password!
Password guru who told the world to make them complicated admits: I got it completely wrong It has become the bane of many office workers' existences: being forced to use complicated and difficult-to-remember passwords laden with random numbers and symbols.But the man who originally came up with the rules on safe passwords has admitted that his guidance was totally wrong, 14 years after it was first published.Bill Burr wrote what has become the "bible" on password security in 2003 while working for the US Government. It advised using capital letters, numbers and non-alphabetic symbols in passwords, in the belief that they would be more difficult to guess.The original password guidelines from America's National Institute for Science and Technology written by Burr have recently been updated to do away with the old rules.They now advise that people use long but easy-to-remember "passphrases", a sequence of words that do not need to feature special characters or numbers. Using “horsecarrotsaddlestable” would take one trillion years for a “botnet” cyber attack to crack, compared to one minute for “P@55w0rd”.
If you find passwords a burden - simply use password management software like Bitwarden, 1Password, and KeePass to make them both safer and easier to remember.
Kremlin supporters suspected to be behind fraudulent articles designed to look like they came from Le Soir and the GuardianThe people behind the fraudulent article built a website that looked similar to the original and made the domain name look plausible by replacing the i in Guardian with a Turkish ı.
Er... Guardian with ı... not plausible, methinks.