goinggreek.info
The Agora => UK & World News => Going Geek info => Topic started by: Maik on Tuesday, 21 January, 2014 @ 03:11:46
-
UK cyber-security chief: 'the password abc123 is better than nothing'
Overcomplicating cybersecurity advice risks scaring the people who most need help away, says the head of a government-supported online safety organisation
Public safety isn't helped by being absolutist about password strength, the head of the Government's Get Safe Online has warned.
Although strong passwords are better than weak ones, Tony Neate argues it is just as important to impress upon the public that any password is better than none - even if it's as simple as abc123.
http://www.theguardian.com/technology/2014/jan/20/uk-cyber-security-chief-the-password-abc123-is-better-than-nothing
Results for abc123 from four reputable password checkers:
(http://goinggreek.info/gallery/1_21_01_14_12_05_08.jpeg)
Microsoft (https://www.microsoft.com/en-gb/security/pc-security/password-checker.aspx)
(http://goinggreek.info/gallery/1_21_01_14_12_06_41.jpeg)
GetSafeOnline (http://www.getsafeonline.org/themes/passwrdcheck/index.html)
(http://goinggreek.info/gallery/1_21_01_14_12_07_39.jpeg)
Intel (https://www-ssl.intel.com/content/www/us/en/forms/passwordwin.html)
(http://goinggreek.info/gallery/1_21_01_14_12_08_32.jpeg)
GRC (https://www.grc.com/haystack.htm)
Not a great idea to enter your actual password but maybe enter something similar in the password checkers above.
If you need passwords that are more secure there's various free online password generators available online, such as:
Norton Password Generator (https://identitysafe.norton.com/password-generator)
GRC's Ultra High Security Password Generator (https://www.grc.com/passwords.htm)
Once you've chosen passwords for all the sites you use you need a way to remember them, i.e. a Password Manager (http://lifehacker.com/5944969/which-password-manager-is-the-most-secure). For most people the password manager in your browser is probably easiest to use and may be sufficient; info for Internet Explorer (http://windows.microsoft.com/en-gb/windows7/store-passwords-certificates-and-other-credentials-for-automatic-logon) / Firefox (https://support.mozilla.org/en-US/kb/password-manager-remember-delete-change-passwords) / Chrome (http://www.ghacks.net/2013/12/04/google-chrome-gets-master-password-protection/).
If you want something more secure there are various free and commercial products such as LastPass (https://lastpass.com/index.php) / Dashlane (https://www.dashlane.com/) / Roboform (http://www.roboform.com/how-it-works/product-comparison) / KeePass (http://keepass.info/). If you use Firefox on Windows, Keefox (inc. KeePass) (https://addons.mozilla.org/en-US/firefox/addon/keefox/?src=external-kforg-download) works very well but requires a little time to figure it out and configure it.
Your Clever Password Tricks Aren't Protecting You from Today's Hackers (http://lifehacker.com/5937303/your-clever-password-tricks-arent-protecting-you-from-todays-hackers)
So consider the following two passwords: ngdh$82K and 3333333333333333333. Which of these two passwords will be cracked last? The answer is the longer one, despite the fact that it has almost no entropy.
https://xato.net/passwords/the-worst-password-tips/
Which of the following two passwords is stronger,
more secure, and more difficult to crack?
D0g.....................
PrXyc.N(n4k77#L!eVdAfp9
You probably know this is a trick question, but the answer is: Despite the fact that the first password is HUGELY easier to use and more memorable, it is also the stronger of the two! In fact, since it is one character longer and contains uppercase, lowercase, a number and special characters, that first password would take an attacker approximately 95 times longer to find by searching than the second impossible-to-remember-or-type password!
https://www.grc.com/haystack.htm
-
Password guru who told the world to make them complicated admits: I got it completely wrong
It has become the bane of many office workers' existences: being forced to use complicated and difficult-to-remember passwords laden with random numbers and symbols.
But the man who originally came up with the rules on safe passwords has admitted that his guidance was totally wrong, 14 years after it was first published.
Bill Burr wrote what has become the "bible" on password security in 2003 while working for the US Government. It advised using capital letters, numbers and non-alphabetic symbols in passwords, in the belief that they would be more difficult to guess.
The original password guidelines from America's National Institute for Science and Technology written by Burr have recently been updated to do away with the old rules.
They now advise that people use long but easy-to-remember "passphrases", a sequence of words that do not need to feature special characters or numbers. Using “horsecarrotsaddlestable” would take one trillion years for a “botnet” cyber attack to crack, compared to one minute for “P@55w0rd”.
http://www.telegraph.co.uk/technology/2017/08/08/man-wrote-password-bible-admits-advice-completely-wrong/
Good advice at the time but things change, as others have figured out, e.g.
MargaretThatcherIs110%Sexy (http://goinggreek.info/index.php?topic=1351.0)
Still best to use different passwords, oops, 'passphrases' for different sites.
-
If you find passwords a burden - simply use password management software like Bitwarden, 1Password, and KeePass to make them both safer and easier to remember.
https://www.grahamcluley.com/n3vr-m1d-password-rules-get-a-password-manager-to-generate-and-remember-your-passwords-instead/
But don't forget the master password!
-
An alternative I have never heard suggested is to use foreign alphabets if you are familiar with them and know how to bring up the appropriate keyboard on all the devices you are likely to use. Or better a mixture of them and English to make the possibility of a brute force attack succeeding even more remote. That way you can use relatively simple memorable phrases or more complicated if you mix the use of the two alphabets. E.g. a well known phrase:
ΓοινγΓρεεκ
GoingΓρεεκ
ΓoιnγGρeεk
Even...
GoingΕλλενικός
No...none of these are my p/w here!! I do use Greek plus a number on one site, though.
Tony
-
Going slightly off topic here but mixing alaphets has been used to spread fake news:
Kremlin supporters suspected to be behind fraudulent articles designed to look like they came from Le Soir and the Guardian
The people behind the fraudulent article built a website that looked similar to the original and made the domain name look plausible by replacing the i in Guardian with a Turkish ı.
https://www.theguardian.com/technology/2017/aug/18/experts-sound-alarm-over-news-websites-fake-news-twins
-
Er... Guardian with ı... not plausible, methinks. Guardian with y, rr, dr - totally plausible!!
Tony
-
Er... Guardian with ı... not plausible, methinks.
Well, the article was in, er, the Guardίan
(that's Guardίan with a Greek "ί")