Comments on: Password security http://wildwebweaving.com/2008/05/06/password-security/ adventures in weaving the World-Wide Web Thu, 04 Dec 2008 18:10:27 +0000 http://wordpress.org/?v=2.3.1 By: Jon http://wildwebweaving.com/2008/05/06/password-security/#comment-22 Jon Thu, 08 May 2008 20:44:29 +0000 http://wildwebweaving.com/2008/05/06/password-security/#comment-22 Just as long as you can remember it, Chad. Just as long as you can remember it, Chad.

]]> By: Chad http://wildwebweaving.com/2008/05/06/password-security/#comment-21 Chad Thu, 08 May 2008 19:24:37 +0000 http://wildwebweaving.com/2008/05/06/password-security/#comment-21 This is a great idea. What about setting your phrase to represent the website you are creating the password for. 'I Get My Mail With' = Gmail 'I Get My Books With' = Amazon Or something along those lines. Just my 2 cents. This is a great idea.

What about setting your phrase to represent the website you are creating the password for.

‘I Get My Mail With’ = Gmail
‘I Get My Books With’ = Amazon

Or something along those lines.

Just my 2 cents.

]]> By: Louise http://wildwebweaving.com/2008/05/06/password-security/#comment-20 Louise Thu, 08 May 2008 10:16:16 +0000 http://wildwebweaving.com/2008/05/06/password-security/#comment-20 @Jon No problem. I'd be happy to hear any feedback. Louise @Jon

No problem. I’d be happy to hear any feedback.
Louise

]]> By: Jon http://wildwebweaving.com/2008/05/06/password-security/#comment-19 Jon Wed, 07 May 2008 15:23:17 +0000 http://wildwebweaving.com/2008/05/06/password-security/#comment-19 Agreed. Backwards English words are not strong. Agreed. Backwards English words are not strong.

]]> By: Joe http://wildwebweaving.com/2008/05/06/password-security/#comment-18 Joe Wed, 07 May 2008 14:23:39 +0000 http://wildwebweaving.com/2008/05/06/password-security/#comment-18 krod is one of the originals. We upgraded it after I broke it early on with a forward/backward dictionary. we also had emtae for a while until I broke it before the security team told me about it. krod is one of the originals. We upgraded it after I broke it early on with a forward/backward dictionary. we also had emtae for a while until I broke it before the security team told me about it.

]]> By: Jon http://wildwebweaving.com/2008/05/06/password-security/#comment-17 Jon Wed, 07 May 2008 14:20:13 +0000 http://wildwebweaving.com/2008/05/06/password-security/#comment-17 I'm not so skeptical, Joe... With that example, the base, krod44 is non-sensical to begin with, not found in any English dictionary or in any other language... Further strengthening it seems fine to me... Is kr0D44! simple to crack? Maybe for hackers who are natives of Krodaa. :-) Good information though, about the potential equivalence of uppercase and lowercase on some servers. I’m not so skeptical, Joe… With that example, the base, krod44 is non-sensical to begin with, not found in any English dictionary or in any other language… Further strengthening it seems fine to me… Is kr0D44! simple to crack? Maybe for hackers who are natives of Krodaa. :-)

Good information though, about the potential equivalence of uppercase and lowercase on some servers.

]]> By: Jon http://wildwebweaving.com/2008/05/06/password-security/#comment-16 Jon Wed, 07 May 2008 14:12:11 +0000 http://wildwebweaving.com/2008/05/06/password-security/#comment-16 Interesting, Louise. Thanks for the info. Interesting, Louise.

Thanks for the info.

]]> By: Joe http://wildwebweaving.com/2008/05/06/password-security/#comment-15 Joe Wed, 07 May 2008 14:11:15 +0000 http://wildwebweaving.com/2008/05/06/password-security/#comment-15 What makes me skeptical about strong passwords is that you can use english dictionary words with minor alterations. Some default ones like krod44! (medium strength) become strong with kr0D44! which seems so simple to crack. Further, most sites lcase or ucase passwords on read in to make database calls easier or usability easier. The trick comes where you sacrifice usability for security or vice-versa. What makes me skeptical about strong passwords is that you can use english dictionary words with minor alterations. Some default ones like krod44! (medium strength) become strong with kr0D44! which seems so simple to crack.

Further, most sites lcase or ucase passwords on read in to make database calls easier or usability easier. The trick comes where you sacrifice usability for security or vice-versa.

]]> By: Louise http://wildwebweaving.com/2008/05/06/password-security/#comment-14 Louise Wed, 07 May 2008 13:26:38 +0000 http://wildwebweaving.com/2008/05/06/password-security/#comment-14 Once you've got a bunch of strong passwords, you need a place to store them. I worl for PassPack, which is an online password manager. If you are aware of how important a strong password is, you may be interested in this blog on password managers: http://tinyurl.com/38jxny Hope it helps! Louise PS PassPack also generates strong passwords for you. Once you’ve got a bunch of strong passwords, you need a place to store them. I worl for PassPack, which is an online password manager.

If you are aware of how important a strong password is, you may be interested in this blog on password managers:

http://tinyurl.com/38jxny

Hope it helps!

Louise

PS PassPack also generates strong passwords for you.

]]>