Nightmare (guard your passwords)

hijack

An educational technology blog I followed out of Georgia (SEGA Tech) seems to have been abducted by a porn site. It’s possible the author has turned to the porn business but I kind of doubt it.

A not so nice reminder to keep your passwords secure and your software/apps updated. That’d be quite a nightmare. It’d be all some people would need to outlaw school blogging forever or get you fired.

I’d suggest going the passphrase route if at all possible.

I’ve been using pass phrases when possible after reading this article. It’s kind of long but I’ve cut out the relevant chunk below.

So here’s the deal – I don’t want you to use passwords, I want you to use pass-PHRASES. What is a pass-phrase you ask? Let’s take a look at some of my recent pass-phrases that I’ve used inside Microsoft for my ‘password’. “If we weren’t all crazy we would go insane“ (Jimmy Buffet rules) “Send the pain below!“ (I like Chevell too) “Mean people suck!“ (it’s true)

So why are these pass-phrases so great?

1. They meet all password complexity requirements due to the use of upper / lowercase letters and punctuation (you don’t HAVE to use numbers to meet password complexity requirements)

2. They are so freaking easy for me to remember it’s not even funny. For me, I find it MUCH easier to remember a sentence from a favorite song or a funny quote than to remember ‘xYaQxrz!’ (which b.t.w. is long enough and complex enough to meet our internal complexity requirements, but is weak enough to not survive any kind of brute-force password grinding attack with say LC5, let alone a lookup table attack). That password would not survive sustained attack with LC5 long enough to matter so in my mind it’s pointless to use a password like that. You may as well just leave your password blank.

3. I dare say that even with the most advanced hardware you are not going to guesss, crack, brute-force or pre-compute these passwords in the 70 days or so that they were around (remember you only need the password to survive attack long enough for you to change the password).

Once you’ve come up with a great passphrase- test your password strength (and notice it warns you not send your actual password- you don’t know these people!- just use something similar.)

Comments on this post

No comments.

Leave a Reply

Trackbacks and Pingbacks on this post

No trackbacks.

TrackBack URL