And, from my friend and computer guru, Steve Kinney, this: Industry best practice for password management: 1) Keep a log file with all your account credentials, and back it up offsite so you cant lose it. One simple approach is to use a password protected word processor document, which you can send to yourself at a webmail service like GMail whenever it, changes to assure you cant lose it. Open Office and Libre Office use a real industry standard cipher to encrypt password protected documents; recent versions of MS Office also use a real cipher. 2) The log file is important, because NOT re-using the same password is important: A password stolen from one service or website can and often will be tried on all of the users accounts at other services - because most people DO use the same #$@%! password everywhere. They do that because normal people cant make up and remember a dozen or more good passwords. With the log file, the only password you really need to remember is the one that enables you to open it. 2) Secure password construction is a question of length times randomness, divided by whether it is possible for a human to remember the password. The Diceware method provides an excellent solution to this dilemma: Roll dice to select words from a long long list, use as many words as needed to obtain the level of hardness desired. diceware Three words from Diceware should be enough to effectively lock up e-mail accounts, because there is a limit to how many combinations per minute can be tried by an attacker - botnets will give up and try their luck elsewhere. Five or more words should be used for high risk applications, such as the password used to secure your password log file. (For mathematical reasons, adding numbers, punctuation, etc. to passwords is pointless - adding length makes a WAY stronger combination than adding extra symbols - an x times y vs. x to the y power proposition.) The above information on password control reflects a well established consensus among network security researchers and professionals that has not changed in over a decade. It is very safe to call it a final answer and just start doing it that way. See also this classic cartoon: https://xkcd/936/ :o) Steve A different password for every account - dang! I have enough trouble remembering the names of my friends! love you, even if I am forgetful! Ive got some work to do.
Posted on: Sun, 25 Jan 2015 00:11:37 +0000
Trending Topics
Recently Viewed Topics
© 2015