Comments on: Yet again: Your wife’s name doesn’t qualify as a password! http://sysconfig.ossafe.org/2009/07/yet-again-your-wifes-name-doesnt-qualify-as-a-password/ Linux, BSD, Mac OS, the Internet, Programming, and other things Tue, 18 May 2010 23:08:38 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: admin http://sysconfig.ossafe.org/2009/07/yet-again-your-wifes-name-doesnt-qualify-as-a-password/comment-page-1/#comment-168 admin Thu, 16 Jul 2009 00:09:59 +0000 http://sysconfig.ossafe.org/?p=113#comment-168 And again, Twitter utterly fails when it comes to security basics: http://www.techcrunch.com/2009/07/15/another-security-tip-for-twitter-dont-use-password-as-your-password/ And again, Twitter utterly fails when it comes to security basics:
http://www.techcrunch.com/2009/07/15/another-security-tip-for-twitter-dont-use-password-as-your-password/

]]> By: admin http://sysconfig.ossafe.org/2009/07/yet-again-your-wifes-name-doesnt-qualify-as-a-password/comment-page-1/#comment-167 admin Wed, 15 Jul 2009 23:58:17 +0000 http://sysconfig.ossafe.org/?p=113#comment-167 Sounds familiar :-) Sounds familiar :-)

]]> By: Tomas Kramar http://sysconfig.ossafe.org/2009/07/yet-again-your-wifes-name-doesnt-qualify-as-a-password/comment-page-1/#comment-166 Tomas Kramar Wed, 15 Jul 2009 21:57:00 +0000 http://sysconfig.ossafe.org/?p=113#comment-166 Yeah, I love those sites.. Especially my hosting provider who in addition disallows some "special" characters in passwords. And I agree that brain is the best place, although I could tell you a story. I created a new account at the new bank, because they had a super high interest rate. I was assigned a temporary customer id and password, which I had to (both) change immediately after logging in to my internet banking account. So I picked a crazy paranoid password and id and saved it to my brain. Week after, my debit card arrived via snail mail with instructions to activate it in IB. But I forgot the password. So I called the hotline, where they asked for my customer id, which I forgot too :) Yeah, I love those sites.. Especially my hosting provider who in addition disallows some “special” characters in passwords.

And I agree that brain is the best place, although I could tell you a story. I created a new account at the new bank, because they had a super high interest rate. I was assigned a temporary customer id and password, which I had to (both) change immediately after logging in to my internet banking account. So I picked a crazy paranoid password and id and saved it to my brain. Week after, my debit card arrived via snail mail with instructions to activate it in IB.

But I forgot the password. So I called the hotline, where they asked for my customer id, which I forgot too :)

]]> By: admin http://sysconfig.ossafe.org/2009/07/yet-again-your-wifes-name-doesnt-qualify-as-a-password/comment-page-1/#comment-165 admin Wed, 15 Jul 2009 15:08:23 +0000 http://sysconfig.ossafe.org/?p=113#comment-165 Yes, to a certain extent that is true. However, many sites limit your password lengths (aka "choose a password between 6 and 12 characters"), which obsoletes your approach. It's certainly arguable, but I think it's still better to write down a password on an offline media (which would require physical theft) than to choose a simple password, as simple passwords could be hacked by literally anyone out there, whereas your offline notes can only be accessed by a rather tiny group of people (if at all). But we do agree on the fact that the brain is the best place to store a password :-) Yes, to a certain extent that is true. However, many sites limit your password lengths (aka “choose a password between 6 and 12 characters”), which obsoletes your approach.

It’s certainly arguable, but I think it’s still better to write down a password on an offline media (which would require physical theft) than to choose a simple password, as simple passwords could be hacked by literally anyone out there, whereas your offline notes can only be accessed by a rather tiny group of people (if at all).

But we do agree on the fact that the brain is the best place to store a password :-)

]]> By: Tomas Kramar http://sysconfig.ossafe.org/2009/07/yet-again-your-wifes-name-doesnt-qualify-as-a-password/comment-page-1/#comment-164 Tomas Kramar Wed, 15 Jul 2009 14:50:42 +0000 http://sysconfig.ossafe.org/?p=113#comment-164 I think that obscure passwords are not good, because even if users pick such password, then usually one of these things happens: 1. They forget it, restore it and change it to something simple 2. They write it down somewhere So I think that a better approach is to use whole sentences as passwords. Even simple sentences like "My wife's name is .." are immune to dictionary attacks, bruteforce attacks and rainbow tables. I think that obscure passwords are not good, because even if users pick such password, then usually one of these things happens:

1. They forget it, restore it and change it to something simple
2. They write it down somewhere

So I think that a better approach is to use whole sentences as passwords. Even simple sentences like “My wife’s name is ..” are immune to dictionary attacks, bruteforce attacks and rainbow tables.

]]>