passwords

passwords
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 General Computer Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
passwords Andy Fish 10-19-2007
|--> Re: passwords Sebastian G.10-19-2007
---> Re: passwords Shenan Stanley10-19-2007
---> Re: passwords Mark Trimble10-19-2007
---> Re: passwords Steve Riley [MS...10-24-2007
Posted by Mark Randall on October 20, 2007, 2:56 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

> would I have a claim against ukreg for not protecting my private details,
> or would paypal claim that I was negligent for using the same password for
> 2 online services?

You'd have a claim for them allowing personally identifiable material and
passwords to be revealed.

I and many others have been considering it also who are in the same
situation.

Regards,

Mark Randall


Posted by Ari on October 24, 2007, 1:42 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
On Fri, 19 Oct 2007 15:42:01 GMT, Andy Fish wrote:

> if I can't trust anyone to encrypt my password, it seems that the only way
> to be secure is to use a different password for every system and then write
> them all down somewhere.
>
> I am an IT professional and I get the impression that most people currently
> take a similar approach to me. If not, what's the best way to manage so many
> passwords?
>
> Andy

KeePass
--
"You can't trust code that you did not totally create yourself"
Ken Thompson "Reflections on Trusting Trust"
http://www.acm.org/classics/sep95/

Posted by AnthonyM on October 24, 2007, 2:54 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
> On Fri, 19 Oct 2007 15:42:01 GMT, Andy Fish wrote:
> > if I can't trust anyone to encrypt my password, it seems that the only way
> > to be secure is to use a different password for every system and then write
> > them all down somewhere.
>
> > I am an IT professional and I get the impression that most people currently
> > take a similar approach to me. If not, what's the best way to manage so many
> > passwords?
>
> > Andy
>
> KeePass
> --
> "You can't trust code that you did not totally create yourself"
> Ken Thompson "Reflections on Trusting Trust"http://www.acm.org/classics/sep95/

I use a modified approach to all the solutions mentioned above. Truly
it doesn't matter if you keep them in an excel file. If they are
stored somewhere, there is a potential vulnerability. So I use
different passwords for every site, and I do store 1/2 of the password
in a system (I won't endorse a particular one, but I've used several
methods, Excel, RoboForm, Keepass, UltraSafe). So I put 1/2 of the
password in the system. I usually do a random generated 8-10
character key. Then, I memorize a 2nd 1/2 that is a keyphrase. This
helps me feel secure that even if my method of storing passwords is
comprimized, they still have to come up with the 2nd half of the
password that is memorized.

Just a thought.

Anthony Maughan
Systems Engineer, MCSE + Security
Positive Networks
http://www.phonefactor.net - Strong Authentication


Posted by Sebastian G. on October 24, 2007, 5:11 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
AnthonyM wrote:


> I use a modified approach to all the solutions mentioned above. Truly
> it doesn't matter if you keep them in an excel file. If they are
> stored somewhere, there is a potential vulnerability. So I use
> different passwords for every site, and I do store 1/2 of the password
> in a system (I won't endorse a particular one, but I've used several
> methods, Excel, RoboForm, Keepass, UltraSafe). So I put 1/2 of the
> password in the system. I usually do a random generated 8-10
> character key. Then, I memorize a 2nd 1/2 that is a keyphrase. This
> helps me feel secure that even if my method of storing passwords is
> comprimized, they still have to come up with the 2nd half of the
> password that is memorized.


Or written in another way: If one of your passwords gets compromised
externally, half of each of your other passwords is also compromised.
Very very very stupid idea!

> Systems Engineer, MCSE + Security

                 ~~~~

Oh well, you're a Minesweeper Consultant and Solitaire Expert?

> http://www.phonefactor.net - Strong Authentication


Nah... that's too easy...

Posted by AnthonyM on October 31, 2007, 2:54 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
> AnthonyM wrote:
> > I use a modified approach to all the solutions mentioned above. Truly
> > it doesn't matter if you keep them in an excel file. If they are
> > stored somewhere, there is a potential vulnerability. So I use
> > different passwords for every site, and I do store 1/2 of the password
> > in a system (I won't endorse a particular one, but I've used several
> > methods, Excel, RoboForm, Keepass, UltraSafe). So I put 1/2 of the
> > password in the system. I usually do a random generated 8-10
> > character key. Then, I memorize a 2nd 1/2 that is a keyphrase. This
> > helps me feel secure that even if my method of storing passwords is
> > comprimized, they still have to come up with the 2nd half of the
> > password that is memorized.
>
> Or written in another way: If one of your passwords gets compromised
> externally, half of each of your other passwords is also compromised.
> Very very very stupid idea!
>
> > Systems Engineer, MCSE + Security
>
> ~~~~
>
> Oh well, you're a Minesweeper Consultant and Solitaire Expert?
>
> >http://www.phonefactor.net- Strong Authentication
>
> Nah... that's too easy...

I will happily respond to an intelligent, even sort of thought through
opinion. What I can't respond to is an infantile attack on my
credentials and my idea without any supporting information. Do you
really think that having half of a 25 character password of an
unknown number of passwords to an unknown number of sources is
meaningful in any way other than being proud of it? What about if
someone releases the sourcecode to keepass or roboform etc? Perhaps
you can easily memorize 40 25 character passwords every 30 days, but I
can't. So rather than recording all 40 passwords in some hopefully
secure manner, I store half of them. I read several of your other
posts, it seems you are intelligent. Couldn't you be more helpful
rather than sarcastic and condescending? Thanks Sebastian, for making
one of my first attempts at responding in a newsgroup so pleasant.


Similar ThreadsPosted
Hashes and Passwords May 21, 2006, 5:36 am
Win passwords - transmission to server November 27, 2005, 1:36 am
Legality of decrypting passwords June 30, 2008, 8:48 am
Stored passwords vanished -- is it a bug or a virus? June 17, 2005, 6:35 pm
Stored passwords vanished -- is it a bug or a virus? June 17, 2005, 6:35 pm
how to programmatically prevent passwords being saved? November 14, 2005, 11:26 am
FAQ: How can I generate good strong passwords? December 5, 2005, 5:56 pm
FAQ: How can I generate good strong passwords? December 25, 2005, 11:33 am
FAQ: How can I generate good strong passwords? January 26, 2006, 11:35 am
FAQ: How can I generate good strong passwords? February 10, 2006, 3:26 pm

The site map in XML format XML site map

Contact Us | Privacy Policy