|
|
|
Pentium
Group: Forum Members
Last Login: Today @ 11:56:36
Posts: 5,394,
Visits: 28,852
|
|
I feel I should comment on what was a pretty good article on password security in MM 912. It dealt quite well with an important issue, however there are a few points that, whilst not wrong, I think weren't dealt with as well as they could be. The first really is important, Linda says "forgetting to check the site address in your browser has the telltale 'https' indicating the page is secure", this is not at all an indication of a safe site. Many phishers are using getting security certificates (it's not hard) for their sites so a secure connection is no indication of legitimacy anymore. Instead you should NEVER click on a link in your email - rather surf to the site in question manually.
Secondly I want to comment on her suggestion that locking out of a hack attempt after several wrong password attempts doesn't actually deterr the hacker. In the case of websites I agree it used to be the case however sites like LIVE! and Google now employ a much more secure method that refuses to let you login after 3 wrong password attempts unless you enter a verification code - that is displayed as a picture. This carries over in the database so you can change browsers or even use a different computer and it will still ask you for a code.
Slowly companies are recognising that password security is important and are trying to help people choose good passwords. It is not hard to develop a PHP / Javascript based parsing script to exhaustively check how good a password is and let the user know - even perhaps to make a suggestion of a more secure version.
Finally a good tip that I use to create passwords. First choose a 'keyword', this is a word that can be in the dirctionary or can be a name but choose something memorable and not widely used. Then capatilize one letter and substitute a number for a second letter in the word. This is the key word you can use in every password as a common, memorable bulk to it.
Next write down the current day of the month, then your keyword, then the current month (in number form). This is now a fairly random password but still guessable. Finally choose a random nonsense word (such aas snoodle or wafkingle etc.) and reverse it, adding this to the end of your password.
So you end up with a password that contains 3 distinct and individualy memorable components. The above example is my method but you could develop your own order of the components. All you have to do is remember the 3 parts and the method of creating the password and you get an easy to remember and secure password.
Cheers,
Thomas
Cheers,
Tom
My Crime is that of curiosity, my crime is that of outsmarting you
-- MMMugs Clan member, MM-UK Folding Team Member, Web programmer, Electronics student and Micro Mart contributor --
[ Main/Gaming (Vista): Core2Duo E2140 @ 2.65Ghz, 2GB ] [ Laptop (XP): CoreDuo 2.5GHz, 1GB ] [ File Server (Ubuntu 7.10): P4 2.93GHz, 256MB ] [ Folding 1 (Diskless folder): Unkown PIII, 256MB ]
-- Inactive / in build--
Folding 2 (Diskless folder): Opteron @ 2.6(ish), 512MB
Folding 2,4,5,6,7,8,9,10 (Diskless folders): Unkown PIII's and 4's, 128 -> 256MB
DHCP Server (Ubuntu 7 Server): P4 2GHz, 512MB
|
|
|
|