Posted: August 25th, 2010 | Author: Dan Misener | Filed under: tech | Tags: passwords, security | 1 Comment »An excellent hypothetical scenario that underscores just how important it is to use different strong passwords for everything:
You have email account x@y.com, which is your main email. You have the password XYZ, which you use for everything. You register at paypal with your email address x@y.com and use your normal password. You then register at some obscure webforum using your normal email and password.
Obscure webforum keeps new member details in plain text on their site. Hacker hits obscure webforum and takes thousands of email addresses and site passwords. Hacker then feeds these emails and passwords into paypal, a good proportion of which will actually work.
[Via a comment by Bert9000 in Charles Arthur's post on recent iTunes/Paypal hacks]
Posted: August 16th, 2010 | Author: Dan Misener | Filed under: CBC, tech | Tags: cracking, georgia tech, passwords, security | 4 Comments »My password is bigger than your password. And that’s a good thing.
According to researchers at Georgia Tech, GPU-accelerated brute-force password cracking techiques are getting really good:
“Right now we can confidently say that a seven-character password is hopelessly inadequate,” said Mr [Richard] Boyd, “and as GPU power continues to go up every year, the threat will increase.”
Instead, Boyd recommends “a 12-character combination of upper and lower case letters, symbols and digits.”
That’s good advice. But alas, we live in a world where 75% of the population uses the exact same password for their email and social networking accounts, and the 5 most popular passwords go like this:
- 123456
- 12345
- 123456789
- Password
- iloveyou
Personally, I use 1Password to generate and manage strong passwords, and I love it. I have to say, there’s a special warm, fuzzy, geeky feeling that goes along with knowing you’re using good passwords. It’s not unlike the feeling I get when I know my family photos are redundantly backed up.
My next CBC tech column (Tuesday on CBC R1 afternoon shows across Canada) is all about generating good passwords. It’s good advice to hear anytime, but if you use the same password for more than one site, seriously, change it now.