Comments on: Best Password Practices Guide

By: Marcus

Marcus — Wed, 13 Jan 2010 17:58:32 +0000

The most important point made is not using the same password for everything. Most website password systems protect themselves from attacks of this kind but there are other points that passwords can be attacked or obtained so make them different and you lock down the attack points. Different systems = different passwords, WEP, WPA, Computer Access, websites, Simples, and attacks like Brute force can result in retaliation sometimes smooth wall AI style automatically locking down IP’s, MAC addresses, ports, freezing accounts, blacklisting ect.

By: valk

valk — Fri, 30 Oct 2009 14:26:45 +0000

Erm… you know that most dictionary attacks today include 1337$p3@K (leet speak), aka they will easily crack passwords composed of dictionary words, even if you replace a few letters with something else… Sure, it is MORE secure then a plain dictionary word password or qwert but still…

By: jan_geronimo

jan_geronimo — Sat, 17 Oct 2009 13:22:29 +0000

I like your tip about incorporating password hints for the user to make it easy to remember for him, but otherwise look difficult for a password cracker. Great advice here.

By: David Peralty

David Peralty — Mon, 28 Sep 2009 02:01:22 +0000

I make sure to choose passwords like in my example. They are easy to remember.

By: David Peralty

David Peralty — Mon, 28 Sep 2009 02:00:51 +0000

I agree with you that personal passwords aren’t what crackers, hackers and thieves want, but these ideas, and techniques are still smart because it gets people in the right habit which will hopefully translate to their work passwords and more.

I am pretty lax as well when it comes to passwords for my computer, files, and personal stuff.

The flip side though is: just because you’ve never had any issues, doesn’t mean no one has. The exception doesn’t make the rule, and bringing people’s attention towards secure passwords doesn’t seem like a negative thing to me. Maybe people won’t go to the extremes of creating the most secure password, but even just remembering to add in some capital letters or some numbers would be a smart start for most people.

By: Nick

Nick — Sun, 27 Sep 2009 15:34:32 +0000

If you don’t use a password storage software, how do you remeber many complicated passwords?

By: Jeff

Jeff — Sun, 27 Sep 2009 05:58:50 +0000

You, and most other “Security Fanatics”, are making mountains out of molehills. YOU at least seem to be aware that it is, cumbersome at best, having to create, and remember, “strong passwords”. Although your suggestions for managing multiple strong and secure passwords sounds easy enough to do, the vast majority of users simply cannot do this. Ask any IT person manning a Helpdesk, the #1 “petty problem” is people not remembering passwords, and thus getting ‘locked out’. The solution lies not in creating ever stronger passwords, but in strenthening the networks’ access points, thus eliminating the need for the users to have passwords. As you alluded to, computers get faster, so passwords must get stronger. Doing the math however, given the current rate of processing power and speed increases, by about 2020, computers will be powerful enough that ANY password can be broken within about 30 seconds. (That is, any password that falls within the limits of most humans memory) Now for the coupe de grace, “Crackers” DON’T WANT PERSONAL INFORMATION ON INDIVIDUALS. What they want is access to the computer networks of big corporations. The personal individual is “small-fry” and not worth the time it takes to get their information. Contrary to newsmedia reports, “identity theft” is not a “huge” problem. To date, there have been less than 300,000 actual, provable, cases of Identity theft. And the media claims this is a “Trillion dollar business”. Yeah, right, I guess if all 300,000 of those people were billionaires and the thieves stole it all, then OK. I have been on the “internet” since WAY before there was a “World Wide Web”. I first got “online” in 1968 through ARPANET. to date, I have never, ever, not once, used a password to secure my computer or the data on it. I also do not use anti-virus software. I have not had my identity ripped off, and I have never contracted a ‘virus’. I’ve already told you why, the thieves don’t want me, they want Big Corporations. But why no viruses? because the virus authors are on ego trips, their challenge is to ‘crack’ into protected systems. Mine’s not “protected” so it is essentially invisible to them. (And to be clear, “no viruses” does not mean no Trojans, Spyware, or Adware, those generally are not after anything other than your surfing habits, and everybody gets those, even me.)

By: David Peralty

David Peralty — Tue, 22 Sep 2009 20:11:11 +0000

I really don’t recommend password managers if you can avoid them. There are a few ways that others can get your passwords from your computer, and so storing them in one spot, with only one password to crack to get access to everything, including which places you have accounts at seems a little counter-security to me.

By: Diego

Diego — Tue, 22 Sep 2009 19:59:18 +0000

I really enjoy your article and have recommended the same on my site. I have also gotten really used to lastpass addon. It is a password keeper that can generate new passwords for each site and then keep track of them.

By: Amanda

Amanda — Tue, 22 Sep 2009 07:01:11 +0000

I’m not good in remembering password, so I use Sticky Password. This is a great solution and it includes the Password Generator for very very strong passwords, that are unable to broke. Just have a look at http://www.stickypassword.com