The Real Deal: Password and Authentication
Password and Authentication
by enkerli - 8/13/08 8:33 AMDuring the encryption episode, I kept thinking: "They really need to do an episode on passwords." Seems like you read my mind (though I was thinking this after you recorded the show, so it's a bit weird).
But I hope you'll do an episode on authentication in general.
In terms of generating passwords, I recently discovered SuperGenPass through TWiT (wasn't Tom on that episode?).
http://supergenpass.com/
I do have a few "Road Test" issues with SGP, including the fact that I need these passwords outside of browsers (say, in OSX iPhone apps).
One thing you already mentioned on occasion but that I think deserves more discussion is OpenID.
http://openid.net/
IMHO, it's especially useful for authentication to post on forums (!!). Though SGP helps me in not having to remember too many passwords, I still find it absurd that I have to create complete authentication every time I need to post something on a site I rarely visit (including CNET.com, to be honest).
I'm sticking to 1,2,3,4,5...
by R. Proffitt
- 8/14/08 2:26 PM
In reply to: Password and Authentication by enkerli
http://www.youtube.com/watch?v=K95SXe3pZoY
http://www.youtube.com/watch?v=JIubVxdHuZA
http://www.youtube.com/watch?v=ebSspdgm70E&feature=related
SuperGenPass
by brfranci - 8/15/08 2:09 AM In reply to: Password and Authentication by enkerliI too discovered SuperGenPass on TWiT, and I think it's great. I've been using it now for about three weeks. I'd love to hear Rafe and Tom's take on it, and to learn about other options for creating and remembering secure passwords.
Passwords
by JCSandvik - 8/20/08 2:04 PM In reply to: Password and Authentication by enkerliThis may be a little remedial, but whenever I help people with passwords they think it’s sliced bread. It’s simple, and easy to remember but meets the primary goal of passwords. I will take a current favorite of the day, let’s use Cnetrealdeal and change the letters to numbers. My key is change E’s to 3’s (Backwards E); A’s to 4’s (An A missing a leg) or O’s to 0’s. You could do B’s to 8’s, and S’s to 5’s, but I haven’t used those.
That would change Cnetrealdeal – Cn3tr34ld34l. Usually I would only do one or two changes, and just do Cn3trealdeal, and then next time it could be Cnetr34ldeal. Then on my Cheat-sheet (hidden in my Notepad in Outlook) I replace the changed characters with # signs or place them at the end of the word just to remind me there are numbers in there without giving the correct password away.
Hope someone finds this useful.
add a base or core password
by engnr--chik - 8/21/08 8:54 AM In reply to: Passwords by JCSandvikJCSandvik, I do something like that which I then add to a core password that I use for all passwords. The result is that all of my passwords are about 12 to 18 characters long and I usually can recall them from memory.
I'm interested to hear what acedtect has to say about this technique though. It's not truly random, so how easy would it be to break? Better than "password," I guess.
Cheers
Password manager: app vs browser
by HammerAuer - 8/20/08 8:10 PM In reply to: Password and Authentication by enkerliMy big issue with online password managers is that you have to have at least some trust that the backend is secure and reliable. I don't see a way to eliminate that disadvantage over a local app.
From reading about SuperGenPass, it looks as though it limits your flexibility with the passwords to support its implementation and security model. You decide on a master password, and then it decides on the passwords for each site. You'll need some sort of supplemental personal algorithm if you want to alter the strength of your passwords or change your passwords regularly.
I still strongly favor KeePass (www.keepass.info). Free and open source. Strong security and great flexibility.
- Joel
Firefox Password Import/Export
by Owyn - 10/28/08 6:50 PM In reply to: Password and Authentication by enkerliI just installed Password Exporter 1.1
https://addons.mozilla.org/en-US/firefox/addon/2848
The reason is that I wanted to review the list of sites I was currently using in preparation to doing a mass password change. The export / review function looked like a great way to get a current list.
I have not decided yet how I will actually generate the new passwords, but, OpenId will definitely be a preferred options where supported.
The add-on does just what I expected, but, I just realized that it opens a HUGE hole in Firefox's Password Manager. Anybody could install this add-on and dump the non-secured (https) sites password info for this instance of Firefox.
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
