Please login or register.

Login with username, password and session length
gfx gfx
76773 Posts in 13499 Topics by 1650 Members - Latest Member: Litldynomite000 March 04, 2024, 08:28:42 am
WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Password tips

Author Topic: Password tips  (Read 1885 times)

0 Members and 1 Guest are viewing this topic.

Password tips
« on: October 19, 2012, 01:17:59 am »
We – the users – are supposed to be responsible, and are told what to do to stay secure. For example: “Don’t use the same password on different sites.” “Use strong passwords.” “Give good answers to security questions.” But here’s the troublesome equation:

    more services used = more passwords needed = more user pain

… which means it only gets harder and harder to follow such advice. Why? Because security and practicality are in conflict.

Markus Jakobsson

A security researcher, Dr. Markus Jakobsson is one of the main contributors to the understanding of phishing and crimeware. He holds over 50 patents and 100+ pending patents; is a co-founder of four startups spanning user authentication, mobile malware detection, and secure user messaging; and has published a collection of books. Jakobsson is Principal Scientist of Consumer Security at PayPal.

But they don’t have to be. As someone who has studied millions of passwords and how they were constructed – I’ve spent most of my waking hours for over a decade obsessing about authentication methods – I say we can have both security and practicality.

And it starts with recognizing that a lot of security advice hurts more than it helps...
...One common suggestion is taking a word, let’s say “Elvis”, and replacing letters with digits to get “3lv1s”. While this makes a password memorable – presuming we won’t forget Elvis – it doesn’t make it that much more secure. Because everybody makes changes just like that....
...So how do we select strong and memorable passwords? Here’s how: Think of a story, something weird and memorable that happened to you. Like that time you went jogging and stepped on a rat (ugh). Your password? “JogStepRat”: Your personal story boiled down to three words. If this really happened to you, you won’t forget. And no one else can guess it – unless you’ve told everyone that story, but then you’d just pick another, more embarrassing source story you’d never share!

This approach isn’t just conjecture: It works. It’s been tested at a large scale, and this type of password has twice the bit security of an average password. I kid you not.

WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Password tips

©2005-2024 All Rights Reserved.
SMF 2.0.19 | SMF © 2021, Simple Machines | Terms and Policies
Page created in 0.021 seconds with 22 queries.
Helios Multi © Bloc
Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS!