Forwarded from: myemailaccount@private I consider password security to be most important. I understand regular users cannot think of thousands of passwords and not write them down. Because my memory is also not perfect I have developed the following password scheme: I memorized 8 difrent sequences of alphanumerical characters, let's call them SAC's. (just inventing a new abbreviation here). Each difrent in size and using some Uppercase letters. I give them all a number (so SAC1, SAC2, SAC3 etc.) For every account I select three of these sequances of alphanumerical characters, and put them in a certain order. That is my password. I then write down the order in a password protected database. (with a simpler password, don't care that much if the database is compromised) So for example: For hotmail I might use sequance SAC4, SAC5, SAC2. I just add to my password database "Hotmail 452" and I know what the password is. For sequance SAC1, SAC8, SAC3 I use with my mail certificate the note I have written down is "mail certificate 183" Somewhere else I have as a reminder a list of all my SAC's but only with the first two characters being correct, the rest is put there as desinformation. So I actually look only at the first two characters and then remember what that SAC was again. So I have a list that looks like this: SAC# written down - real password SAC1 fuh355y9wtga9 - fuh5y05edh SAC2 g8betb8g - g8bs=hb56hRRTYsh SAC3 l;kyh35h9 - l;g588bas3DR SAC4 aBfbvsdh4 - aBbdnitbAA$ SAC5 GgfasdG - Gggrw422a~ SAC6 >>GSDFGWRw444 - >>GAEB53th8g3e SAC7 BbgRhgw52354 - Bdghbwtrb53 SAC8 6775u3ed5us - 67hJ^$6493 So for example when I need my password to get into hotmail I just open my password database or grab my paperprint out of the list and lookup the hotmail account, I see "Hotmail 452". I also look up my SAC list up here and by looking at the first few characters I remember what each SAC is. So the password is "aBbdnitbAA$Gggrw422a~g8bs=hb56hRRTYsh" without the quotes. Once you have the discipline to set up something similar and stick to it your password security will be increadable. (and it's worth the look on peoples faces when they see you enter passwords of more then 20 characters at lightning speed, try to sneak up that one =D ) Also I try to maintain my habit to type in numbers on the number keypad and as I do so cover up my hand with the other hand so it cannot really be seen or recorded by camera's. Just as one would protect their pin-code. (also considering those credit thieves that build in camera's in ATM machines and devices that record your magnetic strip. Haha, have fun with my strip, but you couldn't see my pin code :P) Greetings, Da paranoid android ;-) > -----Oorspronkelijk bericht----- > Van: isn-bounces@private > [mailto:isn-bounces@private] Namens InfoSec News > Verzonden: Thursday, June 03, 2004 09:31 > Aan: isn@private > Onderwerp: [ISN] Simple passwords no longer suffice > > http://www.cnn.com/2004/TECH/ptech/06/01/beyond.passwords.ap/i > ndex.html > > June 1, 2004 > > (AP) -- To access her bank account online, Marie Jubran opens a Web > browser and types in her Swedish national ID number along with a > four-digit password. > > For additional security, she then pulls out a card that has 50 > scratch-off codes. Jubran uses the codes, one by one, each time she > logs on or performs a transaction. Her bank, Nordea PLC, > automatically sends a new card when she's about to run out. > > As more Web sites demand passwords, scammers are getting more clever > about stealing them. Hence the need for such "passwords-plus" > systems. > > Scandinavian countries are among the leaders as many online > businesses abandon static passwords in favor of so-called two-factor > authentication. > > "A password is a construct of the past that has run out of steam," > said Joseph Atick, chief executive of Identix Inc., a Minnesota > designer of fingerprint-based authentication. "The human mind-set is > not used to dealing with so many different passwords and so many > different PINs." > > When a static password alone is required, security experts recommend > that users combine letters and numbers and avoid easy-to-guess > passwords like "1234" or a nickname. _________________________________________ ISN mailing list Sponsored by: OSVDB.org
This archive was generated by hypermail 2b30 : Fri Jun 04 2004 - 01:12:50 PDT