Sunday, December 12, 2010

Passwords and security

Public Service Announcement and discussion!
Gawker media's database of email addresses and passwords for several hundred thousand users was copied and distributed and password crackers are eagerly attempting to crack everything there and see what else uses those same ID's and passwords.

Password reuse is a common exploit vector -- It seems convenient to use the same low-security password for multiple web forums and other things. But it really does open up holes that lead to bigger exploits. (See also this xkcd.) In particular, don't re-use a password for an email account or anything connected to your credit cards or banking. Using a base password and then some added characters for each web site can be a convenient way to have different passwords that are still reasonably easy to remember. And then there's always PasswordSafe (my favorite), which runs on several common platforms, to securely store passwords.

No comments:

Post a Comment


About Me

My photo
Regis has worked as a network engineer since 1994 for small companies and for large companies.