Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Most common (or Most important) privacy leaks



My bad, here was my not-intended-to-be-private reply:

My passwords are 19 characters long (if possible).  Size is the important
issue for making passwords strong.  I don't type them in.  Instead I use
lastpass.  If I had to keep things secure, I would consider their
enterprise service.


"Letter count is a pointless factor in password security."

I don't think the math supports you on this one.  Compare these three:

whom
NtoU
UTap

to:

j885DK5Q0kqy88Sqm52
uKf98RjGre1yI27a59l
uKf98RjGre1yI27a59l

The first three were set with a length of 4 and made pronounceable.  The
later three are 19 characters long.  I recall an article that said quite
specifically that length was more important that choosing diverse
characters.

Employees will be people.  People's preferred passwords are password and
123456.  I can be certain a dedicated attack can crack that system.

Most companies don't have anyone that knows cryptography.  If you do have
such a person, it is hard to understand them.  I suspect lastpass is full
of such people who are every bit as paranoid as readers of this group.
Actually, probably more so since it is their entire job.  If you make
enforce strong encryption policy a necessary rule, and make it convenient
(even for use on the phone), then people will do it.  It is so much easier
to click on a button in the browser to make a password than think of one
and write it down.  That is how I wrote the email.

You also will need to revoke passwords once the employee has left.  Sounds
like a good job for software.  And because lastpass is making money selling
to enterprise clients, they can also provide nice reports for the business
types that have to pay for the service.



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org