Tag Archives: Password

  • -

Simplifying Password Complexity

Category:Information Security,Infosec Communicator,password,Uncategorized Tags : 

T y p e w r i t e r ⏎Let’s be honest. Passwords are a pain. We all know that it’s important to have different passwords for different places and we all know that they need to be fairly complex. We also know that remembering numerous passwords, especially strong passwords, can be a challenge. So what’s the best strategy?

In this article, I’ll talk about how to create memorable (but strong) passwords and suggest a tool that will make constructing and remembering strong passwords easier.

In general, the strength of a password depends on two factors: length and complexity. Although there’s some disagreement, length is more important than complexity. (For a humorous illustration of password complexity, read the XKCD comic at http://xkcd.com/936/)

Increased complexity makes it more difficult to create a password that you can remember.  The idea of a long complex password may be overwhelming. However, increasing password length alone can result in a password that’s memorable and stronger. Because of the way Windows stores some passwords, the “magic number” is 15 characters or more. A traditional complex password of 15 characters might look like this: “qV0m$$#owc2h0X5”. I don’t know about you, but there’s no way I’m going to remember a password like that. You COULD write it down and store it securely, but it’s not the easiest password to enter on a keyboard, and storing passwords in a browser or in a desktop application is insecure.

Here are a couple of strategies for strong passwords.

Read More

  • -

Password Strength Comic

Category:Information Security,Infosec Communicator,Risk Tags : 

This would fit right into my Ten Tips to Shockproof Your Use of Social Media Lightning Talk, except that it probably takes more than 15 seconds to read.

Courtesy of XKCD

Which of these passwords appears to be stronger? Are you surprised?

Passphrases are easy to remember and harder to crack!

Enhanced by Zemanta

  • 1

Choosing the Safest Browser, Part 2

Category:Information Security,Infosec Communicator,Internet Safety Tags : 

Safe Practices

Check your Browser Security Settings

How can you tell how secure your web browser may be? Scanit’s Browser Security Test checks your browser security settings and provides a report explaining the vulnerabilities, the potential impacts, and how to correct them.

Use Security Software

Your security software should include an antivirus, anti-spyware, and a firewall.

Update Regularly

Keep your browser and applications up to date. If you’re prompted for an update, accept it.

Use Strong Passwords

Use a strong complex password or passphrase. Consider using a password vault such as LastPass to generate and store your passwords.

Install Browser Tools/Add-ons

Current browsers all provide some protection against phishing. There are also browser tools that you’ll find helpful.

  • The Netcraft Toolbar is a browser plug-in available for Firefox. The toolbar helps stop phishing attempts by blocking known phishing sites and providing hosting information about the sites you visit.
  • The McAfee Site Advisor is a browser plug-in available for Internet Explorer and Firefox. The Site Advisor warns you of websites known to have malicious downloads or links by checking them against a database at McAfee.
  • WoT (Web of Trust) provides color-coded ratings of the safety and reputation of websites.

Limited Account Privileges

Limiting account privileges (WindowsXP) provides simple but effective protection when working online. Limited accounts allow you to do most daily activities but do not allow you to install software (only accounts with administrative privileges can install software on the computer).

Many attacks take advantage of administrative privileges to install malware on your computer. If you’re using a limited account, attackers and malicious websites will not be able to install malware. (This is less of an issue with Windows 7 and Mac OS X because they ask you to confirm software changes.)

Threats have doubled since 2009 and the threat vectors have increased. Vigilance is even more important.

One thing hasn’t changed. The key to safe browsing is not which browser you choose. It’s following safe practices.

Please comment on the post and let us know some safe practices you recommend.

Enhanced by Zemanta