Sarah Palin and the case for real passwords

[Baruch Menachem]

Apparently, Sarah's password on yahoo was something the guy took about 20 minutes figuring out, because it was easy.


My passwords are usually combinations of Japanese, Russian and L337.  I think this is a convincer that real passwords are really important.

The perp admits there was nothing interesting there, but pictures of the kids.  

Anyway, be careful out there.

[jendf]

Everything I've been reading says that he didn't get the actual password. What he got was the information to reset the password.

I have a Yahoo account and if I forgot my password, all I would have to do is answer some basic questions and they reset it.

Unfortunately, most of the answers to these questions can be tracked down with persistence (ex. mother's maiden name, zip code, birth city, etc.).

But, yeah, I think having a strong password is important too. I've gotten better about creating them as I learn about this stuff.

[Chris_]

Apparently, Sarah's password on yahoo was something the guy took about 20 minutes figuring out, because it was easy.


My passwords are usually combinations of Japanese, Russian and L337.  I think this is a convincer that real passwords are really important.

The perp admits there was nothing interesting there, but pictures of the kids. :loser: 

Anyway, be careful out there.

You gave away too much -- I am sending this from your Yahoo account.

[DixieBelle]

yes, that's the troublesome part. I like strong passwords and challenge questions that you set although I don't have many accounts like that. Most are standard ones.

[Chris]

I generally do the upper/lowercase letters/numbers thing.  Somebody posted a matrix of how long it would take to crack an alphanumeric password... I can't find the link, but I think an eight-digit pw was the minimum, with a mix of upper/lower and letters/numbers.

If I get stuck working on a helpdesk, one thing I recommend to people with long alphanumeric passwords is to put a number at the end.  If your job forces you to change your password every so often, increment the number on your password.  But, some people will still call you once a month and have you reset every single one of their accounts anyway because it's easier for them.

"Uh yeah, can you reset my Windows, Oracle, Novell, COWS, Outlook, and Pinnacle accounts?  Thanks."

[MrsSmith]

I once mentioned to a coworker that I like to use some name-birthday combo for my passwords.  I got an instant, "Oh, that's not very safe!"  I just laughed...with 7 kids, 4 grandkids, and date combos that may be month day, month year, year day, month day, etc., with name first, nickname first, name last, nickname last...even my own kids have never guessed any passwords, and they know all the names and dates.  

[Chris]

I once mentioned to a coworker that I like to use some name-birthday combo for my passwords.  I got an instant, "Oh, that's not very safe!"  I just laughed...with 7 kids, 4 grandkids, and date combos that may be month day, month year, year date, month date, etc., with name first, nickname first, name last, nickname last...even my own kids have never guessed any passwords, and they know all the names and dates.

I had an instructor that told his class the same story every semester.  One of his students used to complain three or four times a year because he couldn't remember his passwords.  He was using his kids names as passwords but he had 13 of them and couln't remember which names he used.

Turns out two of them were twins.  Problem solved.

[LC EFA]

I don't give places like yahoo any factual information ... makes it hard to use the "real" information, if they have it.

There's simple applications out there to generate strong passwords. If you can remember a 9 /10 digit phone number, or your SS number, you can remember a strong password.

I keep a password log in my safe should i forget for some passwords. I know this is considered bad practice by some, but if someone gets into that puppy my password log is the least of my concerns. I tend to using the email based "lost password" system for those accounts that aren't really important.

[DumbAss Tanker]

It's much more sensible to just never put anything sensitive or incriminating in email in the first place.  Strong password or no, all that shit can be frozen and then retrieved with a subpoena, and all that requires is pissing someone off badly enough to find out who you really are and sue you (or prosecute you criminally, if you've really pissed off the wrong person).

[Woody]

Good point.  An email will have at least two copies, yours and theirs.  Then it will pass through a number of filters and servers on the way, some of which back up their data. 

As for Palin's email kerfuffle, I suspect that this will backfire on the hacker.  Everyone I've spoken to so far about this has been far more concerned about the privacy issue than any possible conflict of interest.  The moonbat battlecry "the end justifies the means" doesn't get much play outside of DU. 

Woody

[EastFacingNorth]

Anyone here have any experience with biometric authentication devices for home use?  I had one some years ago - a fingerprint scanner - that integrated with Windows 2k / XP login and with IE6.  It allowed you to create ridiculously difficult passwords because rather than log in you'd just fingerprint-in and the device would submit your username/password for you.  Unfortunately the device wasn't compatible with Vista or newer browsers, so it's sitting in a bin somewhere.

It was really handy and if I could find one with current support I'd probably invest; does anyone know of one?

[LC EFA]

Anyone here have any experience with biometric authentication devices for home use?  I had one some years ago - a fingerprint scanner - that integrated with Windows 2k / XP login and with IE6.  It allowed you to create ridiculously difficult passwords because rather than log in you'd just fingerprint-in and the device would submit your username/password for you.  Unfortunately the device wasn't compatible with Vista or newer browsers, so it's sitting in a bin somewhere.

It was really handy and if I could find one with current support I'd probably invest; does anyone know of one?

I've supported the toshiba laptops that have the fingerprint scanner...

Was a pain in the ass really, as the system was fairly sensitive to dust and finger grime, as well as being quite picky about the prints.

One had to be slow and careful when submitting a print to windows login else it would fail.

Most customers didn't use them, because it was easier to either have no password, or to use a simple windows password in lieu.

[SaintLouieWoman]

It's much more sensible to just never put anything sensitive or incriminating in email in the first place.  Strong password or no, all that shit can be frozen and then retrieved with a subpoena, and all that requires is pissing someone off badly enough to find out who you really are and sue you (or prosecute you criminally, if you've really pissed off the wrong person).

You've got the key right there. It's equivalent to talking on a cell phone---you never know who might be listening (or looking) and it's so easy to trace.

I have one password for a work related account, that I vary when they require a monthly update by rotating numbers at the end of the alpha part of it. That way it's way easier to remember.

[Splashdown]

It's much more sensible to just never put anything sensitive or incriminating in email in the first place.  Strong password or no, all that shit can be frozen and then retrieved with a subpoena, and all that requires is pissing someone off badly enough to find out who you really are and sue you (or prosecute you criminally, if you've really pissed off the wrong person).

Former Philly Mayor Frank Rizzo (RIP) used to say, "never write anything down; never throw anything away."

[Thor]

Part of my military duties required working with classified equipment. That equipment was normally stored in a safe. I always memorized the combinations vs writing them down, as writing them down was "verboten". As a result, I tend to use hexadecimal passwords or alpha-numeric. It kind of depends on what I'm doing. INFOSEC is important. I kind of wonder why Palin hasn't learned about INFOSEC or practices it, at least.

[JohnMatrix]

just use a completely random string of letters and numbers as a password.