• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

What is 'best practice' for password management?


Coram Daes

.i hate fanbois.
Member
#21
Mystere, I am not saying that Gibson is to be taken by the letter, but rather that there are simple ways to get good passwords through Character repetition. There are many ways to test passwords these days and I actually think that setting up a combination of any "short" character sequence (given upper-case, lower-case, special and numbers) and repeating it, is equally safe and easier to remember than many other approaches.

I tested a few passwords I actually use at Password Strength Checker which also accounts for repetitiveness, and they came out 100%. All those inspired by GRC's writings.
 

My Computer

System One

  • OS
    W7x64P
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Main WKS/Gaming Sloth
    CPU
    Phenom II X6 1075T, 3000 Mhz
    Motherboard
    Asus Sabretooth 990FX
    Memory
    16 GB PC3-10700
    Graphics Card(s)
    2 x ATI 6750
    Sound Card
    Asus Xonar DX
    Monitor(s) Displays
    2 x LG Flatron L2000C (3:4)
    Screen Resolution
    2 x 1600x1200
    Hard Drives
    WDC WD740ADFD (10k rpm)|
    WDC WD5000AAKS |
    WDC WD10EARS
    PSU
    750 W
    Case
    Cooler Master CM 690
    Cooling
    Cooler Master Hyper 612S
    Keyboard
    Logitech G110
    Mouse
    Logitech G700
    Internet Speed
    ADSL 30 MBit
    Antivirus
    ESET Endpoint Protection

Coram Daes

.i hate fanbois.
Member
#23
Security questions may be stupid, but they are in fact widely used in Corporations in order to actually help regular users reset their password. That is not such a bad idea in itself, but then again, perhaps not as safe.
 

My Computer

System One

  • OS
    W7x64P
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Main WKS/Gaming Sloth
    CPU
    Phenom II X6 1075T, 3000 Mhz
    Motherboard
    Asus Sabretooth 990FX
    Memory
    16 GB PC3-10700
    Graphics Card(s)
    2 x ATI 6750
    Sound Card
    Asus Xonar DX
    Monitor(s) Displays
    2 x LG Flatron L2000C (3:4)
    Screen Resolution
    2 x 1600x1200
    Hard Drives
    WDC WD740ADFD (10k rpm)|
    WDC WD5000AAKS |
    WDC WD10EARS
    PSU
    750 W
    Case
    Cooler Master CM 690
    Cooling
    Cooler Master Hyper 612S
    Keyboard
    Logitech G110
    Mouse
    Logitech G700
    Internet Speed
    ADSL 30 MBit
    Antivirus
    ESET Endpoint Protection

crawfish

Member
Power User
Posts
454
#24
The problem is, if I've lost my password, I've also lost my security answers. I would never use legit and therefore guessable answers, so security questions are basically a double-password system from my perspective. I guess there might be some value as long as passwords and security answers are stored separately and aren't easy to match, but then again my main passwords are strong and hard to brute-force, so it mainly just adds inconvenience AFAICT.
 

My Computer

System One

  • OS
    Windows 8.1 Pro with Media Center

Mystere

Power User
VIP Member
Power User
Posts
1,925
#25
Security questions may be stupid, but they are in fact widely used in Corporations in order to actually help regular users reset their password. That is not such a bad idea in itself, but then again, perhaps not as safe.
Ask Sarah Palin ;) Her email was hacked because her security question was "What high school did you go to?" and everyone knows she went to Wasilla High School.
 

My Computer

System One

  • OS
    Windows 8.1 Pro
    CPU
    Intel i7 3770K
    Motherboard
    Gigabyte Z77X-UD4 TH
    Memory
    16GB DDR3 1600
    Graphics Card(s)
    nVidia GTX 650
    Sound Card
    Onboard Audio
    Monitor(s) Displays
    Auria 27" IPS + 2x Samsung 23"
    Screen Resolution
    2560x1440 + 2x 2048x1152
    Hard Drives
    Corsair m4 256GB, 2 WD 2TB drives
    Case
    Antec SOLO II
    Keyboard
    Microsoft Natural Ergonomic Keyboard 4000
    Mouse
    Logitech MX

DavidY

Active Member
VIP Member
Pro User
Posts
955
#26
(Edit) I have a harder time remembering my security questions.
Security questions are stupid. I use unique random strings for them the same as I use for my passwords.
Security questions might not be so bad, but some organisations include stupid options like "what is your favourite colour?"; a question to which I never know the answer (perhaps it's cyan this week ;) ).
 

My Computer

System One

  • OS
    Windows 8.1, 10

XweAponX

New Member
VIP Member
Pro User
#27
Security questions may be stupid, but they are in fact widely used in Corporations in order to actually help regular users reset their password. That is not such a bad idea in itself, but then again, perhaps not as safe.
Ask Sarah Palin ;) Her email was hacked because her security question was "What high school did you go to?" and everyone knows she went to Wasilla High School.

HAHAHAHA! Well, she's stupid, what is anyone else's excuse Bfhahahaha!

Actually one of the ones I use IS my original Elementary School, the only people that could guess this, would be people I knew only in Kindergarten. That makes it a short list of about 1 person.
 

My Computer

System One

  • OS
    Windows 8 Pro with Media Center/Windows 7
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Asus M2N-MX SE Plus § DualCore AMD Athlon 64 X2, 2300 MHz (11.5 x 200) 4400+ § Corsair Value Select
    CPU
    AMD 4400+/4200+
    Motherboard
    Asus M2N-MX SE Plus/Asus A8M2N-LA (NodusM)
    Memory
    2 GB/3GB
    Graphics Card(s)
    GeForce 8400 GS/GeForce 210
    Sound Card
    nVIDIA GT218 - High Definition Audio Controller
    Monitor(s) Displays
    Hitachi 40" LCD HDTV
    Screen Resolution
    "1842 x 1036"
    Hard Drives
    WDC WD50 00AAKS-007AA SCSI Disk Device
    ST1000DL 002-9TT153 SCSI Disk Device
    WDC WD3200AAJB-00J3A0 ATA Device
    WDC WD32 WD-WCAPZ2942630 USB Device
    WD My Book 1140 USB Device
    PSU
    Works 550w
    Case
    MSI "M-Box"
    Cooling
    Water Cooled
    Keyboard
    Dell Keyboard
    Mouse
    Microsoft Intellimouse
    Internet Speed
    Cable Medium Speed
    Browser
    Chrome/IE 10
    Antivirus
    Eset NOD32 6.x/Win Defend
    Other Info
    Recently lost my Windows 8 on my main PC, had to go back to Windows 7.

Coram Daes

.i hate fanbois.
Member
#28
I would never use legit and therefore guessable answers, so security questions are basically a double-password system from my perspective.
Well, I get the point, but that also defeats the purpose with security questions, as I understand them. And you can actually have that setup in a number of ways, it is up to the application developer to decide upon any numbers of security questions and what they should be, or, as I have where I work, the ability to make up your own.

I think you forget that these actually presume you have access to the e-mail account they send out a link to, assuming they do that.

Sara Palins example is in that context proof that the guys in charge for her e-mail server were nuts. The poor security does not really lie on her, or similar stories, but on the guys responsible for the security of the account.
 

My Computer

System One

  • OS
    W7x64P
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Main WKS/Gaming Sloth
    CPU
    Phenom II X6 1075T, 3000 Mhz
    Motherboard
    Asus Sabretooth 990FX
    Memory
    16 GB PC3-10700
    Graphics Card(s)
    2 x ATI 6750
    Sound Card
    Asus Xonar DX
    Monitor(s) Displays
    2 x LG Flatron L2000C (3:4)
    Screen Resolution
    2 x 1600x1200
    Hard Drives
    WDC WD740ADFD (10k rpm)|
    WDC WD5000AAKS |
    WDC WD10EARS
    PSU
    750 W
    Case
    Cooler Master CM 690
    Cooling
    Cooler Master Hyper 612S
    Keyboard
    Logitech G110
    Mouse
    Logitech G700
    Internet Speed
    ADSL 30 MBit
    Antivirus
    ESET Endpoint Protection

Users Who Are Viewing This Thread (Users: 0, Guests: 1)