Showing posts with label passwords. Show all posts
Showing posts with label passwords. Show all posts

12 October 2011

What Happens When The Company Backing Up Your Passwords In The Event of Your Death Itself Dies?

The unprecedented public outpouring of grief in the technical community at the death of Steve Jobs seems to go well beyond the fact that he was an undeniably important and powerful figure in that world for several decades. Perhaps it's because the people involved in technology are disproportionately young compared to most other industries: death often seems very far away at that age. The demise of the charismatic Jobs comes as brutal reminder that even leaders of the most successful companies must, one day, die. And hence, by implication, that we too will die. 

On Techdirt.

08 July 2008

Apple, the Security Paragon

Not:

Apple just gave out my Apple ID password because someone asked

29 April 2008

Microsoft: The Police State's Best Friend

You can't make this stuff up:


Microsoft has developed a small plug-in device that investigators can use to quickly extract forensic data from computers that may have been used in crimes.

The COFEE, which stands for Computer Online Forensic Evidence Extractor, is a USB "thumb drive" that was quietly distributed to a handful of law-enforcement agencies last June. Microsoft General Counsel Brad Smith described its use to the 350 law-enforcement experts attending a company conference Monday.

The device contains 150 commands that can dramatically cut the time it takes to gather digital evidence, which is becoming more important in real-world crime, as well as cybercrime. It can decrypt passwords and analyze a computer's Internet activity, as well as data stored in the computer.

Now, tell me again why you want to run Windows instead of GNU/Linux?

14 December 2006

MyPassword

In case you hadn't noticed, we live in a digital world cordoned off by passwords. Nearly everything online requires them, so you are faced with the classic dilemma: use one, hard-to-guess, hard-to-remember one for everything, or use lots of easy-to-remember, easy to guess ones - or maybe just one easy-to-guess.

This fascinating analysis by Bruce Schneier of a clutch of compromised passwords from MySpace is slightly better news than you might have expected:

We used to quip that "password" is the most common password. Now it's "password1." Who said users haven't learned anything about security?

But seriously, passwords are getting better. I'm impressed that less than 4 percent were dictionary words and that the great majority were at least alphanumeric.

The story has some good links to historical studies of passwords, as well as the usual sharp Brucie thoughts. Alas, these include the following:

None of this changes the reality that passwords have outlived their usefulness as a serious security device. Over the years, password crackers have been getting faster and faster. Current commercial products can test tens -- even hundreds -- of millions of passwords per second. At the same time, there's a maximum complexity to the passwords average people are willing to memorize (.pdf). Those lines crossed years ago, and typical real-world passwords are now software-guessable.

"Hundreds of millions of passwords per second"??? Gulp.

02 September 2006

OpenID and Password Overload

Do you have too many passwords to remember? If you don't, that probably means you're using the same one or two for every site - not a good idea. If you are, you are then faced with two possibilities: writing them all down somewhere (physically or electronically) or trying to remember them all. Both approaches are fraught with dangers.

What we need, of course, is a centralised service that lets you establish your identity once, and which then handles all the tiresome details. Oh, and which isn't run by Microsoft.

Well, you could try OpenID (good name, if nothing else). It's not the only such system, but it seems to have it's heart in the right place. One to watch. (Via C|net.)