You are here

strong passwords

Password managers and autocomplete

Authentication Icons


Some web sites insist on as much control over our passwords as they can get. They demand that we choose hard-to-remember passwords, they spread the login over several pages, and they refuse to accept password text through autofill or even copy/paste. This is supposed to reassure us, I guess, the way that shoe removal reassures everyone at the airport.

Post category: 

Replacing a Hacked Password

HackI just received a couple of spam emails from a friend who had had her email account hacked. The hacker sent the spam to everyone on her contact list. Here's what I told her:

First, replace your old password!

Second, choose a password that can't be guessed based on text in your emails!

Third, write down the password. Keep that piece of paper till you remember the password without looking.

Post category: 

Passwords and Entropy

Entropy with decimal diceMy friend and colleague Al Dowd pointed me to Troy Hunt's blog post last April on password entropy.

Post category: 

"Cracking" Passwords

There's been buzz in computer hardware blogs over the past few days about how faster processors (and GPUs in particular) are rendering strong passwords "useless." One experimenter, named Vijay Devakumar, posted a description of his success at cracking passwords, which has been recently picked up by bloggers on

Post category: 

Managing Your Passwords

In 2009, another blogger posted an article on password problems that suggests 10 hard-to-follow rules.

The author highlights an important problem: attackers can do systematic trial-and-error guessing attacks against on-line sites. She focuses on a Google Gmail problem recently reported on Full Disclosure.

Here's the point: use strong protection on high-value targets. Take the time to protect your major e-mail account, your financial resources, and anything else you really value. If you're going to slack off, do it when registering to post a one-off blog comment.

Let me take a stab at my own list of recommendations.

Post category: 

Mixed Bag: Lifehacker's Top 10 Computer Annoyances

There's some terrific stuff here. Unfortunately, it's packaged with Internet-based password selection.

Get it straight: you're only supposed to share your passwords with yourself and your keyboard. You aren't supposed to ask your astrologer for one, or collect one from someone on the bus, or at a cocktail party. And never, ever from an Internet web site.

read more

Post category: 

Secure Passwords: unclear with the concept

Another chuckle:

Someone picked up the domain '' and has proceeded to implement a password generator on it. The generator applies a common technique (I described it in my book Authentication) wherein you choose two words from long lists and separate them with a special character of some sort.

The down side should be obvious to anyone who thinks about web security: the password is shared with the password generating site and with anyone who sniffs the web page as it travels across the Internet.

Post category: 

Picking Passwords

I've finished an article on Picking Passwords that outlines the three types of passwords and suggests ways to choose them. The three types are:

1. simple, traditional passwords

2. strong but memorable passwords

3. totally random, hard-to-memorized passwords

Post category: 

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer