Saturday, September 23, 2017

Password rule updated 220223


     Out-of-date password requirements were eight characters of upper and lower-case letters, numerals, and symbols such as – or _. The resultant typically is exactly eight characters, beginning with an upper-case character, and ending with a symbol or the numeral “1”. Invariably, it is a recognizable name easily associated with the user’s environment (child or pet). I knew of a college that permitted a max of nine characters of either number and lower-case letters, only.

     Requirements to periodically change password usually causes one to change the last character being changed, IE, “1” is “7”, “!” is “.”, etc. Miscreants are aware of the gambits. Additionally, they know who enforces periodic password changes; the Social Security Administration once did require a change every six months. That is no longer true. 

      Hackers have gillions of stolen passwords and incorporate them in password-cracking software programs. They also have massive computing power that can try billions of passwords per hour. Most of which are cracked within fractions of a second.

      Simply, more than twenty years of training taught us to create passwords that are difficult to remember, but easy for computers to crack.

     Password generators produce longer, random-character passwords. Password managers are often employed to keep track of them and associate the credentials to the site for which they apply.

     Online Password Managers have been breached, proving that it remains a secret only if you personally retain it, yourself

     Password Safe is my personal choice for managing my 287 accounts credentials record.

     Unfortunately, some websites thwart password managers from automatically entering the credentials with a two-screen entry method or blocking the auto-fill process. Along came Chromium based 

     What I know is that “longer is stronger” and thirty-eight plus characters total is the magic number for not cracking passwords with the current technology criminals use. That may change but the time required to hack even 20-character passwords will require more time than the system is willing to spend. My passwords go on for more than 18 characters and I avoid repeating characters. It's as simple as that. Further, for those sites that permit spaces, I create pass phrases such as, "The longer a memorized secret is - the stronger it is"

Wednesday, August 7, 2013

Protect yourself - updated 220223

Often, an email without a subject line is spam, a phish or other type of manipulation in an effort to gain access to your account; even if it seems to be from someone you know or trust, regardless of whether they are geeky.  Never click a link included in such a message and even consider deleting the message without opening it.