[Dshield] password security

Dr. Daniel Carras dr.astrom42 at gmail.com
Thu Feb 5 21:24:51 GMT 2009 

"Now back to my question. --- I am looking for a site that is secure 
enough that I don't have to worry
about someone kid getting my amazon or tigerdirect password."

I don't know of any. The problem with these sites, is not some kid, but 
the potential for identity theft. For example, someone gains access to 
these accounts and places purchases using a stolen credit card, you are 
now involved. The problem with security is the first rule of security, 
"you never discuss security". To that effect, you can use, learn some 
hacking technics, just by visiting some such sites. Understanding (even 
briefly) how code is written and what they look for, you can create a 
password file on your system, that would not ordinarily be looked for. 
It here you place your rarely used password. You may also wish to look 
into the history of camouflage. This is what you want to do on your 
system, create a camouflaged password file that hackers will not see.



Matthew Dunlop wrote:
> I knew this was going to open a can of worms as to what kind of passwords
> where hardest to crack. As far as passwords go most of mine are 12
> characters or longer. Most of them are some sort of pharse like:
> (The Best Password I could ever come up with is very long} then you take
> The first letter of each word TBPICECUWIVL and to put a big twist I replace
> Some of the letters with ascii characters and add numbers to the beginning
> and end. So the final password might be something like this. 
> 39T8P!(E(UW!VL93   I would be very hard pressed to think that a dictionary
> attack could have any luck with that password. And the phrase is something
> you can recite in your head helping you to recall the letters used.
>
> Now back to my question. A lot of my passwords that I use daily I remember
> as I use them a lot. But it's the sites that I visit once ever 3-6 months
> that I find I forget which password I used. Mostly I just have them send me
> an e-mail with the password. 
> I am looking for a site that is secure enough that I don't have to worry
> about someone kid getting my amazon or tigerdirect password. The very secure
> Password that I use for servers and e-mail accounts and banking would never
> be placed in this list.
>
>
> Matt Dunlop
> IT Manager
>
>
> -----Original Message-----
> From: list-bounces at lists.sans.org [mailto:list-bounces at lists.sans.org] On
> Behalf Of White, Robert W
> Sent: Wednesday, February 04, 2009 5:26 PM
> To: General DShield Discussion List
> Subject: Re: [Dshield] password security
>
> I would recommend "pass phrases" of 8 or more characters using three of
> the following UPPER CASE, lower case, numbers, punctuation (spaces,
> coma, dash, etc.) i.e. 10 Bottles Beer 
>
> -----Original Message-----
> From: list-bounces at lists.sans.org [mailto:list-bounces at lists.sans.org]
> On Behalf Of Dr. Daniel Carras
> Sent: Wednesday, February 04, 2009 4:49 PM
> To: General DShield Discussion List
> Subject: Re: [Dshield] password security
>
> The safest option is not an online site, but a txt file (not obviously 
> named password, etc.). Further, the safest passwords are random 
> groupings of numbers and letter. For example; as secure 6 character; 
> eeqmc2 [e = mc^2]
>
> Matthew Dunlop wrote:
>   
>> I am very aware of how easy passwords are cracked and more complicated
>>     
>
>   
>> ones take longer.
>>
>> I also know that you never use the same password for your banking and 
>> e-mail and other sites.
>>
>> I have come up with some very long and hard to crack passwords and 
>> some not so long ones too.
>>
>> (I hate sites that limit you to 6 charters) As my list of sites that I
>>     
>
>   
>> have created accounts grows, I wonder
>>
>> How many different passwords should be keeping in my head. And when my
>>     
>
>   
>> head can't store them all.
>>
>> Is there a web site that is secure enough to store them at. I know 
>> there are programs that I can run to keep
>>
>> The data local, but there are some time I don't have a flash drive 
>> with me or I might forget to update it.
>>
>> What sites to you think are secure enough to use?
>>
>> **Matt Dunlop***
>> **IT Manager**
>>
>> *
>>
>>
>>     
> ------------------------------------------------------------------------
>   
>> _______________________________________________
>> Dshield mailing list
>> Dshield at lists.sans.org
>> To change your subscription options (or unsubscribe), see:
>>     
> https://lists.sans.org/mailman/listinfo/list
>   
>>   
>>     
>
> _______________________________________________
> Dshield mailing list
> Dshield at lists.sans.org
> To change your subscription options (or unsubscribe), see:
> https://lists.sans.org/mailman/listinfo/list
>
> _______________________________________________
> Dshield mailing list
> Dshield at lists.sans.org
> To change your subscription options (or unsubscribe), see:
> https://lists.sans.org/mailman/listinfo/list
>
>
>
> _______________________________________________
> Dshield mailing list
> Dshield at lists.sans.org
> To change your subscription options (or unsubscribe), see: https://lists.sans.org/mailman/listinfo/list
>
>

More information about the Dshield mailing list