10-11-2011 07:23 AM
11-03-2011 04:34 PM
Many venues still use the "secret answer" method as an alternate means of identification for recovering accounts and even, as one banking site I use, in conjunction with the username/password for logging on to the account.
In such situations, caution needs to be exercised, particularly if you are active in social networking sites, such as Facebook. "Mother's Maiden Name", "Name of First Born", "Name of Pet", "Name of High School", etc., is all information easilly accessible, particularly if your privacy settings are not locked down or if you participate in games, which have access toy our profile informatio.
Thus, using easily determined information as your secret answer, is not advised. Instead, for sites that still use such common personal information, use consistent false information that you will remember.
11-04-2011 05:52 PM
Pwned List - pwned emails + usernames discovered!
PwnedList is a tool that allows an average person to check if their accounts have been compromised. No passwords are stored in our database. You can read more about where our data comes from here. Just enter an email address or username associated with any of your accounts to see if it's on our list. Data entered is not stored, re-used, or given to any third parties. Don't trust us? You can also use a SHA-512 hash of your email/username as input. Just don't forget to lowercase all characters first.
Continued here: https://pwnedlist.com/
11-27-2011 10:25 PM
You may also check this resource: http://www.microsoft.com/security/online-privacy/p
You can also test if you have a strong password from this link: https://www.microsoft.com/security/pc-security/pas
11-30-2011 06:32 AM
I might just add that many passwords are associated with people, pets and events in our personal lives so being liberal with too much personal information can compromise your passwords as well.
03-10-2012 06:06 PM
Podcast: Busting Password Myths
In this episode, entitled Busting Password Myths, Paul Ducklin and Chester Wisniewski take a look at the thorny issue of password rules and regulations. The content of the show is based around a very popular presentation given by Chester at the recent RSA 2012 conference.
06-07-2012 02:41 PM
New article by David Harley at ESET:
Passwords and PINs: the worst choices
At a time when password breaches like the one at LinkedIn are once more making the news, there's plenty of good advice around about how to select a strong password as opposed to the sort of stereotyped easy-to-remember-but-stupendously-easy-to-guess password that turns up again and again in dumped lists of hacked passwords. So if your favourite, much-used password (or something very like it) is in the following list, it might be a good idea to stop reading this now, go to the link on how to select a strong password and use it as a basis for changing all your passwords to something safer (then come back and think about the PINs you use). The list is abstracted from one compiled by Mark Burnett, representing the most-used passwords in a data set of around 6 million.
06-07-2012 09:01 PM
Guarding against password reset attacks with pen and paper
by Aryeh Goretsky
With the recent announcements of password breaches at LinkedIn, and warnings from Google about state-sponsored attacks on Gmail accounts, it seems like a good idea now to review some password security basics. In this blog post, we’re going to take a look at a rather low-tech solution to a decidedly high-tech problem: How to guard against password reset attacks, and where to securely store the answers to your password reset questions...
Super job, Aryeh!
08-27-2013 06:45 PM
via @goretsky on Twitter
Long passwords don’t offer “safe option” as cracker app upgrades
The popular password-cracking app Hashcat has “upgraded” to passwords up to 55 characters – meaning that long passwords (for instance those made up of sentences), can be cracked far more quickly.
Complete article: http://www.welivesecurity.com/2013/08/27/even-long