Lastpass and Yubikey has been working for me. Only cost about £18. Every site has a different password and I sleep much better at night. The big question is if you trust your entire online life to LastPass.
Facebook makes Adobe fans change their horrible, horrible passwords
Facebook has scanned millions of email address and password pairs hackers dumped online from Adobe's user account database – so that it can force its social networkers to change their passwords if they used the same logins details for both websites. Late last month, Adobe warned of "sophisticated attacks" on its network in …
-
-
This post has been deleted by its author
-
-
Tuesday 12th November 2013 23:53 GMT jonathanb
Password strength
Everyone knows that you can't have a lowercase word as a password anymore, it must be mixed case and numbers. But that is easy, instead of having "password" as your password, you now have "Password1".
I do something very similar for sites where I do not care if someone manages to break in and find my password.
-
Wednesday 13th November 2013 01:58 GMT Tom 35
Adobe
I just received a "change your password" message from Adobe yesterday.
"As we announced on October 3, 2013, we recently discovered that an attacker illegally entered our network and may have obtained access to your Adobe ID and encrypted password. We currently have no indication that there has been unauthorized activity on your account."
So are they just getting around to sending password change notes now, or are people still walking in and grabbing data?
-
-
-
Wednesday 13th November 2013 14:43 GMT Tom 13
Re: password streangth
Not quite.
Forty to sixty bits of entropy is fine if you only need to enter the password once or twice a day. Make it forty or fifty times a day and your average user needs less entropy. Right now my typical passwords are in the 16 to 20 length range at work where we are forced to change them every 60 days.
It's one of the few things where I could see speech recognition actually being useful. People could easily remember and speak long phrases that are too long to type. Of course a nearby recording device negates the process. So you're sort of screwed no matter what.
Of course lockout are another important part of the security regime. Even if you assume 6 attempts then a 15 minute lockout, the time to crack becomes too long for the attack to be effective.
-
-
Thursday 14th November 2013 15:40 GMT jdieter
Digital Liberty GONE.
What if I don't give a damn about securing my facebook account? Seriously? This is digital Nazi to the Nth degree. Let me choose any password (including none). Are we so used to being dominated on the net that we just take this? They have stolen my freedom to NOT secure an account.