I’ve seen a lot of bad password advice lately. Guessing passwords is just too easy for a computer to do, especially as they get more and more powerful. Formulas are bad, but unavoidable, so here’s what I recommend if you’re not going to use a password manager creating completely random passwords: Unverifiable (or difficult to […]
If you have a Windows domain, there’s a fairly good chance you have Backup Exec servers, because you probably want to take backups. Because you need them. (As a security guy, I no longer care how you get backups; just that you’re getting them somehow.) Backup Exec is a popular solution for that. But there’s […]
A lot of organizations equate security with regulatory compliance–they figure out what the law requires them to do, then do precisely that. Forward-thinking organizations don’t. They see security as a way to get and maintain a competitive advantage, and rather than measure themselves against regulations that are often nearly out of date by the time […]
I mentioned the Yubikey as the ultimate solution stolen passwords on the excellent Yahoo Marx Train forum, and another member asked me to elaborate on it. Rather than take up a lot of space with some off-topic discussion, I decided it would be better to write about it here. The Yubikey is the best solution […]
I picked up a Celeron G1610 CPU last week and I’m using it to build a Linux box. Yeah, it’s a Celeron. But it performs like a 2011-vintage Core i3 or a 2010-vintage Core i5, consumes less power than either, and costs less than $50. It’s hard to go wrong with that.
Ars Technica talked three password crackers into doing their worst to a leaked database of 16,000 passwords, to see what they could learn. They learned a lot, and we can learn a lot from their experience as well. “qeadzcwrsfxv1331″ isn’t a good password. Neither is “Philippians4:13.” Neither is “correcthorsebatterystaple.” Neither is “Qbesancon321″ or “Qbe$@ncon321.” Password […]
Livingsocial got breached. You need to change your password, if you have a Livingsocial account. There are two questions worth asking: How do you protect yourself, and how does this happen?
I had a job interview Monday. I have at least one observation from it–the things on my resume that impress recruiters don’t necessarily impress a good hiring manager. Not on their own, at least. Let’s do some post-mortem.
AT&T has a new password policy that forbids the use of certain common words in passwords, including some words of a colorful nature. Yes, it reduces the number of possible passwords, but that isn’t exactly a bad thing.