All posts tagged passwords

Password advice in the wake of Heartbleed

I’ve seen a lot of bad password advice lately. Guessing passwords is just too easy for a computer to do, especially as they get more and more powerful. Formulas are bad, but unavoidable, so here’s what I recommend if you’re not going to use a password manager creating completely random passwords: Unverifiable (or difficult to […]

Why you need to guard your Backup Exec servers

If you have a Windows domain, there’s a fairly good chance you have Backup Exec servers, because you probably want to take backups. Because you need them. (As a security guy, I no longer care how you get backups; just that you’re getting them somehow.) Backup Exec is a popular solution for that. But there’s […]

Beyond compliance: Maturity models

A lot of organizations equate security with regulatory compliance–they figure out what the law requires them to do, then do precisely that. Forward-thinking organizations don’t. They see security as a way to get and maintain a competitive advantage, and rather than measure themselves against regulations that are often nearly out of date by the time […]

You need a Yubikey.

I mentioned the Yubikey as the ultimate solution stolen passwords on the excellent Yahoo Marx Train forum, and another member asked me to elaborate on it. Rather than take up a lot of space with some off-topic discussion, I decided it would be better to write about it here. The Yubikey is the best solution […]

Not your father’s Celeron

I picked up a Celeron G1610 CPU last week and I’m using it to build a Linux box. Yeah, it’s a Celeron. But it performs like a 2011-vintage Core i3 or a 2010-vintage Core i5, consumes less power than either, and costs less than $50. It’s hard to go wrong with that.

Why your favorite web site’s password strength meter is full of hooey

Ars Technica talked three password crackers into doing their worst to a leaked database of 16,000 passwords, to see what they could learn. They learned a lot, and we can learn a lot from their experience as well. “qeadzcwrsfxv1331″ isn’t a good password. Neither is “Philippians4:13.” Neither is “correcthorsebatterystaple.” Neither is “Qbesancon321″ or “Qbe$@ncon321.” Password […]

Livingsocial got breached. Change your password, of course

Livingsocial got breached. You need to change your password, if you have a Livingsocial account. There are two questions worth asking: How do you protect yourself, and how does this happen?

Linksys isn’t the only company building insecure routers

I warned a few days ago about Linksys routers being trivially easy to hack; unfortunately many other popular routers have security vulnerabilities too. The experts cited in the article have a few recommendations, which I will repeat and elaborate on.

Although it’s counterintuitive, AT&T’s new password policy makes sense

AT&T has a new password policy that forbids the use of certain common words in passwords, including some words of a colorful nature. Yes, it reduces the number of possible passwords, but that isn’t exactly a bad thing.

Switch to our mobile site