David L. Farquhar, computer security professional, train hobbyist, and landlord
On Monday, March 13 at approximately 10:30 AM CST, I will be appearing on KFUO Radio’s Faith and Family program to discuss home computer security with host Andy Bates. One of the questions he’s planning to ask: “What can I do to improve the security of my digital information?”
This, fortunately, may be the easiest question to answer and the easiest step to implement.
I mentioned the Yubikey as the ultimate solution stolen passwords on the excellent Yahoo Marx Train forum, and another member asked me to elaborate on it. Rather than take up a lot of space with some off-topic discussion, I decided it would be better to write about it here.
The Yubikey is the best solution I’ve seen yet for the problem of remembering passwords. I am a computer security professional by trade, but I will try to avoid as much techno-jargon as I can, and explain what I do use.
Ars Technica talked three password crackers into doing their worst to a leaked database of 16,000 passwords, to see what they could learn.
They learned a lot, and we can learn a lot from their experience as well. “qeadzcwrsfxv1331” isn’t a good password. Neither is “Philippians4:13.” Neither is “correcthorsebatterystaple.” Neither is “Qbesancon321” or “Qbe$@ncon321.” Password guessing has too much intelligence built into it now.
And not only that, by continuing to use the password “popcorn,” you make it easier for those guys to guess other passwords too. Read more
Although I write about passwords about 8 times a week, it seems, it occurs to me that I haven’t–at least not recently, that I can find–written about how to make up a halfway decent password.
So, here’s how to make a decent–I won’t say great–password.
Here’s a blow-by-blow account of a security researcher’s attempts to crack the compromised Linkedin database. This is a very good example of ethical hacking.
Read more