|
RJOberg wrote: everyone else is squabbling among themselves trying to figure out which standard and provider to use
Yeah, it's too bad when good tech gets ignored because of subtle differences and warring factions of users / managers. 
|
|
|
|
|
The only problem with the smart cards is that it doubles as your military id and I cannot tell you how many times people left their's in their computer when they left for the day and one of us had to drive all the way out to the main gate to bring it to them the next day. Even I did it once or twice.
if (Object.DividedByZero == true) { Universe.Implode(); }
|
|
|
|
|
Dude, the Cyber Challenge even has a bit about that! For shame!
"Never attribute to malice that which can be explained by stupidity."
- Hanlon's Razor
|
|
|
|
|
And there are women hitting on guys in it. Yeah, yeah, "inviting to lunch", talking about "music". 
|
|
|
|
|
raddevus wrote: Use a password manager (like cyapass.com)
shameless plug.  
|
|
|
|
|
It has to be done.
|
|
|
|
|
raddevus wrote: Use a password manager
I find it interesting that there are lots of people here on CP that are against using the cloud for security reasons but have no problem handing over every single password they have to a single source. 
Everyone is born right handed. Only the strongest overcome it.
Fight for left-handed rights and hand equality.
|
|
|
|
|
011111100010 wrote: against using the cloud for security reasons but have no problem handing over every single password they have to a single source
On a related thread, one of the professors I had a programming security course with in college advocated 25+ character passwords with the standard suggestions, unique for every site/system, change regularly, etc., plus didn't contain any complete or commonly used slang words*. This was over 10 years ago, so it should have been reasonably strong against systems of the time.
The final part of his advice was to write the password with the site, date created/changed, etc. in a spiral notebook, and NOT save it to a file on your PC. Then stick that notebook in a locked desk drawer.
His reasoning behind that was if someone had physical access to your PC, it was as good as compromised anyway. They could copy your hard drive and brute force it or any number of other attack types. It sounded** like good advice at the time, but it certainly didn't travel well.
* He never mentioned checking for non-English slang, I wonder if that would matter...
** Not saying it WAS good advice, just that it sounded that way to someone who was still learning security theories. Yes, keyloggers were still a weak point against this method.
|
|
|
|
|
I'll repeat what I said to OP about saving pwds in cloud:
raddevus: That's why my password manager (http://cyapass.com) does not save your passwords anywhere.
That is not hyperbole. With C'YaPass your password is generated every time from:
1. your site key
2. the pattern you draw
The final output is a SHA-256 hash which you use as your password (64 characters long).
And...the site keys you create to remember which site you use the password at are stored only on your machine and you can manage them yourself. Never stored in the cloud. You (the user) own everything and it is open source too.
|
|
|
|
|
011111100010 wrote: lots of people here on CP that are against using the cloud for security reasons but have no problem handing over every single password they have to a single source.
I do too.
That's why my password manager (http://cyapass.com) does not save your passwords anywhere.
That is not hyperbole. With C'YaPass your password is generated every time from:
1. your site key
2. the pattern you draw
The final output is a SHA-256 hash which you use as your password (64 characters long).
And...the site keys you create to remember which site you use the password at are stored only on your machine and you can manage them yourself. Never stored in the cloud. You (the user) own everything and it is open source too.
You are the perfect foil for my marketing message. Thanks!
|
|
|
|
|
raddevus wrote: it is open source too.
Which makes it easy to figure out how to hack so once someone has access to your computer, whoops.
Everyone is born right handed. Only the strongest overcome it.
Fight for left-handed rights and hand equality.
|
|
|
|
|
|
I think you've missed the point.
Everyone is born right handed. Only the strongest overcome it.
Fight for left-handed rights and hand equality.
|
|
|
|
|
011111100010 wrote: I think you've missed the point.
I often do.
But, it's just because I'm oblivious.
However, I am also obsequious, purple and clairvoyant.
modified 28-Sep-18 14:43pm.
|
|
|
|
|
I had written something similar several years ago and it worked great until one day:
My account was flagged for an insecure password due to only having HEX character set, never mind the length. This led me to deduce that the email server software we used encrypted the passwords as opposed to hashing them. The SysAdmin laughed when he saw my kilometer-lengthed password being flagged due to a lack of special characters
Director of Transmogrification Services
Shinobi of Query Language
Master of Yoda Conditional
|
|
|
|
|
Great story!
I always find it funny / frustrating too when they enforce special chars but then only allow 12 char length.  The devs at the other end have no idea what they're doing.
|
|
|
|
|
raddevus wrote: Use a password manager (like cyapass.com)
That site isn't https!!! How can I trust a password manager that doesn't even secure its own site!?
|
|
|
|
|
The only way to trust a password manager is to write it yourself. I've gotten to the point of paranoia when it comes to cyber security. Even using a VM to browse the internet leaving my my main development computer on Windows 7 not connected to the internet. Who needs security updates when it' not ever online.
When you are dead, you won't even know that you are dead. It's a pain only felt by others.
Same thing when you are stupid.
modified 19-Nov-21 21:01pm.
|
|
|
|
|
|
If it's the one with the unique connecting the dots for the password, I have and do. It's really good.  That's why I made the point of writing it yourself. Using open source is a great way to make your own modifications and you know the source code. 
When you are dead, you won't even know that you are dead. It's a pain only felt by others.
Same thing when you are stupid.
modified 19-Nov-21 21:01pm.
|
|
|
|
|
Donathan.Hutchings wrote: I have and do. It's really good
Thanks very much. Glad there are some people out there using it.
I use it numerous times every day and it works well for me. 
|
|
|
|
|
RJOberg wrote: That site isn't https!!! How can I trust a password manager that doesn't even secure its own site!
That's funny and relevant.
However, you can download the apps (android), winform etc and run them from your machine.
Also, nothing (your site keys, passwords, etc) are never sent over HTTP.
However, again, you do make a great point.
I was just too lazy / cheap to make the site HTTPS, but I probably will soon, because I did it for my other site (https://newlibre.com -- still in development.)
Thanks for raising the issue.
BTW,
Here's a complete tech explanation of my project with all source etc.
Users Hate Passwords (We're All Users): Never Memorize a Password Again[^]
|
|
|
|
|
Was merely poking a bit of fun, hence the joke icon. I didn't see a place to sign up and have you store the resulting values, so I wasn't too concerned.
On a more serious note, I loved the idea! Going to give it a go and see if I can integrate it with a hobby side project I'm working on.
It does get you thinking though... just how predictable are humans with pattern generation? Are we as predictable in the patterns we draw as we are in the words we choose, like that Ars article linked on the page mentioned?
|
|
|
|
|
The new IoT security bill covers another of important areas. For example, for manufacturers, IoT devices will need to contain certain safety and security features That should solve all our problems
|
|
|
|
|
Reads like an invitation for money strapped municipalities to make a buck.
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
