password security
I’m a little tired of writing about passwords. But like taxes, email, and pinkeye, they’re not going away any time soon. Here’s what I know to be true, and backed up by plenty of empirical data: * No matter what you tell them, users will always choose simple
social engineering
In my previous post I Just Logged In As You, I disclosed that someone was logging in as me -- specifically because they discovered my password. But how? If I wanted to discover someone's password, I can think of a few ways: 1. Educated guess. If you know
security
I received this anonymous email a few days ago: I found what one could call a security hole in Stackoverflow. I'm curious enough to go digging around for holes, but too ethical to actually do anything with them. However, I'm afraid that by pointing it out
security
I'm no fan of the classic login/password scheme. I can barely remember any of the zillion logins and passwords I have. More often than not, I end up using the "forgot password" link. Which means, in effect, that my email account is my global password.
security
The article Passwords: The Weakest Link references a 25 year old research work on the efficacy of passwords: In the pre-Internet Age of 1979, when storage was measured in the number of bits that could fit on a foot of magnetic tape, a seminal paper on password security found that
passwords
Microsoft security guru Robert Hensing hit a home run his first time at bat with his very first blog post [http://blogs.technet.com/robert_hensing/archive/2004/07/28/199610.aspx]. In it, he advocates that passwords, as we traditionally think of them, should not be used: > So