Tweet
LINKY
Apparently Twitter's admins don't know how to secure their personal e-mail accounts. Let alone their website.
Apparently Twitter's admins don't know how to secure their personal e-mail accounts. Let alone their website.
-
Saving the world one computer at a time...
or possibly destroying, I haven't figured that out yet. -
Re: Twitter hacked again
Its sad when we're here in 2009 and still having to tell people not to write their passwords down. Only its not sticky notes on the monitors anymore (although that probably still happens), its 'dont store them in your webmail account'.Originally posted by b0n3z View Post
I return whatever i wish . Its called FREEDOWM OF RANDOMNESS IN A HECK . CLUSTERED DEFEATED CORn FORUM . Welcome to me
-
Re: Twitter hacked again
I agree and people writing passwords down is a problem, but I believe there's a paradox in regards to password security and accepted IT policies.Originally posted by noid View Post
Everyone in IT wants long and complex passwords but you do have to compromise with users to a point. I'm sure we'd all like to have 16character complicated passwords for all our users, but we also know that if we did that, we'd find those passwords written on sticky notes stuck to their monitors. I guess it's because being in IT, we find it easy to remember such passwords, but the average user does not.
I just gave a password to a new user at my place, it was only 8 characters, but it was complex. She asked me why it had to be so difficult, I just shrugged and told her that's what the random password generator gave her.
Is Biometrics the answer to good passwords? No, probably not. I'm not sure there is a real good solution, other than having smarter people, but short of genetic engineering, I don't see that happening either.A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.Comment
-
Re: Twitter hacked again
You have to equate complex passwords > 8 characters to the users life. While this makes them a little less secure, requiring greater research on the target, for most non-NSA computer use they end up being very strong.
For example take a familiar number say a birth day of a family member e.g. 01/01/60. Then take say a pets name, socks. Intermix the letters and numbers 0s1o/c0k1S/60 and you end up with a strong password that the user can figure out.
Or you could just be like me and use sex for every password.
xor
Ps Einstein had Aspergers and would have most likely written his password on a sticky note underneath the keyboard. So don't feel so bad if that's where yours is.Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.Comment
-
Re: Twitter hacked again
Is this the password you use, or your method for obtaining passwords?Originally posted by xor View PostOr you could just be like me and use sex for every password.
xorComment
-
Re: Twitter hacked again
Personally I think users that claim they can't remember a complex password is total bullshit. How many people can recite their entire phone number, SSN and other long strings. I think it's more that they don't want to be bothered with trying to remember it.Originally posted by xor View PostYou have to equate complex passwords > 8 characters to the users life. While this makes them a little less secure, requiring greater research on the target, for most non-NSA computer use they end up being very strong.
For example take a familiar number say a birth day of a family member e.g. 01/01/60. Then take say a pets name, socks. Intermix the letters and numbers 0s1o/c0k1S/60 and you end up with a strong password that the user can figure out.
Or you could just be like me and use sex for every password.
xor
Ps Einstein had Aspergers and would have most likely written his password on a sticky note underneath the keyboard. So don't feel so bad if that's where yours is.A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.Comment
-
Re: Twitter hacked again
If you met him, you'd know it was the former not the latter. :)Originally posted by Cranial View PostA third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.Comment
-
Re: Twitter hacked again
Yes I agree with you Streaker there is always the struggle of over coming the "please hold my hand"; or if I forget my password you will just reset it; smile. But password generators fail in the fact that they give strings that are just random. I would like to see password generators that take input from peoples lives and then generate passwords from that.Originally posted by streaker69 View Post
Another admin I know uses phonetic phrases to create strong passwords. Example !forU2lOOk@.
Try not to puke but it's like kindergarten, you have to make it fun for them. :-)
xorJust because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.Comment
-
Re: Twitter hacked again
I tell my users that if they forget their password to come to me and I'll change it to something that's easy to remember like: I'madumbassandican'tremembermypasswordOriginally posted by xor View PostA third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.Comment
-
Re: Twitter hacked again
or you can just mash up racial slurs and obscenities, toss in a few extended characters, and wah-lah..fun for the whole family (and possibly your HR department)..
I return whatever i wish . Its called FREEDOWM OF RANDOMNESS IN A HECK . CLUSTERED DEFEATED CORn FORUM . Welcome to me
Comment
-
Re: Twitter hacked again
Well I can tell you that DOD requires, I beleive, 14 character minimum. 2 numbers, 2 symbols, 2 uppercase, 2 lower case....that's one of the closest ways to secure that you can get.
It gets more involved with things like not using one of your last 10 passwords within 60/90 days, etc.
I must say though that have CAC cards do you logins for you makes you get lazy...I remember my long password, but at first I had to write it down in my notebook, along with other classified documentation, to remember it.
I think this is really just a losing situation until someone has a great epiphany.Saving the world one computer at a time...
or possibly destroying, I haven't figured that out yet.Comment
-
Re: Twitter hacked again
Another problem I see is limiting passwords to 8 characters in length. Drexel University does that, 6 - 8 characters; nothing like making it easy for brute forcing accounts. Here you have a higher learning institution that while wanting to keep the system accessible and open you are teaching people poor password habits; sad.
xorJust because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.Comment
-
Re: Twitter hacked again
Password audits mite get you into trouble. I said not to puke clearly your screen is soaked.Originally posted by noid View Post
xorJust because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.Comment
-
Re: Twitter hacked again
well couldn't you just stop a brute force by only allowing "x" number of attempts in a time period?
I mean...I know their is ways around that even...but essentially that would be step 1 correct?Saving the world one computer at a time...
or possibly destroying, I haven't figured that out yet.Comment
-
Re: Twitter hacked again
Drexel didn't, my school e-mail account got hacked for SPAM purposes even with a password that contained letters and numbers.Originally posted by b0n3z View Post
xorJust because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.Comment
Comment