Re: Twitter hacked again

I tell my users that if they forget their password to come to me and I'll change it to something that's easy to remember like: I'madumbassandican'tremembermypassword

Re: Twitter hacked again

Yes I agree with you Streaker there is always the struggle of over coming the "please hold my hand"; or if I forget my password you will just reset it; smile. But password generators fail in the fact that they give strings that are just random. I would like to see password generators that take input from peoples lives and then generate passwords from that.

Another admin I know uses phonetic phrases to create strong passwords. Example !forU2lOOk@.

Try not to puke but it's like kindergarten, you have to make it fun for them. :-)

xor

Re: Twitter hacked again

If you met him, you'd know it was the former not the latter. :)

Re: Twitter hacked again

Personally I think users that claim they can't remember a complex password is total bullshit. How many people can recite their entire phone number, SSN and other long strings. I think it's more that they don't want to be bothered with trying to remember it.

Re: Twitter hacked again

Is this the password you use, or your method for obtaining passwords?

Re: Twitter hacked again

You have to equate complex passwords > 8 characters to the users life. While this makes them a little less secure, requiring greater research on the target, for most non-NSA computer use they end up being very strong.

For example take a familiar number say a birth day of a family member e.g. 01/01/60. Then take say a pets name, socks. Intermix the letters and numbers 0s1o/c0k1S/60 and you end up with a strong password that the user can figure out.

Or you could just be like me and use sex for every password.

xor

Ps Einstein had Aspergers and would have most likely written his password on a sticky note underneath the keyboard. So don't feel so bad if that's where yours is.

Re: Twitter hacked again

I agree and people writing passwords down is a problem, but I believe there's a paradox in regards to password security and accepted IT policies.

Everyone in IT wants long and complex passwords but you do have to compromise with users to a point. I'm sure we'd all like to have 16character complicated passwords for all our users, but we also know that if we did that, we'd find those passwords written on sticky notes stuck to their monitors. I guess it's because being in IT, we find it easy to remember such passwords, but the average user does not.

I just gave a password to a new user at my place, it was only 8 characters, but it was complex. She asked me why it had to be so difficult, I just shrugged and told her that's what the random password generator gave her.

Is Biometrics the answer to good passwords? No, probably not. I'm not sure there is a real good solution, other than having smarter people, but short of genetic engineering, I don't see that happening either.

Re: Twitter hacked again

Its sad when we're here in 2009 and still having to tell people not to write their passwords down. Only its not sticky notes on the monitors anymore (although that probably still happens), its 'dont store them in your webmail account'.