I just reinstalled the printer on my wife's PC. We have HP Photosmart C7180. Anyway, when it installed it it loaded over 800 MB of software. For a printer driver?
Bloat?
Friday, January 21, 2011
Saturday, January 15, 2011
Happy New Year - Change your passwords
So at the beginning of the year my wife and have resolved to change all out passwords. We feel that going forward a yearly rotation of password will help the security of all out online accounts. I got to thinking this could be a good thing if a significant amount of users would jump on the bandwagon. Why wait until the scammers actually drain your account? As a whole we could preempt them. I'm sure there are lists of cracked accounts just waiting to be culled through. Resetting your password(s) will nullify all that info. I propose that 15th of January be Global Change Your Passwords Day.
Think of all money that has changed hands for all the cracked accounts lists circulating on the internet. By collectively changing all your passwords you reduce the value of these lists significantly. Think of it as an anti scammer flash mob. Talk about taking a bite out of crime.
It is NOT a good idea to use the same password for all you accounts. My wife and I use the following scheme for passwords. We segregate passwords according to purpose. Here are our categories.
Choosing a password is half art, half science. You want to get a password that is easy to remember and associate with the account. At the same time it needs to be strong enough that it is not easily cracked. So many sites have a policy of just allowing letters and numbers. This is just a really poor decision on the part of the website designer. It really limits the user on the potential passwords that could be utilized. Unfortunately since some sites do not allow these special characters we are stuck with the least common denominator.
Strong passwords have some attributes that contribute to the password strength
Length
Complexity
Ease of association
Ease of entry
Unfortunately the processing power of cloud based cracking programs means that length of your passwords will need to increase. An eight character password used to be acceptable. With the advent of the cloud processing resources this will need to increase to 12-14 characters.
To address complexity a combination of letter and numbers will ensure that your password will be difficult to crack with a dictionary attack Dictionary attacks utilize a list of dictionary words to compose attempts at cracking your password. If your password contains a combination of numbers and letters then the complexity is increased, rendering a dictionary attack more difficult.
Ease of association is what allows a password to be memorable. A password that is not memorable is one that will need to be written down, thus destroying the security of the password. To facilitate your memorizing the password there are some memorable techniques (sorry I could not resist). Your password could be a phrase like "TheseAreTheVoyages" or "MyDogHasFleas" or "TheShadowKnows". To add more complexity you should add in capitalization and some numbers. Using our examples we now have "TheseAreThe93Voyages" or "MyDogHas23Fleas" or "TheShadowKnows1102". Each of these is memorable, long enough and complex enough to protect your services.
Another technique to add complexity is lEEt or l33t. This is a technique for replacing letters with numbers that have similar look. A = 4, S = 5, O = 0, G = 6 B = 8 are examples. Here are our original phrases using l33t. "The5e4reTheV0yages" or "MyD0gH4sFleas" or "TheSh4dowKn0ws"
In a previous post I provided a regex that could be used as a password complexity checker. For you non programmer types I will be turning this into a javascript powered checker so that you can check your passwords.
Happy Global Password change day!
Think of all money that has changed hands for all the cracked accounts lists circulating on the internet. By collectively changing all your passwords you reduce the value of these lists significantly. Think of it as an anti scammer flash mob. Talk about taking a bite out of crime.
It is NOT a good idea to use the same password for all you accounts. My wife and I use the following scheme for passwords. We segregate passwords according to purpose. Here are our categories.
- Brokerage - Brokerages accounts, 401k etc.
- Banking - checking accounts, Loan servicing sites.
- Accounts with a Credit Card attached - Amazon, iTunes, Paypal, etc.
- Email - all email accounts.
- Blogs, other internet logins, twitter, facebook etc.
- Throw away accounts
Choosing a password is half art, half science. You want to get a password that is easy to remember and associate with the account. At the same time it needs to be strong enough that it is not easily cracked. So many sites have a policy of just allowing letters and numbers. This is just a really poor decision on the part of the website designer. It really limits the user on the potential passwords that could be utilized. Unfortunately since some sites do not allow these special characters we are stuck with the least common denominator.
Strong passwords have some attributes that contribute to the password strength
Length
Complexity
Ease of association
Ease of entry
Unfortunately the processing power of cloud based cracking programs means that length of your passwords will need to increase. An eight character password used to be acceptable. With the advent of the cloud processing resources this will need to increase to 12-14 characters.
To address complexity a combination of letter and numbers will ensure that your password will be difficult to crack with a dictionary attack Dictionary attacks utilize a list of dictionary words to compose attempts at cracking your password. If your password contains a combination of numbers and letters then the complexity is increased, rendering a dictionary attack more difficult.
Ease of association is what allows a password to be memorable. A password that is not memorable is one that will need to be written down, thus destroying the security of the password. To facilitate your memorizing the password there are some memorable techniques (sorry I could not resist). Your password could be a phrase like "TheseAreTheVoyages" or "MyDogHasFleas" or "TheShadowKnows". To add more complexity you should add in capitalization and some numbers. Using our examples we now have "TheseAreThe93Voyages" or "MyDogHas23Fleas" or "TheShadowKnows1102". Each of these is memorable, long enough and complex enough to protect your services.
Another technique to add complexity is lEEt or l33t. This is a technique for replacing letters with numbers that have similar look. A = 4, S = 5, O = 0, G = 6 B = 8 are examples. Here are our original phrases using l33t. "The5e4reTheV0yages" or "MyD0gH4sFleas" or "TheSh4dowKn0ws"
In a previous post I provided a regex that could be used as a password complexity checker. For you non programmer types I will be turning this into a javascript powered checker so that you can check your passwords.
Happy Global Password change day!
Labels:
fraud,
hack,
javascript,
password,
security
Subscribe to:
Posts (Atom)