My perhaps misguided praise of SG aside, I still think he nailed the short and complex versus long password issue. I use long teens and twenties long character passwords at work with upper/lower case, numbers and punctuation. They're based on phrases, but look like gibberish. Though as Steve suggests with his password haystack idea, I'm starting to pad some of my older shorter passwords with extra characters. Not always the same character and not always at the end.
If guessing a password doesn't work, brute force is all that's left. And I like LastPass. I know they were in the news. They responded to the *possibility* of a hack exactly as a security company should have. Doug Hilderbrand | Systems Analyst, Information Technology | Crane Aerospace & Electronics From: Jonathan Link [mailto:jonathan.l...@gmail.com] Sent: Thursday, August 18, 2011 10:48 AM To: NT System Admin Issues Subject: Re: Almost, but not quite OT: Passwords I was waiting for someone else to step up. Glad to see I'm not disappointed. On Thu, Aug 18, 2011 at 1:39 PM, William Robbins <dangerw...@gmail.com> wrote: Steve Gibson? Seriously? http://www.theregister.co.uk/2006/01/21/wmf_fud_from_grc/ http://www.theregister.co.uk/2001/06/25/steve_gibson_really_is_off/ http://www.theregister.co.uk/2001/06/12/security_geek_developing_winxp_r aw/ http://www.myharddrivedied.com/blog/why-spinrite-not-my-data-recovery-so ftware-list http://attrition.org/errata/charlatan/steve_gibson/ http://allthatiswrong.wordpress.com/2009/10/11/steve-gibson-is-a-fraud/ - WJR On Thu, Aug 18, 2011 at 12:05, Hilderbrand, Doug <doug.hilderbr...@craneaerospace.com> wrote: Find and listen to Steve Gibson's explanation of his password haystacks concept which this cartoon was based on. I think he's spot on. Password length wins over complexity. Put both together and there's not enough petaflops in the universe to crack the password. My opinion, YMMV. Steve Gibson and Leo Laporte do a weekly podcast on security. The last couple have focused on how the internet works IP packets, tcp and udp protocols and such which is pretty old hat for us admin types, but I find the information Steve gives out to be fascinating. He gives blow-by-blow explanations of hacks in the news, recent patches (MS and Adobe keep being the top topics) plus other stuff creeps in too. Definitely look up his "portable dog killer" and Vitamin D episodes. SPCA note: no animals were harmed in the portable dog killer episode. Steve Gibson is one of my heroes. Sigh. Or would be if I actually had heroes. If the name is not familiar, he's the guy who wrote SpinRite. http://twit.tv/sn http://www.grc.com/securitynow.htm Doug Hilderbrand | Systems Analyst, Information Technology | Crane Aerospace & Electronics From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Wednesday, August 10, 2011 2:06 PM To: NT System Admin Issues Subject: Almost, but not quite OT: Passwords http://xkcd.com/936/# <http://xkcd.com/936/> Yet, very pertinent. ASB http://about.me/Andrew.S.Baker Harnessing the Advantages of Technology for the SMB market... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ________________________________ Check out the new Crane Aerospace Electronics Newsroom <http://newsroom.craneae.com/> ! Like us on Facebook <http://www.facebook.com/home.php?#!/pages/Crane-Aerospace-Electronics/1 63305413682908> ! We value your opinion! <http://www.craneae.com/surveys/satisfaction.htm> How may we serve you better? Please click the survey link to tell us how we are doing: http://www.craneae.com/surveys/satisfaction.htm <http://www.craneae.com/surveys/satisfaction.htm> Your feedback is of the utmost importance to us. Thank you for your time. Crane Aerospace & Electronics Confidentiality Statement: The information contained in this email message may be privileged and is confidential information intended only for the use of the recipient, or any employee or agent responsible to deliver it to the intended recipient. Any unauthorized use, distribution or copying of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify the sender immediately and destroy the original message and all attachments from your electronic files. ________________________________ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -------------------------------------------------------------------------------- Check out the new Crane Aerospace & Electronics Newsroom! http://newsroom.craneae.com Like us on Facebook! http://www.facebook.com/home.php?#!/pages/Crane-Aerospace-Electronics/163305413682908 We value your opinion! How may we serve you better? Please click the survey link to tell us how we are doing: http://www.craneae.com/ContactUs/VoiceofCustomer.aspx Your feedback is of the utmost importance to us. Thank you for your time. -------------------------------------------------------------------------------- Crane Aerospace & Electronics Confidentiality Statement: The information contained in this email message may be privileged and is confidential information intended only for the use of the recipient, or any employee or agent responsible to deliver it to the intended recipient. Any unauthorized use, distribution or copying of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify the sender immediately and destroy the original message and all attachments from your electronic files. -------------------------------------------------------------------------------- ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin