Aug 012016

Passwords are rubbish.

They are an inherently flawed method of securing your information.

Don’t believe me ?

If your password is less than seven characters long, it can be cracked in minutes using cheap off-the-shelf computing hardware.

If it is longer than seven, but still a word that appears on a word list, even if you substitute e’s with 3’s and sprinkle capital letters in there, again it is rubbish.

There are wordlists out in the real word that have  60 billion words on it, while that number might seem high, a dedicated pawed cracking machine that costs less than $5000 will check 6 billion combinations per second. Continue reading “Even with a password manager….” »

Dec 312015

Many aspects of our lives are protected in one way or another with passwords.

A Password needs to follow contradictory rules.

  • It needs to be easy for us to remember.
  • It should be close t0 impossible for anyone else to guess.

Many password protected sites attempt to get users to use passwords that adhere to the second rule, yet ignore the first one, by adding a degree of complexity to all passwords.

Ideally you should also add two-factor authentication too, but that is a whole other subject. 

Continue reading “The Problem with passwords” »

Nov 232015

IMG_0593Or why you should stop worrying about passwords and just enable two-factor authentication….

If, like me, you have several e-mail accounts, a few forum accounts, bank and credit card accounts, eBay, paypal, Apple, gym and numerous others, you probably have a small number of passwords that have some level of re-use or even variations on a theme.

For example, your gmail might be Pa55w0rd!, your bank account Pa$$w0rd! your credit card P4ssw0rd123 etc.

If you can find any variant of it in the top 500 worst passwords list, then you have a problem.

Unless you are using two-factor authentication that is.  Continue reading “My password is password” »