My Photo

Security Resources

« Phishers get big mileage by using info that looks credible | Main | ;login article: ICANN's Security Stability and Resiliency Plan »

Friday, 05 February 2010

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Thanks for this pointer. I will download the script and give it a try.

You raise a good point about online password testing tools: a test script or application hosted on a web server does create a possibility of a man in the middle attack, where the password you are composing or checking is intercepted or captured by a bad guy. To minimize this, I suggest that you use such password generators to compose a password of desired composition and length, but then change the suggested password a bit before you actually put it to use. If you are really concerned, use a client side password generator such as the ones I've mentioned.

I just wanted to bring to your attention my little javascript password generator: http://hype-free.blogspot.com/2010/04/updated-yarpg.html

It has at least three advantages:
- Customizable (length, character set)
- It is all client-side, so you don't have to worry (that much) about MITM attacks
- Given that it is fully client side, you can do a code review instead of placing your trust in some server

Thanks for this observation. Everyone is capable of remembering passwords, the trick is to learn to compose passwords you alone will remember. Alternatively, create one very strong password. Use a random password generator to create passwords for all your accounts, and store these in a password vault or safe (many such applications exist).

You can follow me on Twitter at securityskeptic

Users will still have problems with remembering passwords. Which brings about writing passwords on 'post-it's and sticking them on your monitor!

Do you have a twitter account? I'd like to follow you.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.