|07 May 2013||#1|
| || |
How hackable is your password? McAfee offers password tips
How do you create a password that's strong yet easy to remember? That's the challenge we all face, and one that's prompted a few words of wisdom from McAfee.
In honor of Intel's so-dubbed Password Day, McAfee unveiled a series of tips and tricks on Tuesday aimed at helping all of us juggle the passwords we're forced to maintain across the Web. Its parent Intel has also chimed in with a page that tells you how long it would take to break a certain password. Let's look at Intel's page first.
How hackable is your password? McAfee offers password tips | Security & Privacy - CNET News
|My System Specs|
|12 May 2013||#6|
| || |
Really, people are still worry about password strength?
In a world where hackers routinely take over machines through internet browsing, spear phishing, etc., without guessing any passwords, the best we can do is trying to convince people to use strong passwords? Are you kidding me? Hackers don't need passwords to own a machine. They may get all of your passwords once they own the machine with a key logger, but they will not try to crack the password. Does it really matter just how strong the password when they are getting it with a key logger?
Besides, in order to crack a password, one would need the password hash and obviously a password cracking software. Access to the password hash by default is restricted to administrator and/or root accounts. If the hacker already has administrator access to the machine, why would he need the password hash?
Internet sites get hacked all the times and their users' UID/PWD is stolen from their sites. Some of them may store the passwords in plaintext, while others utilize a week and easily predictable encryption algorithm to protect the password. Does the password strength help the users when the site is hacked? If it does, how?
With the strong password the user logs in over the internet to a site that does not support SSL connection for logins, like most forums. In another word the password transported over a public network in plain-text. It can easily be captured and the user account in question abused. How did the strong password help the end user in this case?
Keep in mind that trying to guess the password for a given account will result in the account being locked, after 3-5 unsuccessful attempts. Most machines, applications, and internet sites do lock accounts after failed logon attempts. Good luck trying to brute force a password by using the logon process. The only widely available system that does not lock the account by the default is Worldpress, at least to my knowledge.
Yes, we do need passwords, but maybe not need a password that will take gazillion years to crack. A relatively simple, 6-8 character, semi-strong password would do just fine in most cases.
Disclaimer: I do use strong passwords with a minimum length of 8 characters; don't really need to, it is just my "bad" routine...
|My System Specs|
|Similar help and support threads for2: How hackable is your password? McAfee offers password tips|
|LastPass password manager gets security patch against password leakage||Security News|
|Password protected sharing is OFF, still asked for username/password?||Network & Sharing|
|1 user, password but after sleep mode logon password is incorrect?||General Discussion|
|Trouble resetting password in Windows Mail to new server password||Browsers & Mail|
|Windows 7 stopped sharing with no password / blank password||Network & Sharing|
|Tips for A Secure Password||System Security|
|blanc local password field now requires a password||Network & Sharing|