?

Log in

No account? Create an account
Have passwords become useless? - Input Junkie
November 16th, 2012
01:56 pm

[Link]

Previous Entry Share Next Entry
Have passwords become useless?
Matt Honan (a tech writer whose online presence was comprehensively hacked) claims that passwords aren't sufficient protection any more, though there are some precautions that help. I figured out some of them on my own, not that I'm telling you what I'm doing.

Anyway, what he says sounds fairly plausible, though I can't judge in detail.

What I read of the comments were remarkably useless (a fair number blamed him for still caring about having his accounts hacked)-- in fact, the comments were so much worse than I expect from Wired that I'm wondering if it's an anxiety reaction.

Any thoughts about the present and future of passwords? Please keep in mind that everyone can't be smarter than average.

This entry was posted at http://nancylebov.dreamwidth.org/997423.html. Comments are welcome here or there. comment count unavailable comments so far on that entry.

(15 comments | Leave a comment)

Comments
 
[User Picture]
From:metahacker
Date:November 17th, 2012 12:37 am (UTC)
(Link)
I hate passwords. (Better discussion in the comments than the post, really.)

I do find that, since they're required for modern life, LastPass provides an adequate 'locker' solution for my myriad of passwords.

But social hacking does trump passwords anyways. :-/

Also, this: https://xkcd.com/538/
[User Picture]
From:asakiyume
Date:November 17th, 2012 04:58 pm (UTC)
(Link)
The XKCD method is what I use now.
[User Picture]
From:metahacker
Date:November 17th, 2012 05:04 pm (UTC)
(Link)
That's a different and also relevant xkcd ;)
[User Picture]
From:asakiyume
Date:November 17th, 2012 05:59 pm (UTC)
(Link)
Whoops, LOL--I made assumptions without clicking :-P
[User Picture]
From:asakiyume
Date:November 17th, 2012 06:00 pm (UTC)
(Link)
Just clicked now :D Pretty good!
[User Picture]
From:en_ki
Date:November 17th, 2012 01:51 am (UTC)
(Link)
If you are a regular person,

1. You probably reused your password. One of the sites you reused it on will get hacked this year, and it will turn out that they kept your password in a plaintext database.
2. You probably have malware on your computer. It has already sent all your passwords to its owner.
3. Your password is probably super-easy for a computer to guess, and oh boy are there a lot of computers trying.
4. Your phone is always with you.

I am not a regular person: I memorize a handful of core passwords that are 16 randomly generated characters and use one of them to unlock a big database of other random passwords for sites that don't matter as much, so #1 and #3 aren't so bad. The only computers I use run Linux and have some really quite bright and paranoid people watching them, but because problem #2 never really goes away no matter how slick you think you are, I still use two-factor auth.

I would have said the same thing before it became my job to run an authentication system you almost surely depend on. Now, well, yes. I can't tell you how many accounts with and without two-factor get owned, but I can tell you that the latter number is so much worse than the former that this is a complete no-brainer. Just do it. It means a crook has to steal your password and your phone at the same time and do their business before you notice.
[User Picture]
From:en_ki
Date:November 17th, 2012 01:56 am (UTC)
(Link)
As far as the future of passwords goes: everyone hates them and is working on ways to replace them, but it's not clear to me that the idea of "a complicated secret only you know, that changes frequently" can ever really go away for people who care about privacy. Things like biometrics can work for people who don't.
(Deleted comment)
[User Picture]
From:st_rev
Date:November 17th, 2012 08:14 am (UTC)
(Link)
Lockpicking is fairly easy, and crowbars don't require special training. I still lock my doors.
[User Picture]
From:sodyera
Date:November 17th, 2012 04:19 pm (UTC)
(Link)
Passwords vs. dyslexia=unreachable sites or data, so I just give up. If you want my data that badly, you'll probably get it. If I have data that's so sensitive it needs to be so protected, then I'll write in snail mail so no one will ever suspect.
[User Picture]
From:asakiyume
Date:November 17th, 2012 04:58 pm (UTC)
(Link)
I have this problem with dyslexia and typing skills--I wish I were permitted to see what I'm typing when I type my password, at least on my own computer. Long passwords are safer than short ones, but I rarely type them without error.
[User Picture]
From:sodyera
Date:November 17th, 2012 05:44 pm (UTC)
(Link)
I usually have to type everything two or three times B4 I get it right. I've NEVER passed a typing test for employment. Ever.
[User Picture]
From:agrumer
Date:November 17th, 2012 07:21 pm (UTC)
(Link)
When I want to be certain, I type in a text editor window, and then cut-and-paste it into the password field.
[User Picture]
From:asakiyume
Date:November 17th, 2012 09:34 pm (UTC)
(Link)
That's an excellent idea; thanks!
[User Picture]
From:captain_button
Date:November 22nd, 2012 12:01 pm (UTC)
(Link)
Just remember as soon as you have successfully logged in, go back and copy and paste one letter to clear the password out of the copy buffer or whatever the name is.

Edited at 2012-11-22 12:01 pm (UTC)
nancybuttons.com Powered by LiveJournal.com