telling stories based on data
I’ve read dozens of tutorials and guides on how to manage passwords. I dislike most of them for the simple reason that they are far too cumbersome to implement and have you memorize a dozen or more rules without telling you why. The only way an average person will use secure passwords is if it doesn’t take up too much time and attention. Here are a few pieces of advice on password management dissected and dismissed:
Continue reading “Bad or Useless Advice about Password Management”
Many people don’t understand how easy it is for attackers to take advantage of weak passwords, and therefore don’t use a password manager or other means to make their passwords stronger. This post describes 9 common ways passwords get captured, roughly ordered from most to least common. Proper use of a password manager can thwart some of these attacks and limit damages from most other types of attacks.
According to various studies, most people use the same few passwords for all of their accounts, most of these passwords are weak, and many people don’t realize how weak their passwords are. Using the same 2 or 3 passwords for many accounts is analogous to storing all of your keys under the outside doormat of your locked front door – it doesn’t take much effort for a thief to have access to everything.
In this post, I describe the typical home user system for managing passwords and how attackers exploit this system.
Continue reading “The Usual Way to Manage Passwords and How Attackers Exploit it”
Like anything to do with computers, password management has its share of jargon. To avoid cluttering up my posts on password management, these terms are defined here.
Continue reading “Definitions for Common Password Security Terms”
In 2009, I had a few ideas that I wanted to get out into the world, and I wrote up a few of them for this site. I then took a break for a variety of reasons. One reason is that the next planned article turned into a lengthy research project on password security.