http://www.securetoday.net/2009/02/secure-your-password/ Protecting your own for the future Sat, 17 Jul 2010 04:12:12 -0600 http://wordpress.org/?v=2.9.2 hourly 1 http://www.securetoday.net/2009/02/secure-your-password/comment-page-1/#comment-40 Angel Sat, 20 Feb 2010 14:43:45 +0000 http://www.securetoday.net/?p=57#comment-40 Thank you.. That's good ! Thank you.. That’s good !

]]> http://www.securetoday.net/2009/02/secure-your-password/comment-page-1/#comment-38 Rex Wed, 17 Feb 2010 20:38:09 +0000 http://www.securetoday.net/?p=57#comment-38 Very true, all passwords will eventually be cracked. It is just a matter of time. So the password itself is no longer what we need to focus on now. But "time". The more complicated it is, the longer it will take for someone to crack it. Resetting or changing it often is a very good practice. This is also "time" driven as you are giving the cracker no time to figure out the correct password. Tokens are very good complements of passwords. Using a time- or challenged-based tokens appended to your existing password makes it harder for the password to be cracked. Because even though they have figured out your actual password, if they don't have the token to generate additional randomness, it is still an invalid password to the system. Very true, all passwords will eventually be cracked. It is just a matter of time. So the password itself is no longer what we need to focus on now. But “time”. The more complicated it is, the longer it will take for someone to crack it. Resetting or changing it often is a very good practice. This is also “time” driven as you are giving the cracker no time to figure out the correct password. Tokens are very good complements of passwords. Using a time- or challenged-based tokens appended to your existing password makes it harder for the password to be cracked. Because even though they have figured out your actual password, if they don’t have the token to generate additional randomness, it is still an invalid password to the system.

]]> http://www.securetoday.net/2009/02/secure-your-password/comment-page-1/#comment-36 Angel Sun, 14 Feb 2010 20:19:03 +0000 http://www.securetoday.net/?p=57#comment-36 Any kind of passwords, no matter how complex it is [with alpha, alpha numeric, alpha number + special characters] it can be cracked using brute force technique. So what would be your best advise to protect the passwords - Is resetting pwd frequently the only solution or what according to you is the best ? Any kind of passwords, no matter how complex it is [with alpha, alpha numeric, alpha number + special characters] it can be cracked using brute force technique. So what would be your best advise to protect the passwords – Is resetting pwd frequently the only solution or what according to you is the best ?

]]> http://www.securetoday.net/2009/02/secure-your-password/comment-page-1/#comment-6 Petrie P. Sun, 19 Jul 2009 18:45:38 +0000 http://www.securetoday.net/?p=57#comment-6 Thanks for this. It's informative. Thanks for this. It’s informative.

]]> http://www.securetoday.net/2009/02/secure-your-password/comment-page-1/#comment-4 Zarex dela Cruz Tue, 14 Jul 2009 21:22:41 +0000 http://www.securetoday.net/?p=57#comment-4 One of the countermeasure I failed to include for security professionals in their corporate world is the implementation of "clipping level", where you set the threshold for invalid failed login attempts. This will counter any dictionary or brute-force attacks. On the contrary, accounts that exceeds these thresholds set will disable their account, which is an availability issue. Something you need to look into. One of the countermeasure I failed to include for security professionals in their corporate world is the implementation of “clipping level”, where you set the threshold for invalid failed login attempts. This will counter any dictionary or brute-force attacks. On the contrary, accounts that exceeds these thresholds set will disable their account, which is an availability issue. Something you need to look into.

]]>