Password Madness
Ok so this is a subject I just can’t let go. The first article I wrote about passwords was Password Insecurity – Wordlists/Dictionary where I stated that everybody should use pass phrases instead of regular 8 character passwords. I think that was the most notable thing about the article. While in this article will go further with password malpractice.
Remember password for this website!
I think that this is somewhere on top of the stupidest things a user can do. I mean seriously, once somebody knows the password (even your browser) than already it’s not a password. As talked today with somebody that used to store his passwords in a file on a encrypted partition. Even if they were secure this way, that also misses the point of passwords. Can’t remember it? Use a pass phrase that fits the scenario, not #h#41i”] as password.
And before we forget, by having your browser remember passwords you’re helping anyone interested in your private data with access to the PC. Kudos to you.
Password Anti-Pattern
There has never been an easier way to teach people how to get phished.
Wondering what this is about? Well, if imagine you’re in the following situation: you register on a website, the website asks you to “spam” your friends, you have to supply your email address and password to send them the message.
Sounds familiar? If yes, that’s a typical password anti-pattern.
You should never have to give your password to anybody (or any third party), for such situations there are special API’s and stuff like that. For example OpenID, OAuth… Didn’t use any of them (didn’t have the need till now), but people tend to praise them. If a website uses a password anti-pattern way, just let it be, it doesn’t deserve your time and private data security.
Write it down…
And people still tend to do this. The problem that people don’t realize that not only hackers are interested in your personal data (and most of the time they won’t be), but so do your so called friends…
What…
If you haven’t got anything that you think might create a negative image of yourself? Then just post your password all over the places, in every signature you’ve got, on every desktop, every picture, etc… and yes don’t forget to submit it to bug me not, some people might find it useful.
