[NBLUG/talk] How do you handle physical device passwords?

Christopher Wagner waggie at waggie.net
Mon May 8 11:51:38 PDT 2017


Generally speaking, passwords that are long, but also relatively easy to 
type tend to be the best compromise.  Something like "Walking to the 
7/11 today." or "EatingGreenBananasSucks!" are both easier to type, but 
also very difficult for a password cracker to get without substantial 
resources.  There's obviously a lot of dictionary words, but with 
multiple words, a long length, mixed case, and the special characters, 
the chance of them being cracked without substantial resources is 
vanishingly small.


On 05/07/2017 03:25 PM, Allan Cecil wrote:
> In advance of Kyle's talk on Tuesday I was curious what practices other NBLUG folks follow with physical access passwords, i.e. passwords that you have to type frequently to gain access to a local PC or other personal device.  Since it's a password that you'll be typing often you generally want a password that is easy to type but that is often at odds with good security practices.  I'm seriously doubting my own methods after attending the Thotcon security conference this past week.  Obviously, don't give up anything secret or sensitive here, but how do you handle passwords that by their nature can't be in a password manager and have to by typed frequently?
>
> This is probably a discussion for after Kyle's talk but it's been on my mind and I didn't want to wait.  Thanks for your thoughts!
>
> A.C.
> ******
> President, North Bay Linux Users' Group
>
> On 04/18/2017 03:05 PM, Allan Cecil wrote:
>> Topic: Sex, Secret and God: A Brief History of Bad Passwords
>> When: Tuesday May 9th, 7:30 PM to 9:00 PM
>> Speaker: Kyle Rankin
>>
>> Location: O'Reilly Media, Sebastopol CA in the Tarsier conference room
>> past the metal statue and to the right ( http://nblug.org/locations )
>>
>> Description:
>> Most of what we've been told over the years about what makes a good
>> password has been wrong, so it's no surprise most people pick bad
>> passwords. This talk will cover the history of password policy and password
>> cracking starting from the days when Richard Stallman hacked the passwords
>> forced on his MIT computer lab because he considered passwords an
>> authoritarian method of control. Next I'll discuss the golden days of
>> password guessing featured prominently in movies like Hackers and WarGames.
>>
>> Then I'll move to the tech boom and the introduction of draconian IT
>> policies like password rotation and password complexity and the dirty
>> little leet-speak password secrets they led to. As we get closer to the
>> modern day I'll discuss the "correct horse battery staple" password
>> renaissance and more modern approaches to password cracking spawned by
>> tools like oclhashcat and giant password databases dumps like the RockYou
>> hack.
>>
>> I'll finish up with modern attempts to fix the password auth problem such
>> as new approaches to secure password generation in password managers or
>> schemes such as diceware as well as cover password auth reinforcements like
>> the different forms of 2FA (including U2F) and Facebook's new approach to
>> "I forgot my password" workflows. By the end everyone should have plenty of
>> ammunition to take back to their IT department and get rid of those
>> horrible password policies.
>> _______________________________________________
>> announce mailing list
>> announce at nblug.org
>> http://nblug.org/cgi-bin/mailman/listinfo/announce
>>
> _______________________________________________
> talk mailing list
> talk at nblug.org
> http://nblug.org/cgi-bin/mailman/listinfo/talk



More information about the talk mailing list