Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

The Voice of the DBA

Steve Jones is the editor of SQLServerCentral.com and visits a wide variety of data related topics in his daily editorial. Steve has spent years working as a DBA and general purpose Windows administrator, primarily working with SQL Server since it was ported from Sybase in 1990. You can follow Steve on Twitter at twitter.com/way0utwest

You Need to Manage Passwords

I saw a note this week from CNet about a system built to crack passwords (also on ArsTechnica). It reminded me of the story of the guy that cracked Googles DKIM key at 512bits. Not insignificant, until you get to the point of renting that power from AWS for tens of dollars.

Here’s a great comic on the subject of passwords: Password Strength. It’s got some good advice, but there’s more to it than just having a good strong password. You need to manage your passwords, as in you need to have lots of them.

Doubt that? Here’s a good piece from Troy Hunt.

You need a password manager. Whether you use 1Password, KeePass, or PasswordSafe (my choice), choose one and set the defaults to something long. I’ve been using 12characers, but I’ve moved to 16 for my passwords. All of these work cross platform, and you can sync your files between devices.

One more thing: you need to rotate passwords. Not just on your password manager, but on your various sites. If someone gets a copy of your password manager file, then it’s just a matter of time before they can crack it. Within months, they could have all the passwords in your file if they were determined.

Lots of passwords I’m not overly worried about, but some I am. Banks, mail, a few of my profiles, these are important to me, and so I rotate the password periodically on them, using new passwords from my manager.

Security is hard, and passwords aren’t going away anytime soon. Tell your friends, family, and make sure they all consider using some type of password manager and improving their security.


Filed under: Blog Tagged: security, syndicated

Comments

Leave a comment on the original post [voiceofthedba.wordpress.com, opens in a new window]

Loading comments...