hacked - looking for doc/suggestions on hardening/securing systems from the start
Greg Woods
woods at ucar.edu
Fri Dec 20 16:35:31 UTC 2013
On Fri, 2013-12-20 at 18:35 +1030, Tim wrote:
> Allegedly, on or about 19 December 2013, Greg Woods sent:
> > it is very risky to use the same password at multiple locations, even
> > if it is an easy-to-remember but hard-to-guess password.
>
> It definitely is, and I've seen the results, even on the more benign
> side of things.
The eventual point of this is that there is really no such thing as a
hard-to-guess and easy-to-remember password. It's one thing to have a
password like "purplepolkadotsonmydog", but another to remember whether
that password was for Amazon, Newegg, Kaiser, <list of 100 other web
sites>.
I can and do use a very small number of hard-to-guess, easy-to-remember
passwords for places where using the password safe is not practical
(e.g. the initial login to my personal machines, the password for the
safe, the password for Dropbox). But for anyone who does a lot of stuff
online, and therefore interacts with a large number of sites that use a
password for authentication, you need a password safe.
--Greg
More information about the users
mailing list