[LINK] Guidance re Passwords
Roger Clarke
Roger.Clarke at xamax.com.au
Wed Jul 27 18:55:58 AEST 2011
>On 23/07/11 10:40 AM, Roger Clarke wrote:
>> Can linkers point to other useful guidance pages?
At 18:10 +1000 27/7/11, Ben McGinnes wrote:
>The key is to use a password (or phrase) with a decent level of
>password entropy.
>http://www.archonmagnus.com/articles/security/passwordEntropy.php
>https://secure.wikimedia.org/wikipedia/en/wiki/Password_strength
Thanks for those.
>I normally recommend people use a local password manager like
>KeyPassX, which is what I use to generate passwords with high levels
>of entropy (usually well over 128-bits) without having to worry about
>remembering anything except the passphrase to open KeePassX.
>http://www.keepassx.org/
What approach do you take to the 'all the eggs in one basket' problem
created by the use of a single (local) master-passphrase?
A passphrase is less subject to visual-observation capture than a
short password, but length is no protection against a
keystroke-logger.
And how do you manage multi-devices (portable, handheld,
home/work/client's premises, public-place device-of-convenience,
etc.)?
--
Roger Clarke http://www.rogerclarke.com/
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au http://www.xamax.com.au/
Visiting Professor in the Cyberspace Law & Policy Centre Uni of NSW
Visiting Professor in Computer Science Australian National University
More information about the Link
mailing list