Navigation
Thought for the Dazed

I've had to give up that Distance Learning course as I was having trouble seeing the teacher.

Flickr
Twitter
Tag Cloud
C# Yellow Book

Links
Search entire site
« 3D Printing on Sunday | Main | Ex NA »
Saturday
Feb022013

Password Panic

DateSaturday, February 2, 2013 at 04:05PM

DSCF0680_1_2.jpg

Seems like my Twitter password, along with 250,000 others has been stolen. Well, not the password as such, but the encrypted version that Twitter store. This is probably not a huge problem for me. When I give my password to Twitter they pass it through a “one way” algorithm that turns it into meaningless gibberish. The idea is that it is very hard (or hopefully impossible) to take the gibberish and turn it back into the super secret phrase that I dreamt up all that time ago.

For me the biggest problem now is that I have to think up a new password. I’ve found that the best way to invent passwords is to think about them a long way away from the computer, maybe when you are doing the vacuuming, and then type them in later. If you can’t remember the password that you thought up a little while ago when doing the living room carpet it is probably not a good choice after all. My present approach, which works for me when a site will let me do it, is to run a bunch of words together. Perhaps “runabunchofwordstogether” would actually make quite a good password. Perhaps not. Anyhoo, I’ve changed my password and can now resume life.

The thing that really worries me about password breaches like this is that they provide a good context for these nasty “Your account has been compromised” emails that spammers send out to try and trick you into logging in to fix your account. Then again, that might be why the steal the names in the first place.

AuthorRob | Comment3 Comments |

Reader Comments (3)

LastPass and YubiKey is best way to think of passwords nice 24 character randoms for each individual site then even if one is compromised it doesn't affect anything else on the internet. Also the YubiKey comes into play for physical attack as allows for two factor authentication on every site on the internet instead of just the ones that support it.

But I guess it all comes down to trust at end of the day since if you don't trust your passwords been stored somewhere other than your mind this isn't a good idea I guess but trusting it with true security professionals well that's a dilemma only you can solve!
February 2, 2013 | Unregistered CommenterAndrew Flatters
"Seems like my Twitter password, along with 250,000 others has been stolen. "
Upon first read I though you had 250,000 passwords for a moment, Second read allowed me to chuckle at my error.
February 4, 2013 | Unregistered CommenterDuncan Mulholland
If you like to have good password just get a totally random row of numbers and letters at least 12 characters long (if you cannot think of one yourself just borrow and CD-key for some product) and learn it. It isnt so hard to memorize 12 symbols but once you do even if someone is looking at you typing your password or even you tell him your password he will be like "WTH?" :D
March 11, 2013 | Unregistered CommenterJordan

PostPost a New Comment

Enter your information below to add a new comment.
Author Email (optional):
Author URL (optional):
Post:
 
All HTML will be escaped. Hyperlinks will be created for URLs automatically.

Notify me of follow-up comments via email.