How to generate and use unbreakable passwords

Steve Gibson is a well respected security journalist, known around the world through his Security Now podcast, on Leo Laporte’s TWiT network.

Steve has written some very cunning software which randomly generates strings of characters. Even the page which displays the cryptographic strength, non-repeating strings is secure, because it’s marked as having expired back in 1999, so your browser doesn’t cache it. [Visit grc.com]

By using these passwords in place of the English phrases we all normally use, you can reduce the chances of a brute force dictionary hack gaining access to your private information – which as republican vice presidential candidate Sarah Palin found out, even Yahoo! mail can be all to easy accessed. [More on this at the washingtonpost.com]

The problem with long random passwords is that they’re impossible to remember. You could paste them into a text file and keep that on a USB thumb drive, to which only you have access. But Microsoft Windows is itself fundamentally weak – anyone can change the password which is used to access your account – and it’s just as trivial to gain access to a Windows machine via the internet.

As far as we know there are no known ways of remotely accessing Apple Mac OS X and local account root passwords are similarly very robust, but it’s only a matter of time before someone, somewhere figures out how to get around this and if, in the case of someone having physical access to a machine where the password text file is just left laying around in the documents folder, or in a sticky note, any steps taken to lock down important data is immediately and very simply undone.

In steps Pastor, by Markus Mehlau. A very simple tool which keeps your log-in details (URL, username, et cetera) and passwords inside a locked document.

There is a problem of infinite regress, naturally, in that you must choose an easy to remember pass-phrase to unlock the software – so we’re not talking military grade encryption here – but in the event your laptop gets stolen or your computer is in a common area, where other people who share your house can easily sneak a peek at your private data, Pastor is extremely handy.

For a whole lot more security and flexibility, you have to go a long way to beat 1Password. ScreenCasts Online host, Don McAlister, has produced an excellent overview of the product and how it can be used to protect you, not only from phishing scams, but how it integrates itself automatically into all the commonly used web browsers, to safely log you into sites using passwords which are stored in your OS X’s Keychain.

There’s a fully working time limited demo of 1Password available for download from agilewebsolutions.com

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s