[NBLUG/talk] How do you handle physical device passwords?

Zack Zatkin-Gold zg at zk.gd
Sun May 7 15:59:59 PDT 2017


iPhone - 6 digits / Touch ID

ATM - 12 digit PIN (yes, you can make it longer than 4)

Desktop - easy to remember password

Laptop - easy to remember password

Work laptop - I generated a strong, alphanumeric with special characters
16 length password and spent the better part of an hour making sure that I
had it memorized.

> In advance of Kyle's talk on Tuesday I was curious what practices other
> NBLUG folks follow with physical access passwords, i.e. passwords that you
> have to type frequently to gain access to a local PC or other personal
> device.  Since it's a password that you'll be typing often you generally
> want a password that is easy to type but that is often at odds with good
> security practices.  I'm seriously doubting my own methods after attending
> the Thotcon security conference this past week.  Obviously, don't give up
> anything secret or sensitive here, but how do you handle passwords that by
> their nature can't be in a password manager and have to by typed
> frequently?
>
> This is probably a discussion for after Kyle's talk but it's been on my
> mind and I didn't want to wait.  Thanks for your thoughts!
>
> A.C.
> ******
> President, North Bay Linux Users' Group
>
> On 04/18/2017 03:05 PM, Allan Cecil wrote:
>> Topic: Sex, Secret and God: A Brief History of Bad Passwords
>> When: Tuesday May 9th, 7:30 PM to 9:00 PM
>> Speaker: Kyle Rankin
>>
>> Location: O'Reilly Media, Sebastopol CA in the Tarsier conference room
>> past the metal statue and to the right ( http://nblug.org/locations )
>>
>> Description:
>> Most of what we've been told over the years about what makes a good
>> password has been wrong, so it's no surprise most people pick bad
>> passwords. This talk will cover the history of password policy and
>> password
>> cracking starting from the days when Richard Stallman hacked the
>> passwords
>> forced on his MIT computer lab because he considered passwords an
>> authoritarian method of control. Next I'll discuss the golden days of
>> password guessing featured prominently in movies like Hackers and
>> WarGames.
>>
>> Then I'll move to the tech boom and the introduction of draconian IT
>> policies like password rotation and password complexity and the dirty
>> little leet-speak password secrets they led to. As we get closer to the
>> modern day I'll discuss the "correct horse battery staple" password
>> renaissance and more modern approaches to password cracking spawned by
>> tools like oclhashcat and giant password databases dumps like the
>> RockYou
>> hack.
>>
>> I'll finish up with modern attempts to fix the password auth problem
>> such
>> as new approaches to secure password generation in password managers or
>> schemes such as diceware as well as cover password auth reinforcements
>> like
>> the different forms of 2FA (including U2F) and Facebook's new approach
>> to
>> "I forgot my password" workflows. By the end everyone should have plenty
>> of
>> ammunition to take back to their IT department and get rid of those
>> horrible password policies.
>> _______________________________________________
>> announce mailing list
>> announce at nblug.org
>> http://nblug.org/cgi-bin/mailman/listinfo/announce
>>
> _______________________________________________
> talk mailing list
> talk at nblug.org
> http://nblug.org/cgi-bin/mailman/listinfo/talk
>



More information about the talk mailing list