{"id":8987,"date":"2006-03-10T09:51:49","date_gmt":"2006-03-10T16:51:49","guid":{"rendered":"http:\/\/hill-kleerup.org\/blog\/wp\/2006\/03\/10\/passwords-and-the-users-who-love-them.html"},"modified":"2006-03-10T09:51:49","modified_gmt":"2006-03-10T16:51:49","slug":"passwords_and_t","status":"publish","type":"post","link":"https:\/\/hill-kleerup.org\/blog\/2006\/03\/10\/passwords_and_t.html","title":{"rendered":"Passwords and the Users Who Love Them"},"content":{"rendered":"<p>In case there was any question, <a href=\"http:\/\/psychology.wichita.edu\/surl\/usabilitynews\/81\/Passwords.htm\" target=\"_blank\">people follow bad password practices<\/a>.  Duh.<\/p>\n<p>And it&#8217;s not a matter of education.  People <em>know <\/em>the rules, they just don&#8217;t <em>follow <\/em>them.<\/p>\n<p>Looking at my own practices, there are some &#8220;bad&#8221; things I do, and some things I do that are outside of average.  I tend to reuse some passwords more than I should, but they&#8217;re not trivial passwords, and I keep them pretty secure.  (I also have different levels for different types of accounts &#8212; things having to do with money vs. access to other sites.)<\/p>\n<p>I could do better &#8212; but, then, the same thing keeps me from doing so as keeps everyone else:  convenience \/ laziness.  Constructing difficult passwords with different character types, recycling them periodically, and choosing different ones for every site &#8230; is, frankly, impossible.<\/p>\n<p>Things need to shift, either to some sort of more persistent (and secure) user identification (single sign-on sort of thing), or else some sort of biometrics.  Both of those have problems that go with them, but userid\/password combos do, too, and we&#8217;ve reached the limits of what we can do to address them.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In case there was any question, people follow bad password practices. Duh. And it&#8217;s not a matter of education. People know the rules, they just don&#8217;t follow them. Looking at&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","_seopress_robots_follow":"","_seopress_robots_imageindex":"","_seopress_robots_snippet":"","_seopress_robots_primary_cat":"","_seopress_robots_breadcrumbs":"","_seopress_robots_freeze_modified_date":"","_seopress_robots_custom_modified_date":"","_seopress_robots_canonical":"","_seopress_social_fb_title":"","_seopress_social_fb_desc":"","_seopress_social_fb_img":"","_seopress_social_fb_img_attachment_id":0,"_seopress_social_fb_img_width":0,"_seopress_social_fb_img_height":0,"_seopress_social_twitter_title":"","_seopress_social_twitter_desc":"","_seopress_social_twitter_img":"","_seopress_social_twitter_img_attachment_id":0,"_seopress_social_twitter_img_width":0,"_seopress_social_twitter_img_height":0,"_seopress_redirections_value":"","_seopress_redirections_enabled":"","_seopress_redirections_enabled_regex":"","_seopress_redirections_logged_status":"","_seopress_redirections_param":"","_seopress_redirections_type":0,"_seopress_analysis_target_kw":"","_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[20],"tags":[],"class_list":["post-8987","post","type-post","status-publish","format-standard","hentry","category-hi-tech"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":41215,"url":"https:\/\/hill-kleerup.org\/blog\/2014\/02\/26\/a-lot-of-tough-passwords-are-not-all-that-tough.html","url_meta":{"origin":8987,"position":0},"title":"A lot of tough passwords are not all that tough","author":"***Dave","date":"Wed 26-Feb-14 2:41pm","format":false,"excerpt":"Cracking programs aren't just using dictionary items, but common letter\/number substitutions, word combinations, and frequently used numeric suffixes and prefixes. And if the cracker has any info about you (esp. stuff from your hard drive), that's all grist for the cracking mill (so your birthday, anniversary date, kid's dates, zip\u2026","rel":"","context":"In &quot;~PlusPosts&quot;","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":40330,"url":"https:\/\/hill-kleerup.org\/blog\/2014\/01\/07\/eek-google-knows-my-wifi-passwords-eek.html","url_meta":{"origin":8987,"position":1},"title":"Eek! Google knows my WiFi passwords! Eek!","author":"***Dave","date":"Tue 7-Jan-14 8:27am","format":false,"excerpt":"Or, perhaps, ho-hum. \u00a0Yes, if you have turned on \"back up my settings\" on your phone, then things like your WiFi passwords are being backed up, too. \u00a0Um ... yes, they are. And this is a shocking revelation?Same thing happens if you login to Chrome and have it back up\u2026","rel":"","context":"In &quot;~PlusPosts&quot;","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":131268,"url":"https:\/\/hill-kleerup.org\/blog\/2016\/08\/13\/passwords-are-better-longer-not-more-complex-or-frequently-changed.html","url_meta":{"origin":8987,"position":2},"title":"Passwords are better longer, not more complex or frequently changed","author":"***Dave","date":"Sat 13-Aug-16 2:52pm","format":false,"excerpt":"And even the government is beginning to recognize that. Which is good news, even if longer passwords make for more opportunity for mistyping.The one thing I'll say about having 60 or 90 day expiries on passwords is that if a password is compromised, that compromise has a limited lifespan. But,\u2026","rel":"","context":"In &quot;~PlusPosts&quot;","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":130405,"url":"https:\/\/hill-kleerup.org\/blog\/2016\/04\/11\/creating-a-digital-will-for-your-passwords-and-accounts.html","url_meta":{"origin":8987,"position":3},"title":"Creating a &quot;digital will&quot; for your passwords and accounts","author":"***Dave","date":"Mon 11-Apr-16 3:56pm","format":false,"excerpt":"Another good reminder and checklist for making sure your digital estate is in order. My wife and I share a LastPass account, but I certainly need to make provision for someone else to have access to it in case we both get hit by the same meteor.(LastPass obviously has some\u2026","rel":"","context":"In &quot;~PlusPosts&quot;","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":44241,"url":"https:\/\/hill-kleerup.org\/blog\/2014\/08\/07\/on-those-billion-plus-stolen-passwords.html","url_meta":{"origin":8987,"position":4},"title":"On those billion-plus stolen passwords","author":"***Dave","date":"Thu 7-Aug-14 9:13am","format":false,"excerpt":"Bruce Schneier is more than skeptical, given that the information about the actual passwords is sparse, and the news was broken by a single company, which nobody's ever heard of, who's now charging a fee to have your security status monitored. \u00a0(The article and comments are both worth a read.)Yeah,\u2026","rel":"","context":"In &quot;~PlusPosts&quot;","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":12067,"url":"https:\/\/hill-kleerup.org\/blog\/2007\/11\/26\/hash.html","url_meta":{"origin":8987,"position":5},"title":"Hash","author":"***Dave","date":"Mon 26-Nov-07 11:25am","format":false,"excerpt":"Oh, boy, you can use Google to decrypt MD5-encoded passwords. Um ... yippee? It only actually works on dictionary-entry passwords (which are big no-no's anyway)....","rel":"","context":"In &quot;Hi-Tech&quot;","block_context":{"text":"Hi-Tech","link":"https:\/\/hill-kleerup.org\/blog\/category\/hi-tech"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/posts\/8987","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/comments?post=8987"}],"version-history":[{"count":0,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/posts\/8987\/revisions"}],"wp:attachment":[{"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/media?parent=8987"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/categories?post=8987"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/tags?post=8987"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}