RSS

Some notes from the panel discussion at SciFlix: The Imitation Game

08 Apr

During the Panel Discussion for The Imitation Game SciFlix Event, panelist Dr. Hossein Saiedian presented some ideas on how to generate passwords that were not easy to guess, yet complicated enough to foil a brute force, dictionary attack.

capt.png

Image 1

 

He also listed some good practices and things to avoid. Because I don’t expect many attendees came armed with their note pads, I wanted to post some excerpts from that presentation.

By the way, can you identify the two photos in image 1 & 2  and explain their relevance and origins?

 

Pencil.png

Image 2

 

Key/password selection

  • ‘Key’ to good encryption: a good password (or key)
  • Passwords (pass phrases) are used for encryption and authentication
  • Key to maintaining security, privacy, and preventing identity theft
  • Objective: avoiding guessable passwords while selecting passwords that are strong and memorable

 

Common recommendations

    • 12 characters or longer
    • A combination of lowercase and uppercase letters, digits and special symbols
    • Formed from characters from an obscure phrase
    • Easily remembered by you but difficult for others to guess
    • Monitor for possible eavesdroppers during password entry

Things to avoid

  • Reusing passwords
  • Recording (writing down) passwords
  • Using the same password on two or more systems/contexts

Bad password practices facilitate two common password vulnerabilities: dictionary attacks and social engineering

Spicer.png
Posting passwords to Twitter accounts with 1.7M followers

Some short phrase ideas

  • Phrase association: Icw82Cmd!

    I can’t wait to see my dog!

  • Letter/number combination: Mocbd=0520

    My older child’s birthday = May 20

  • Letter/number sequence association especially when you are requested to change password at intervals: 89-93GhwB(41)

   Pres from 89-93:George Herbert Walker Bush (41st)

 

Some Free Encryption Tools

Personally, I (Jack), have used Dashlane as a password manager and generator since its inception. I’m not certain what my panelists would think of this, but I invite them to post their opinion here.

 

If you don’t know the images identified above, go here to learn about Image 1. For Image 2, you may need to think a while. In the meantime…

Shall we play a game?

Advertisements
 
Leave a comment

Posted by on April 8, 2017 in Uncategorized

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: