Posted by: Ken Harthun
GRC.com, Password Paradigm, passwords, Security, Security best practice, Steve Gibson
In this part, I’ll comment on some of the past articles I’ve posted about passwords and align them all with the new paradigm (See “The New Password Paradigm – Part 1” and “The New Password Paradigm – Part 2“).
Feb 17 2008: How to Write Down Your Passwords and Not Worry About Someone Stealing Them – This article, one of my earliest on the subject, is a neat little system for creating unguessable passwords and writing them down. It’s a bit too complex and is now obsolete as is this Aug 24 2009 post: Un-guessable Passwords—How to Make Them.
Feb 24 2008: Can a Criminal Hacker Guess Your Password? – This article talks about the dangers of using common words, keyboard patterns and other easily guessable passwords. It is just as valid today as it ever was with the exception that under the new paradigm, you can use such things in combination with your personal password padding policy.
Apr 27 2008: Your Wallet is the Best Password Manager – Says to write your passwords down and keep them in your wallet. Still applicable. You should not write down your padding pattern with those passwords, however. Say you use “…” as your padding and choose the word “fireplace” as your password, padding it like this …fire…place… Simply write the word fireplace on your list, not the whole padded thing.
Aug 20 2009: Peter Piper Picked a Perfect Password Pattern – I suggested using patterns to pad passwords almost two years ago, a major component of the new paradigm.
Apr 22 2010: Passwords Are Too Complicated – I was right: passwords are too complicated! Passphrases are easier to remember and under the new paradigm, you don’t even have to get very creative to come up with them.
Apr 26 2010: Jabberwocky – Password – This nifty little post about using Lewis Carroll’s poem, “Jabberwocky,” to create stong passwords is pretty brilliant if I do say so myself. Couple that with a good padding pattern and you have a real winner.
May 13 2010: Secure Computing: Password Card is a Winner – The password card is a nifty little tool and is still a valid way to create and remember complex passwords; however, it’s obsolete under the new paradigm unless you want to use it to create padding patterns.
Sep 14 2010: Is Your Password on the List of Worst Ones Ever? – Valid information, but hardly dangerous if you use one of them with a padding pattern.
Dec 27 2010: Use Strong, Unique Passwords! Use Strong, Unique Passwords! Use Strong, Unique Passwords! – Valid information that once again suggests using a personal pattern.
Jan 18 2011: Password Voodoo – A nifty trick using your keyboard FCC ID to create a password, but it still requires that you remember a pattern.
Mar 26 2011: Create Perfect Passwords on Paper – Steve Gibson’s Perfect Paper Passwords is still relevant and also can be used to create your password padding pattern.
May 22 2011: How Long Should a Strong Password Be These Days? – Definitely valid information and the new paradigm makes it even easier to make 15-character long (or longer) passwords.