Coding Horror: Dictionary Attacks 101
http://www.codinghorror.com/blog/archives/001206.html
Some ways of making this more avoidable
I like the increasing delay ideaPHPBB Password Analysis - Hacked Off - Dark Reading
PHPBB user's password pattern
Hilarious analysis of how people choose their (extremely naive) passwords
Dark Reading | Security | Protect The Business - Enable Access
A popular Website, phpbb.com, was recently hacked. The hacker published approximately 20,000 user passwords from the site. This is like candy to us security professionals because it's hard data we can use to figure out how users choose passwords. I wrote a program to analyze these passwords looking for patterns, and came up with some interesting results.
Analysis of PHBB passwords - interesting observations on some password choices
<tm> http://www.darkreading.com/blog/archives/2009/02/phpbb_password.htmlIt's Data Privacy Day: Do You Know Where Your Data Is?
We've covered oodles of privacy apps and topics over the years at Lifehacker, but here are some of our personal favorites:
Encriptación, navegación anónima, gestión de passwords, borrado seguro de ficheros, encriptación de comunicaciones...
Today is Data Privacy Day, during which we're encouraged to reflect on the state of our data and bolster security where we can—so let's take a closer look at our favorite data privacy tips.
Data Privacy Day, during which we're encouraged to reflect on the state of our data and bolster security where we can—so let's take a closer look at our favorite data privacy tips
** Posted using Viigo: Mobile RSS, Sports, Current Events and more **Death Switch
wow this is an interesting idea, albeit morbid.
A service that sends out messages after you're gone.
Sounds creepy, but it worth thinking about
Death Switch allows you to send out email messages, in the case of your demise. It repeatedly contacts you, and if you don't answer within a specified time window, it triggers the 'last message' to whoever you specify.Most common passwords list from 3 databases
List of most commonly used passwords
A detailed password analysis of compromised passwords from myspace, phpbb, and singles.org
Singles.orgのパスワード、やけに宗教的な語句が多いなと思ったら、キリスト教徒用出会いサイトなのねJoe Tech » How to Crack the Account Password on Any Operating System
Nifty utility to become root on a box.10 Password Strength Meter Scripts For A Better Registration Interface
For membership-oriented websites, registration forms are one of the most important parts. A problematic experience, even if the sign-up is completed, will place a "question mark" to the visitor or vice-versa. Password LockAnd, it is also the first step where you can show that you care about the security of the website & all the data collected. Although you can control/improve the security of the website, it is sometimes the weak passwords used that may have unwanted consequences. Guiding users to have a strong password with the help of password strength meters, besides being an easy process, will help improving the security of the whole & show that the website pays attention to it...Stop Password Masking (Jakob Nielsen's Alertbox)
Advice about how masking password entries can reduce usability and increase user error and frustration.
Jakob comes out against password masking
More importantly, there's usually nobody looking over your shoulder when you log in to a website. It's just you, sitting all alone in your office, suffering reduced usability to protect against a non-issue.
Got to agree with Jakob here. Seing *****'s as you type your password just leads to mistyped passwords
Can I get an Amen?
I question the overall security of an app if the input isn't masked. Logically, he makes sense, but users aren't asking for it. Leave it be.Creating an Advanced Password Recovery Utility - Nettuts+
Non-JS users get the common masked password fields.
iPhone-like password fields using jQuery // DECAF° blog für digitale kommunikation
Nice jQuery plugin to partially mask password fields.Better Password Inputs, iPhone Style | CSS-Tricks
iPhone style password input. implemented by duplicating the password field to a text field to have control of the contents.Chroma-Hash Demo
a sexy, non-reversible live visualization of password field input
Creates a color-bar visualization of the password field useful to avoid mistakes and non-reversible.
a non-reversible live visualization of password field inputFree login to any site
Conectate a cualquier sitio que necesite user & password
This service is made for you to save your time on registration for many sites. You can not register at all sites, so just type the name of site for which you need to enter login and password and click «Get».How to Recover Your Firefox Master Password - Firefox - Lifehacker
If you're using Firefox's built-in password management, you should also be using its master password feature to protect your saved passwords from prying eyes. But what happens if you lose your master password?
If you're using Firefox's built-in password management, you should also be using its master password feature to protect your saved passwords from prying eyes. But what happens if you lose your master password?Official Gmail Blog: Choosing a smart password
T. KendallBuild a Simple Password Strength Checker - Nettuts+
Great, Simple, and Useful - Password Strength Checker Tutorial
Segurança em senhasChroma-Hash Demo
Chroma-Hash is a sexy, secure visualization of password field input
Kind of pointless but cool
awesome password confirmation tool using color
<elderec> a sexy, secure visualization of password field input - http://foxxtrot.github.com/Chroma-Hash/mattt* / Chroma-Hash: A Belated Introduction
A very smart visualization of passwords and its effect on usability
Yesterday, I posted Chroma-Hash, an experiment in how to visualize the live-input of secure fields, such as a password on a login screen. So far, I’ve received a lot of great feedback, as well as a number of questions that I thought deserved a proper response. Before I go into any details, I invite you to check out the live demo, (if you haven’t seen it already), so you can get a clear idea of what Chroma-Hash does.
Article on how to solve the masked password issues. Solution doesn't work, but it's a start.
Elegant UI gives user visual feedback on correctness of "hidden" passwords
visualize the live-input of secure fields, such as a password on a login screenFreeMyPDF.com - Removes passwords from viewable PDFs
Use this site to remove passwords and restrictions (such as printing, copying text, etc.) from PDFs. Note: This only works for PDFs that you can open and read without any 3rd party plugins. PDFs that require a password to be viewed cannot be unlocked by this service.The Rails Way: Users and Passwords
a simple best practices article on handling passwords and authentication. There’s nothing particularly new here, but it’s always worthwhile revisiting the basics.Gmail and Google Apps Account Got Hacked
recuperação gmail
t of all your Gmail / Google Accounts and initiate the password recovery processTwitterのハッカーとのコンタクトに成功―攻撃手口の詳細が判明した
なるほど。メールアカウント乗っ取りからすべて始まったのか。
クラウドサービスのセキュリティ、秘密の質問、他のサービスのIDにリセットされたパスワードを送る、IDでIDの正当性を証明、ユーザが持つ複数のIDのうち1個のパスワードを破ればよい、蟻の一穴、ウィルス対策と同じ
攻撃手口jQuery Keypad
teclado virtual em jqueryYour Passwords Aren't As Secure As You Think; Here's How to Fix That - Passwords - Lifehacker
If you allow applications to save your passwords, anyone with physical access to your PC can decode them unless you're properly encrypting them—and chances are pretty good you're not. Let's walk through the right and wrong ways to store your passwords.
If you allow applications to save your passwords, anyone with physical access to your PC can decode them unless you're properly encrypting them—and chances are pretty good you're not. Let's walk through the right and wrong ways to store your passwords.16 of the Best Password Management Tools for Firefox 3
Nobody likes having to think up new passwords, which often leads to people using the same ones over and over. Even if you do come up with some good passwords,Benlog » Don’t Hash Secrets
I know very little about cryptography, but I do find it fascinating. This article seems to have solid, real-world advice, yet it is written in a way that even I can understand it. People who can write like this impress me.
why hash is not securityHow To Safely Store A Password | codahale.com
bcrypt
2010-01-31, by Coda Hale, "Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt."A List Apart: Articles: The Problem with Passwords
"Is there a middle path—a way to provide feedback and reduce password errors that doesn’t sacrifice the user experience? At least two design patterns address this issue in offline applications, and with a little JavaScript, we can bring them to the web. [...] The simplest solution is to mask the password by default while giving users a way to switch the field to clear text. [...] Apple adopted an interesting approach. The last letter typed into the field remains visible for a couple of seconds before turning into a dot. This creates an opportunity to catch errors without showing the entire password at once."Random Key Generator
パスワード
A variety of random keys that can be used for passwords, encryption keys, etc. - all randomly generated
Here you will find a variety of random keys that can be used for passwords, encryption keys, etc. - all randomly generated, just for you! Simply refresh this page for a completly new set of keys.Make Firefox Remember Passwords without a Bookmarklet
Security
f you invited me to try and crack your password, you know the one that you use over and over for like every web page you visit, how many guesses would it take before I got it?How I’d Hack Your Weak Passwords - Passwords - Lifehacker
How Your Password Could Be Hacked: http://j.mp/9LPHl1 #it
Internet standards expert, CEO of web company iFusion Labs, and blogger John Pozadzides knows a thing or two about password security—and he knows exactly how he'd hack the weak passwords you use all over the internet.Midnight Research Labs - Depant your network
The tool is called depant ((DE)fault (PA)ssword (N)etwork (T)ool). Depant works by downloading a default password list, and then mapping out the local network to see what open services are available. Once it has a list of services, it will test each service for default passwords. Once it’s gone through each of the services, depant will determine the fastest service (as recorded in phase one) and use it to perform an optional second phase of tests with a larger (user-supplied) set of default users/passwords.
depantYour PasswordCard
A PasswordCard is a credit card-sized card you keep in your wallet, which lets you pick very secure passwords for all your websites, without having to remember them! You just keep them with you, and even if your wallet does get stolen, the thief will still not know your actual passwords.
* Don't read along with your finger, or the smudge will tell a thief where your password is. * Keep your PasswordCard on your person, don't leave it lying around near your computer. * Clear your browser cache and history after printing this page.What’s the password…haddock?
% ha-gen -f ~/Documents/awesome_words.txt
Generador de passwords friendly. Hay otras alternativas como flapcore.
Password generator that attempts to use words that are more rememberable.The Easy, Any-Browser, Any-OS Password Solution - Security - Lifehacker
LastPass info from LifehackerTrick.ly
url shortener
Awesome new URL shortener, http://www.trick.ly/ allows you to set a password question to gain access to the long URL, perfect for fact tests
How to make URLs short and password protectedHow Secure Is My Password?
Como verificar si tu contraseña es segura
It would take About 700 million years for a desktop PC to crack your passwordHASHCRACK.COM - Reverse Hash Lookup for MD5, SHA1, MySQL, NTLM and Lanman-Password-Hashes
Explaining the necessity of having a secure password.
Explained by Common Craft