View Single Post
Old 12-06-2013, 02:58 PM   #12
eschwartz
Ex-Helpdesk Junkie
eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.
 
eschwartz's Avatar
 
Posts: 19,421
Karma: 85400180
Join Date: Nov 2012
Location: The Beaten Path, USA, Roundworld, This Side of Infinity
Device: Kindle Touch fw5.3.7 (Wifi only)
I will second the recommendation of Lastpass. Even the free (non-premium) version supplies all the functionality except for the mobile apps, and a few exotic options. It encrypts your data locally and stores only the encrypted blob without the password on their servers for multi-device sync, using military-grade encryption.

It will automatically generate secure passwords that are random enough to remain unbroken even AFTER adobe's servers were hacked. And Adobe claims the hacked passwords were from a backup that wasn't using contemporary security -- in other words, new accounts are protected far better.

http://arstechnica.com/security/2013...word-crackers/
Quote:
Originally Posted by @arstechnica.com
What is clear is that Adobe never should have stored passwords in a reversibly encrypted format. Company officials seemed to acknowledge that. In a statement to Ars, Adobe spokeswoman Heather Edell wrote:
Quote:
For more than a year, Adobe’s authentication system has cryptographically hashed customer passwords using the SHA-256 algorithm, including salting the passwords and iterating the hash more than 1,000 times. This system was not the subject of the attack we publicly disclosed on October 3, 2013. The authentication system involved in the attack was a backup system and was designated to be decommissioned. The system involved in the attack used Triple DES encryption to protect all password information stored. We currently have no indication of unauthorized activity on any Adobe ID account involved in the incident.

Either way, your best bet is to use a unique, randomly generated password. The harder your password is to break, the more likely the hackers will give up after cracking the passwords of the other 70% of people who didn't follow proper password security protocol.

http://arstechnica.com/security/2012...under-assault/
Quote:
Originally Posted by @arstechnica.com
But with few exceptions, the exponential wall rarely impedes most password crackers. As demonstrated by the RockYou dump, the typical person is notoriously sloppy when choosing a passcode. A full 70 percent of them contained eight characters or less. Only 14 million of the 32 million total were unique, showing that a large percentage of passwords are duplicates. Atom, the Hashcat developer and password-cracking expert, estimates that 66 percent of entries from the typical unsalted hash list can be cracked by a single person in less than two days.

So what can the average person do to pick a passcode that won't be toppled in a matter of hours? Per Thorsheim, a security advisor who specializes in passwords for a large company headquartered in Norway, said the most important attribute of any passcode is that it be unique to each site.

"For most sites, you have no idea how they store your password," he explained. "If they get breached, you get breached. If your password at that site is unique, you have much less to worry about."

It's also important that a password not already be a part of the corpus of the hundreds of millions of codes already compiled in crackers' word lists, that it be randomly generated by a computer, and that it have a minimum of nine characters to make brute-force cracks infeasible. Since it's not uncommon for people to have dozens of accounts these days, the easiest way to put this advice into practice is to use program such as 1Password or PasswordSafe. Both apps allow users to create long, randomly generated passwords and to store them securely in a cryptographically protected file that's unlocked with a single master password. Using a password manager to change passcodes regularly is also essential.
Of course, your email address will still be found and spammed, so you may wish to try the services of http://spamgourmet.com to act as a barrier between you and Adobe. Assuming you feel you will ever need the ability to email a password restore option.

I don't, but then, I only really use ADE for library books, and didn't bother registering. I couldn't care less if I lose future access to them, since they are only good for 3 weeks anyway.
eschwartz is offline   Reply With Quote