by Jay Heiser | August 8, 2012 | Comments Off
I was recently forced to change my password on a UK pension system, and my first 4 password offerings were unacceptable. I was baffled as to what part of the password didn’t meet the requirements. Today, I needed to login and review a pay stub, had to reset my password, and the exact same thing [...]
Comments Off
Category: Cloud security Tags: authentication, password complexity, password reuse, password slurping, passwords
by Jay Heiser | August 1, 2012 | 1 Comment
I spent a frustrating 5 minutes this weekend enduring a forced password change on a retirement account containing $400. I was sure that the randomly generated and completely unmemorizable string my password utility came up with exceeded 7 characters, contained upper and lower case letters, at least 1 number, and a special character. It finally [...]
Category: security Tags: authentication, Dropbox, hacking, password slurping, passwords, SaaS security, security
by Jay Heiser | April 19, 2012 | 1 Comment
I frequently see end user policies that contain the following two elements: Passwords must be so complex that they cannot be guessed Passwords may not be written down This is almost a model case of perfectly secure and perfectly unusable. I say almost, because the unfortunate fact of the matter is that strong passwords only [...]
Category: Policy security Tags: malware, password slurping, passwords, policy, slurping attack
