Encrypting Data Doesn't Do Much Good If You Tape The Password To The Storage Device...
from the just-saying... dept
In the early days of large scale data leaks online, the mantra one heard over and over again was "encryption, encryption, encryption!" Yet, encryption alone doesn't do much good, if you tape the passwords to decrypt the data to the storage device itself (found via Michael Scott). Yet, whaddaya know? That's exactly what happened in a recent data breach in the UK, though I'm sure similar breaches happen all over the world. This is what happens when someone preaches a specific action in security, rather than actual secure thinking and planning.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: encryption, leaks, passwords
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
KeePass works wonders.
[ link to this | view in chronology ]
Re: Re:
"Also, you should use different passwords for each account. Because if you use only one password everywhere and someone gets this password you have a problem... A serious problem. The thief would have access to your e-mail account, homepage, etc. Unimaginable."
But losing the KeyPass master password can cause much more trouble! Atleast, when you are using the same password for all accounts, a person getting hold of the password will have a tough time figuring out where all you have login accounts and what the user names are. But in the case of KeyPass, even that info is available to the bad guy!!
IMO, writing down a really strong password in a small insignificant scrap of paper and secreting it inside ones wallet or a safety locker at home is not a bad idea. It is much more secure than having john/john as u/p!
regds
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
a 32 character password that's all lowercase takes waaaay longer to guess/crack than an 8 character password composed of upper/lowercase characters, numbers, and symbols.
the problem of course is that many systems have a maximum length for passwords.
the best recommendation that i have heard is to take a line from a favorite song or quote from a favorite novel and switch out one word, or flip a pair of words, for example:
it was the best of times, it was the burp of times
it best the was of times, it was the worst of times
it was the best of worst, it was the times of times
was it the best of times, was it the worst of times
[ link to this | view in chronology ]
How about PKI?
(For recovering backups, you do the same thing in reverse; the agency generates a keypair and sends the public key to the backup facility)
[ link to this | view in chronology ]
Re: How about PKI?
[ link to this | view in chronology ]
Re: How about PKI?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Encryption
http://ducknetweb.blogspot.com/2009/05/smart-inhaler-with-blue-tooth-and.html
http://ducknetw eb.blogspot.com/2009/04/biotronik-home-monitoring-cardio.html
Anyway, just thought I would share a couple geeky healthcare devices and there's more, so when it comes to devices transmitting data, I am really concerned over security! An off the cuff story too where they equip elephants with SIM cards to text when the killer elephants get near.
http://ducknetweb.blogspot.com/2008/10/elephant-texting-yes-elephants-are-now.html
Thank s again for the visits!
[ link to this | view in chronology ]
http://prnmeg.blogspot.com/2016/1 2/2017-download-twittar-free.html
http://prnmeg.blogspot.com/2016/12/2017-download-kik-messenger.html
http://prnmeg.blogspot.com/2016/12/download-instagram-free.html
http://prnmeg.blogspot.com/2016/12/20 17-download-wechat-free.html
[ link to this | view in chronology ]