Coding Horror: Dictionary Attacks 101
http://www.codinghorror.com/blog/archives/001206.html
Some ways of making this more avoidable
I like the increasing delay ideaPHPBB Password Analysis - Hacked Off - Dark Reading
PHPBB user's password pattern
Hilarious analysis of how people choose their (extremely naive) passwords
Dark Reading | Security | Protect The Business - Enable Access
A popular Website, phpbb.com, was recently hacked. The hacker published approximately 20,000 user passwords from the site. This is like candy to us security professionals because it's hard data we can use to figure out how users choose passwords. I wrote a program to analyze these passwords looking for patterns, and came up with some interesting results.
Analysis of PHBB passwords - interesting observations on some password choices
<tm> http://www.darkreading.com/blog/archives/2009/02/phpbb_password.htmlMost common passwords list from 3 databases
List of most commonly used passwords
A detailed password analysis of compromised passwords from myspace, phpbb, and singles.org
Singles.orgのパスワード、やけに宗教的な語句が多いなと思ったら、キリスト教徒用出会いサイトなのねStop Password Masking (Jakob Nielsen's Alertbox)
Advice about how masking password entries can reduce usability and increase user error and frustration.
Jakob comes out against password masking
More importantly, there's usually nobody looking over your shoulder when you log in to a website. It's just you, sitting all alone in your office, suffering reduced usability to protect against a non-issue.
Got to agree with Jakob here. Seing *****'s as you type your password just leads to mistyped passwords
Can I get an Amen?
I question the overall security of an app if the input isn't masked. Logically, he makes sense, but users aren't asking for it. Leave it be.iPhone-like password fields using jQuery // DECAF° blog für digitale kommunikation
Non-JS users get the common masked password fields.
iPhone-like password fields using jQuery // DECAF° blog für digitale kommunikation
Nice jQuery plugin to partially mask password fields.How to Recover Your Firefox Master Password - Firefox - Lifehacker
If you're using Firefox's built-in password management, you should also be using its master password feature to protect your saved passwords from prying eyes. But what happens if you lose your master password?
If you're using Firefox's built-in password management, you should also be using its master password feature to protect your saved passwords from prying eyes. But what happens if you lose your master password?Simple Techniques to Lock Down your Website - Nettuts+
One crucial part of PHP development practice is always keeping in mind that security is not something you can simply buy off the shelf at your local convenientOfficial Gmail Blog: Choosing a smart password
T. KendallSecurity: Lessons Learned from a Hacked Gmail Account
a simple best practices article on handling passwords and authentication. There’s nothing particularly new here, but it’s always worthwhile revisiting the basics.WPA CRACKER
If you allow applications to save your passwords, anyone with physical access to your PC can decode them unless you're properly encrypting them—and chances are pretty good you're not. Let's walk through the right and wrong ways to store your passwords.
If you allow applications to save your passwords, anyone with physical access to your PC can decode them unless you're properly encrypting them—and chances are pretty good you're not. Let's walk through the right and wrong ways to store your passwords.16 of the Best Password Management Tools for Firefox 3
Nobody likes having to think up new passwords, which often leads to people using the same ones over and over. Even if you do come up with some good passwords,How To Safely Store A Password | codahale.com
bcrypt
2010-01-31, by Coda Hale, "Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt."A List Apart: Articles: The Problem with Passwords
"Is there a middle path—a way to provide feedback and reduce password errors that doesn’t sacrifice the user experience? At least two design patterns address this issue in offline applications, and with a little JavaScript, we can bring them to the web. [...] The simplest solution is to mask the password by default while giving users a way to switch the field to clear text. [...] Apple adopted an interesting approach. The last letter typed into the field remains visible for a couple of seconds before turning into a dot. This creates an opportunity to catch errors without showing the entire password at once."Researchers hijack botnet, score 56,000 passwords in an hour - Ars Technica
410 financial institutions
Researchers hijack botnet, score 56,000 passwords in an hour - Ars Technica http://ow.ly/5eyt [from http://twitter.com/ChipRiley/statuses/1706638693]
“The Torpig botnet was hijacked by the good guys for ten days earlier this year before its controllers issued an update and took the botnet back. During that time, however, researchers were able to gain a glimpse into the kind of information the botnet gathers as well as the behavior of Internet users who are prone to malware infections. ” – via nelsonRandom Key Generator
パスワード
A variety of random keys that can be used for passwords, encryption keys, etc. - all randomly generated
Here you will find a variety of random keys that can be used for passwords, encryption keys, etc. - all randomly generated, just for you! Simply refresh this page for a completly new set of keys.How I’d Hack Your Weak Passwords - Passwords - Lifehacker
Security
f you invited me to try and crack your password, you know the one that you use over and over for like every web page you visit, how many guesses would it take before I got it?How I’d Hack Your Weak Passwords - Passwords - Lifehacker
How Your Password Could Be Hacked: http://j.mp/9LPHl1 #it
Internet standards expert, CEO of web company iFusion Labs, and blogger John Pozadzides knows a thing or two about password security—and he knows exactly how he'd hack the weak passwords you use all over the internet.Midnight Research Labs - Depant your network
The tool is called depant ((DE)fault (PA)ssword (N)etwork (T)ool). Depant works by downloading a default password list, and then mapping out the local network to see what open services are available. Once it has a list of services, it will test each service for default passwords. Once it’s gone through each of the services, depant will determine the fastest service (as recorded in phase one) and use it to perform an optional second phase of tests with a larger (user-supplied) set of default users/passwords.
depantYour PasswordCard
A PasswordCard is a credit card-sized card you keep in your wallet, which lets you pick very secure passwords for all your websites, without having to remember them! You just keep them with you, and even if your wallet does get stolen, the thief will still not know your actual passwords.
* Don't read along with your finger, or the smudge will tell a thief where your password is. * Keep your PasswordCard on your person, don't leave it lying around near your computer. * Clear your browser cache and history after printing this page.What’s the password…haddock?
% ha-gen -f ~/Documents/awesome_words.txt
Generador de passwords friendly. Hay otras alternativas como flapcore.
Password generator that attempts to use words that are more rememberable.The Easy, Any-Browser, Any-OS Password Solution - Security - Lifehacker
LastPass info from LifehackerHow Secure Is My Password?
Como verificar si tu contraseña es segura
It would take About 700 million years for a desktop PC to crack your passwordSecure Passwords - Explained by Common Craft - Common Craft - Our Product is Explanation
Explaining the necessity of having a secure password.
Explained by Common Craft