.

Managing Usernames & Pass-Phrases

<<

Questionable

Newbie
Newbie

Posts: 13

Joined: Wed Dec 07, 2011 10:43 pm

Post Fri Apr 26, 2013 6:06 am

Re: Managing Usernames & Pass-Phrases

I'm all for learning, but I can't wait to get where you guys are at before I start using it...


It's good that you're all for learning, I don't get what you mean by using "it" but if you want to become a security expert you're in for a long an frustrating journey. You should attempt to incorporate the things you learn in real practice, in labs, in your day job, and applications in general. Expect to spend your time reading books, blogs, watching videos and listening to fantastic podcasts.

People have created tools to help you, but you should also know how these tools work. I'd recommend getting a book towards the basics of the things you want to learn, that book AJ has suggested looks like it'd set you up for an awesome read and some insightful information.

When it comes to passwords I remember everything in my head, but you should try to not use the same password, tools like 1Password are great, because you can have it with you on the go, but if the device you're storing it on is compromised then you're in for a world of hurt. On that note, I will start using 1Password because I have locked myself out a few times because I can't remember which specific password I have used for things like twitter/work
We can re-code him, we have the technology!
<<

TomTees

User avatar

Newbie
Newbie

Posts: 45

Joined: Mon Apr 01, 2013 1:32 pm

Post Fri Apr 26, 2013 9:30 am

Re: Managing Usernames & Pass-Phrases

Questionable wrote:
I'm all for learning, but I can't wait to get where you guys are at before I start using it...


It's good that you're all for learning, I don't get what you mean by using "it"


Um, my new MacBook...


but if you want to become a security expert you're in for a long an frustrating journey. You should attempt to incorporate the things you learn in real practice, in labs, in your day job, and applications in general. Expect to spend your time reading books, blogs, watching videos and listening to fantastic podcasts.


My goal is not to become a security expert by living.

My goal was (and still is) trying to have better security and privacy for my personal laptop and this new MacBook I am buying to manage my website.  (There's a difference between that and what you are saying...)


People have created tools to help you, but you should also know how these tools work. I'd recommend getting a book towards the basics of the things you want to learn, that book AJ has suggested looks like it'd set you up for an awesome read and some insightful information.


And I would like to read such a book, and maybe someday even become a seasoned security expert like many of you.

But my immediate need is learn *enough* to have a reasonably secure setup for managing my website while I am traveling, and then to get my damn website finished!!! 

(I won't need ANY security if I never buy a new MacBook and never have a website up on the Internet to conduct business?!  That comes before the book...)

Trust me, I'd love to go off and spend 6-12 months reading and testing, but I have limited resources, i.e. only one of me and way behind schedule, so I am trying to do the best I can.


When it comes to passwords I remember everything in my head, but you should try to not use the same password, tools like 1Password are great, because you can have it with you on the go, but if the device you're storing it on is compromised then you're in for a world of hurt. On that note, I will start using 1Password because I have locked myself out a few times because I can't remember which specific password I have used for things like twitter/work


Is it a sin to use the same Username across accounts?

For example, if I used the same username for my Mac's FDE and say WiTopia, would that be a sin?

And how "strong" must a Username be?

Can it be as simple as "TomTees" and then I invest the effort in a long and complex Pass-Phrase?


And how fancy do I have to get with my WiTopia account?

They require an Account Username/Password, plus a WiTopia Client Username/Password, and I think they encourage people to just use their e-mail...

Here is a good example of where I'm unsure of what to do?

Do I just use my Email for both?

Do I come up with something basic like "TomTees" for each?

Must they be different?

And to be blunt, how crazy do I have to get with WiTopia?  (I mean, do I have to secure it as much as say my FDE?)

I'm trying to create a *balance* on this topic, but not sure where that might be...


Tom
<<

ziggy_567

User avatar

Sr. Member
Sr. Member

Posts: 378

Joined: Tue Dec 30, 2008 1:53 pm

Post Fri Apr 26, 2013 9:32 am

Re: Managing Usernames & Pass-Phrases

(BTW, I assume using your E-mail or LastName-FirstInitial for a username isn't such a good idea, right?)


I find it ironic that you reply to 'ajohnson' about username choices and mention that its a bad idea use initials and names in username creation.  ;D ;D ;D

For example, could I have the same Username for my MacBook and WiTopia log-ins?


Honestly, although the username is part of the authentication, they are usually publicly (or somewhat publicly) available. I'm not sure there's such a thing as a "secure" username.
--
Ziggy


eCPPT - GSEC - GCIH - GWAPT - GCUX - RHCE - SCSecA - Security+ - Network+
<<

UKSecurityGuy

User avatar

Jr. Member
Jr. Member

Posts: 88

Joined: Wed Mar 27, 2013 10:51 am

Post Sat Apr 27, 2013 7:12 pm

Re: Managing Usernames & Pass-Phrases

The main threat from a consistent username across multiple services is that a determined attacker can build up a profile on you and your habits.

For example - if you used "TomTees" as your handle for everything I might be able to locate your facebook profile, this profile, etc.

Now if you've set one or more of your passwords based on your hobby, pet name, likes, dislikes, etc, I have a reasonable chance of breaking into one of your many accounts from the information I've gathered from the profile I built up.

So the solution is - choose a separate secure password for each of your locations you use your TomTees username in, and make sure none of them are based upon easily guessable things
<<

Sergtalk

Newbie
Newbie

Posts: 3

Joined: Thu May 02, 2013 8:01 am

Post Sat May 04, 2013 9:48 am

Re: Managing Usernames & Pass-Phrases

I use random passwords with different symbols , and store that passwords in my phone . I think it is the most secure way .
<<

Questionable

Newbie
Newbie

Posts: 13

Joined: Wed Dec 07, 2011 10:43 pm

Post Wed May 08, 2013 3:58 am

Re: Managing Usernames & Pass-Phrases

Sergtalk wrote:I use random passwords with different symbols , and store that passwords in my phone . I think it is the most secure way .


Was the most secure way, now we all know ;)
We can re-code him, we have the technology!
<<

Sergtalk

Newbie
Newbie

Posts: 3

Joined: Thu May 02, 2013 8:01 am

Post Wed May 08, 2013 6:28 am

Re: Managing Usernames & Pass-Phrases

You all know , but you can't get my  phone .
Previous

Return to Other

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software