Newsletter Archives

• Changing my mind about Facebook

  Posted on September 23, 2019 at 01:00 CDT by Tracey Capen • Comment in the Forums

  SECURITY

  Amy Babinchak

  Undoubtedly, you’ve seen the invitation to sign in to a website with your Facebook account. And you ask yourself: “How can that be safe?”

  Using one account sign-in for everything goes against a basic tenet of password security. And you’re trusting Facebook to keep your credentials secure — and not share them. (Sharing is core to Facebook.) And yet you watch as all your friends get hacked and cloned while using conventional sign-ins.

  Read the full story in AskWoody Plus Newsletter 16.34.0 (2019-09-23).

  On Security AskWoody Plus Newsletter, Facebook, Passwords, Sign-in security

• Microsoft: Forced password changes don’t work

  Posted on April 25, 2019 at 15:30 CDT by woody • Comment in the Forums

  Yesterday, Sergiu Gatlan at BleepingComputer wrote about Microsoft’s newfound antipathy to forced frequent password changes.

  You know the problem: Every 30 or 60 or 90 days, you’re forced to change your password – and the new one can’t match the last 12 of them. Your solution is probably the same as mine:

  Pass1
  Pass2
  Pass3
  Pass4

  and so on. With the way technology has changed (I hesitate to use the term “improved”), frequently changed short passwords don’t hold a candle to LongPasswordsThatYouCanEasilyRemember. Even old LongPasswordsThatYouCanEasilyRemember work better than Shorter1, Shorter2, Shorter3. Forcing you to change them every 30 days only pushes you toward less secure passwords.

  Of course, you use a password manager such as LastPass or OnePass or KeePass. In that case, changing your password every 30 days is just a pain in the neck. No security improvement at all.

  The topic has come up because Microsoft just released its newly revised “Security baseline” for Win10 version 1903. It’s still marked Draft, but should be solidified before too long. Here’s what MS says:

  When humans pick their own passwords, too often they are easy to guess or predict. When humans are assigned or forced to create passwords that are hard to remember, too often they’ll write them down where others can see them. When humans are forced to change their passwords, too often they’ll make a small and predictable alteration to their existing passwords, and/or forget their new passwords. When passwords or their corresponding hashes are stolen, it can be difficult at best to detect or restrict their unauthorized use.

  Bravo and huzzah!

  Windows Patches/Security forced change, Passwords
• Newer Entries »