If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Display Modes |
#11
|
|||
|
|||
Wireless Connection
"Brian K" wrote in message ond.com... See this page regarding password strength.... https://www.grc.com/haystack.htm What an interesting article; I think I'll start "padding" all the passwords I use pdq |
#12
|
|||
|
|||
Wireless Connection
"BillW50" wrote in message ... "RnR" wrote in message ... On Mon, 26 Mar 2012 17:27:25 +1100, "Brian K" wrote: I don't bother hiding the SSID as it gives you no extra security. No-one is going to get past your WPA2 even if they sit outside your house for a few years. In theory NOT true but speaking in a practical sense, I agree. Unless one is paranoid, he's safe with WPA2 but there is free software to try to decrypt it. The problem is it takes a lot of cpu or time to do so and no one is going to bother unless they think it's worth the effort and have the money to buy multiple pc's to work on the decryption. I don't know if you have heard this before, but there was a hackers convention years ago in Las Vegas (or was it in Phoenix?), that hackers logged in on a stock WiFi for a new record of being 52 miles (50 something anyway) away. Later I heard newer records being hundreds of miles away. Now where are these guys when I setup my WiFi? As I have a hard time pulling in mine just 600 feet away. lol -- Bill Gateway M465e ('06 era) - Windows Live Mail 2009 Centrino Core2 Duo T7400 2.16 GHz - 1.5GB - Windows 8 CP LOL |
#13
|
|||
|
|||
Wireless Connection
|
#14
|
|||
|
|||
Wireless Connection
On Wed, 28 Mar 2012 12:53:29 +1100, "Brian K"
wrote: Interesting too... https://www.grc.com/passwords.htm I read a lot of your references but I didn't see another (unless I missed it) aspect to password security. It's recommended to change your password on a regular basis. I have been hacked once or twice (luckily I was warned) and had to change my password on those accounts. Since I was hacked into once or twice, I do believe it's a good idea to change passwords from time to time. |
#15
|
|||
|
|||
Wireless Connection
On 3/27/2012 9:53 PM, Brian K wrote:
Interesting too... https://www.grc.com/passwords.htm Agreed, and a high entropy password is the most uncrackable. Passwords are the essence of wireless security. All other security measures can eventually fail when employed with a weak password. And a strong password makes many other common security measures, like masking the SSID, practically unnecessary. Enduring the inconvenience of a very long, high entropy password is rewarded with a good night's sleep. Daddy |
#16
|
|||
|
|||
Wireless Connection
"RnR" wrote in
: I read a lot of your references but I didn't see another (unless I missed it) aspect to password security. It's recommended to change your password on a regular basis. I have been hacked once or twice (luckily I was warned) and had to change my password on those accounts. Since I was hacked into once or twice, I do believe it's a good idea to change passwords from time to time. A couple listeners asked about that in Gibson's netcast Q&A episodes: http://media.grc.com/sn/sn-316.mp3 (fast-forward to 1:32:00) http://media.grc.com/sn/sn-322.mp3 (fast-forward to 0:50:30) The gist of Gibson's position is it serves no purpose to require routine, periodic changing of users' passwords. Such policies lead to weaker passwords being used, so the choice often comes down to whether it's better to have a strong password that doesn't get changed vs. a series of weaker passwords that get changed periodically. Of course, if you've been hacked or if a server's password database has been compromised, then passwords should be changed immediately. (Hopefully, nobody would be thinking, "Well, we got hacked last night, but it's okay because we have a policy that will require everyone to change their password in three weeks anyway.") So, if you have a strong password and it hasn't been compromised, forcing a user to change it provides no benefit. And if it's been compromised and you know it, then you're going to change it immediately regardless of whether there's a forced-change policy or not. The only question, then, is what happens if it's compromised and you *don't* know it? The gist of Gibson's position is that exposed passwords would get used immediately and a policy of forcing periodic changes won't prevent that from happening. I suppose that's debatable. But I think he has a valid point that forced-change policies can actually be harmful if they lead to users using weaker passwords or writing them down on post-its because they're changed too often to keep memorized. Probably the best practice is to change your password occasionally but only if you're not diluting its strength. If one uses a password manager like lastpass or keepass (my preference), that shouldn't be hard to do. |
#17
|
|||
|
|||
Wireless Connection
On Wed, 28 Mar 2012 20:48:06 +0000 (UTC), dg1261
wrote: "RnR" wrote in : I read a lot of your references but I didn't see another (unless I missed it) aspect to password security. It's recommended to change your password on a regular basis. I have been hacked once or twice (luckily I was warned) and had to change my password on those accounts. Since I was hacked into once or twice, I do believe it's a good idea to change passwords from time to time. A couple listeners asked about that in Gibson's netcast Q&A episodes: http://media.grc.com/sn/sn-316.mp3 (fast-forward to 1:32:00) http://media.grc.com/sn/sn-322.mp3 (fast-forward to 0:50:30) The gist of Gibson's position is it serves no purpose to require routine, periodic changing of users' passwords. Such policies lead to weaker passwords being used, so the choice often comes down to whether it's better to have a strong password that doesn't get changed vs. a series of weaker passwords that get changed periodically. Of course, if you've been hacked or if a server's password database has been compromised, then passwords should be changed immediately. (Hopefully, nobody would be thinking, "Well, we got hacked last night, but it's okay because we have a policy that will require everyone to change their password in three weeks anyway.") So, if you have a strong password and it hasn't been compromised, forcing a user to change it provides no benefit. And if it's been compromised and you know it, then you're going to change it immediately regardless of whether there's a forced-change policy or not. The only question, then, is what happens if it's compromised and you *don't* know it? The gist of Gibson's position is that exposed passwords would get used immediately and a policy of forcing periodic changes won't prevent that from happening. I suppose that's debatable. But I think he has a valid point that forced-change policies can actually be harmful if they lead to users using weaker passwords or writing them down on post-its because they're changed too often to keep memorized. Probably the best practice is to change your password occasionally but only if you're not diluting its strength. If one uses a password manager like lastpass or keepass (my preference), that shouldn't be hard to do. The last thing seems to be the consensus of what I've read over the years. I think if you change it often enough, maybe the strength won't be that important unless you make it too easy to guess. As you said earlier, it's debatable. I guess there is no right or wrong answer here. For me, I like the idea of at least a medium strength password but that's debatable too. |
#18
|
|||
|
|||
Wireless Connection
The main reason why hiding the SSID is of no help in securing your network.
Hackers can find the SSID anyway. http://www.howtogeek.com/howto/28653...y-more-secure/ |
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Wireless connection | Steve | Dell Computers | 2 | April 16th 10 06:12 PM |
Wireless Computer Monitor - Monitor's video connection is wireless | karthikbalaguru | Nvidia Videocards | 39 | October 28th 07 05:29 AM |
Wireless Computer Monitor - Monitor's video connection is wireless | karthikbalaguru | Ati Videocards | 39 | October 28th 07 05:29 AM |
wireless connection | BobT | Compaq Computers | 0 | April 30th 04 01:59 AM |
Wireless connection??? | Bill & Lynda | Dell Computers | 2 | November 24th 03 11:59 PM |