Posts Tagged ‘passwords’
Tuesday, July 7th, 2009
.jpg)
Ever heard of password masking problem? To be honest, I have not – until I’ve read the Stop Password Masking article by Jakob Nielsen (somewhere referred to as "usability guru"), followed by a lot of other publications, blog posts and comments (see ‘em all); so-called security guru Bruce Schneier wrote even two essays on that.
Well, that reminded me of a very funny stupid CAPSoff Campaign…
In brief, here is the "problem": for years (I think starting from Windows 3.0 released almost 20 years ago), the passwords are being masked as you type them (in most programs what have any kind of password protection, and an operating system itself), i.e. replaced with asterisks or black circles. What for? To prevent the password from being read by someone who stands behind you.
(more…)
Tags: Bruce Schneier, Jakob Nielsen, password masking, password recovery, password security, passwords, PGP
Posted in General, Human Factor, Security, Software, Tips & Tricks | 2 Comments »
Wednesday, June 3rd, 2009
ElcomSoft is launching a survey intended to collect more information on how people handle their passwords, which remain a major way for user authentication. Whether you are ElcomSoft customer or haven’t seriously thought about password security, we hope you will answer our questions.
The questionnaire is well designed and if you have no time you can simply tick the matching answers which are prepared for your convenience. If you have a special experience to share or lots of thoughts on passwords, please take a while and use empty spaces provided for your own answers.
The survey is set to run for several weeks in order to cover more people, for we understand that summer is the best season for vacations. After the survey is completed and results calculated, we will release a full report with facts and figures. We tried to put sensible questions in the belief that results’ analysis will help us find out which questions should be better and more deeply highlighted in our articles, whitepapers, as well as in our blog.
This is the first our empirical research and we hope you will find it interesting and enjoyable. You definitely have your own opinion on passwords, and as you understand this survey is a perfect way for you to share that opinion. So what do you think? Be frank and open, take the questionnaire, and help us let others know about it.
Tags: password management, password security, passwords, survey
Posted in Elcom-News, General, Human Factor, Security | 1 Comment »
Wednesday, May 20th, 2009
Although it is widely known that authentication via ‘secret’ questions is not secure, now we finally have statistical evidence to prove it. Microsoft Research and Carnegie Mellon University have conducted a study that measures how guessable answers to ‘secret’ questions are. The researchers looked at the questions used by AOL, Google, Microsoft, and Yahoo! in order to authenticate users who need to reset their forgotten passwords. The ability of users to memorize their answers was also questioned. (more…)
Tags: AOL, Google, guessing attack, Microsoft, passwords, research, secret questions, user authentication, Yahoo!
Posted in General, Human Factor, Security | No Comments »
Tuesday, April 28th, 2009
Last week a colleague of mine, Andrey Belenko, gave a speech at the Troopers conference in Munich. Olga wrote about it in this blog. All the talks at Troopers were awesome. Soon the videos and slide shows will be available for downloading on Troopers website.
If you have an opportunity, visit Andrey’s talk about green password recovery at Infosec, London. It’s on Wednesday, April 29th, at 15:20, at the Technical Theare. Also visit our booth K35 at Earls Court for free software trials.
Tags: GPU, GPU Accleration, Infosecurity, passwords, Speech, TROOPERS
Posted in General, Security | No Comments »
Thursday, April 16th, 2009
No, it’s no a typo 
. COFEE means Computer Online Forensic Evidence Extractor, actually. Never heard about it? Then read Microsoft supplies Interpol with DIY forensics tool. Just don’t ask where to get it. We have not seen it either.
Tags: Data Recovery, Microsoft, Microsoft Office, password, password cracking, password recovery, passwords
Posted in General, Software | No Comments »
Thursday, April 16th, 2009
According to CNET News, Office 14 technical preview will be available in Q3, and release version in the first half of 2010; Office 2010 will come in both 32-bit and 64-bit versions.
If password encryption will be improved there — of course, we’ll update Office Password Recovery accordingly. Though it is already good enough in Office 2007 — even with GPU acceleration, the password recovery speed is only thousands passwords per second (see some benchmarks at Distributed Password Recovery page), so even relatively short passwords are secure enough.
Tags: GPU acceleration, Microsoft Office, password recovery, passwords
Posted in Security, Software | No Comments »
Wednesday, April 15th, 2009
Need more information on passwords in Active Directory environment — password policies, default settings, fine-graining? Then read Windows Passwords: Making them Secure article at WindowsSecurity.com. But we can also recommend using Proactive Password Auditor on a regular basis, to see how secure your passwords really are.
Tags: Authentication, passwords, Security
Posted in Security, Software | No Comments »
Monday, April 13th, 2009
Michael Kassner placed an article about Surveillance Self-Defense in the TechRepublic, where he gives brief outline of the SSD website. Though some can endlessly brood over the grounds for the project foundation, for me one is clear that this site can be very much helpful to put all principal computer security guidelines together and close the gaps in your own security.
(more…)
Tags: Data Protection, Elcomsoft System Recovery, Encrypting File System, passwords, Security, Surveillance Self-Defense
Posted in General, Security, Software, Tips & Tricks | No Comments »
Friday, April 10th, 2009
In case if you missed it: new ATI Catalyst drivers (9.4) now available (you can read the release notes for details). For some reason, some driver files have been renamed (well, not in 9.4, but in 9.3 released a bit earlier, though that version was really buggy and we cannot recommend to use it anyway), and our WPA password recovery (audit) software was not able to recognize Radeon cards anymore.
Well, to make the long story short: simply download the latest ATI Catalyst drivers and updated Elcomsoft Wireless Security Auditor . Just note that this (new) version of EWSA will not work with drivers version 9.1 or older.
In the meantime, NVIDIA CUDA 2.2 (beta) released. Does that actually matter? Yes, because NVIDIA Tesla C1060 and S1070 are now officially supported on Windows. Besides, we need to have a look at Zero-copy support for direct access to system memory, because it may speed-up the GPU-enabled password cracking on some particular algorithms.
Tags: ATI, GPU, GPU acceleration, graphic cards, Nvidia, password recovery, passwords, Wireless Security Auditor, WPA
Posted in Hardware, Software, Tips & Tricks | 1 Comment »
Monday, March 30th, 2009
lifehacker has started a series of posts on choosing and using secure passwords. Few days ago they published a list of handy tips from their readers on how to create passwords you can rely on. One of the readers admitted that in a company he works for IT administrators require password change every 30 days and
it just results in workers picking the easiest password that meets the requirements – as in a MM/YYYY-style password.
Sounds like it’s time to rethink password policies. What are your ideas?
Tags: passwords, Security
Posted in General, Security, Software, Tips & Tricks | No Comments »