Xato

Pafwert: Now Open Source

Xato - Passwords & Security — Thu, 18 Apr 2013 04:04:41 GMT

More than 15 years ago I started working on a unique password generator that eventually evolved into a small program I now call Pafwert. Pafwert is an unique tool to help you to select strong passwords that are easy to remember. Using strong entropy,...(read more)

Email: The Security Industry’s Single Biggest Failure

Xato - Passwords & Security — Thu, 29 Nov 2012 21:07:47 GMT

I still remember so clearly the frustration I felt back in the 90′s when starting in the security industry and trying to sell my services. It was so difficult trying to emphasize just how much at risk potential clients were and then get them to...(read more)

Now eBay Wants in on Password Patents

Xato - Passwords & Security — Tue, 13 Nov 2012 17:16:45 GMT

I wrote a couple months ago about the many attempts to patent various methods of checking passwords. Now eBay wants in on the game with United States Patent Application 20120284783. Here’s their summary: A proposed password is decomposed into basic...(read more)

About The US Government’s Absured Filing in a Megaupload-Related Case

Xato - Passwords & Security — Sat, 03 Nov 2012 19:55:27 GMT

You’d think the US Government has been embarrassed enough with their abuse of power and disregard for procedure in the Megaupload case that they would just let it all quietly die. No, as evidenced by a recent filing in the Kyle Goodwin case, they...(read more)

RSA’s Distributed Credential Protection: Yeah They Are Overselling it a Bit.

Xato - Passwords & Security — Fri, 19 Oct 2012 20:59:47 GMT

RSA recently announced their new Distributed Credential Protection (DCP) product which they proudly tout as a “revolutionary” way to secure user credentials. But looking closer (especially at that $160,000 per license price tag), I’m...(read more)

Is Mozilla’s Persona the Authentication System That We’ve All Been Waiting For? Probably Not.

Xato - Passwords & Security — Mon, 01 Oct 2012 15:06:51 GMT

Last week, Mozilla announced the first beta release of Persona. Persona, formerly called BrowserID, is a personal authentication system that aims to eliminate passwords to log in to web sites. Of course, you still need one master password to log in to...(read more)

6 New Password Rules

Xato - Passwords & Security — Wed, 05 Sep 2012 22:12:00 GMT

Considering the increasing attention passwords have been getting lately, I thought it was about time we sit down and establish some new rules to define exactly what is a password. After all, so much of our personal lives, finances, and identities rely...(read more)

My Advice: Just use a Password Manager

Xato - Passwords & Security — Tue, 28 Aug 2012 04:14:01 GMT

For years I have advocated using long, memorable passwords using a variety of different memorization techniques. Humor, repetition, common suffixes, memorable phrases, and other methods are great for creating long passwords that are easy to remember....(read more)

Analyzing the XKCD Passphrase Comic

Xato — Tue, 12 Jun 2012 21:52:58 GMT

I rarely see any discussion of password strength without seeing th XKCD comic below brought up to illustrate that a long pass phrase is better than a shorter random jumble of characters. Since this is something I have been arguing for fifteen years, this...(read more)

Despite the Hyperbole, Flame is Kind of Lame

Xato — Fri, 08 Jun 2012 21:40:56 GMT

We have all been hearing quite a bit of hyperbole concerning the sophistication of the Flame malware. It’s hard to find any headline about the malware that doesn’t involve the adjectives massive, sophisticated, elaborate, impressive, or scarey...(read more)

93% of the Top 10,000 in the LinkedIn List

Xato — Thu, 07 Jun 2012 23:27:35 GMT

I would like to welcome LinkedIn to the not-so-exclusive club of major web sites that have experienced major password leaks. Like any other major leak it is hard to visit any forum or tech blog without seeing some mention of it. And like any other leak...(read more)

If You Drew a Line From San Francisco to New York

Xato — Fri, 25 May 2012 01:23:20 GMT

One of the difficulties of expressing just how much stronger one password is than another is that we as humans have such a hard time visualizing large numbers. Can we really, for example, truly comprehend the difference between a strong password and a...(read more)

If a Strong Passwords is 2,573 Miles, How Long is Yours?

Xato - Passwords & Security — Fri, 25 May 2012 01:23:20 GMT

Updated Thoughts on CISPA

Xato — Fri, 27 Apr 2012 21:55:24 GMT

Since I wrote my last post on CISPA a few weeks ago, a number of things have changed and my own opinion has evolved some as well. I still feel that the EFF’s interpretation was perpetuation a great amount of FUD, but that doesn’t really justify...(read more)

My Favorite Passwords of the Month

Xato — Thu, 26 Apr 2012 08:55:26 GMT

Okay so I deal with passwords quite a bit and people tend to eagerly share their passwords with me way more than they should. And although most passwords I come across are pretty weak, I do sometimes come across some true greats, either for their strength...(read more)

Did the EFF Get it Wrong on CISPA?

Xato — Sun, 08 Apr 2012 09:19:08 GMT

My first reaction in seeing the recent headlines about CISPA (HR 3523), like many others, was simply being outraged at yet another attempt by the US government to open the doors for spying and censorship. In fact, we have seen so much of this lately and...(read more)

Yes, Use Bcrypt. And Scrypt.

Xato — Mon, 19 Mar 2012 18:06:34 GMT

I often come across articles that argue the strengths or weaknesses of one crypto algorithm or another. As these articles point out, cryptography is complicated and there are many factors that can affect any particular algorithm. The greatest threat for...(read more)

The RIAA & MPAA Don’t Want you to Know They Suck

Xato — Wed, 07 Mar 2012 22:11:15 GMT

We know that a while back the entertainment industry apparently pressured Google into removing terms that are closely associated with piracy from appearing in Autocomplete. Of course, this strategy is completely absurd and it is hard to imagine that industry...(read more)

Amazing Visualization of Password Numbers

Xato — Wed, 29 Feb 2012 07:48:43 GMT

One thing humans have an incredibly difficult time visualizing is huge numbers. For example, most of have a horrible time conceptualizing number like a trillion. When dealing with passwords, one way we have of measuring a password’s strength is...(read more)

A Million Random Digits

Xato — Thu, 23 Feb 2012 06:04:48 GMT

There is much to be said about randomness and many recommend using truly random password generators. However, sometimes you just don’t have internet access to visit a random password generator web site. The solution? this book contains six hundred...(read more)