The recommended new password scheme is four random words. One Password can generate these for you, if you adjust the properties. Most people I know that are not security experts tend to say "I just discovered I can add 1 to the password and the password change accepts that." So, it is good to see that maybe the standards of passwords are actually moving, though I do prefer the current Federal process of having a digital certificate on a Smart Card and a simple pass phrase. The VA cards had copies of our fingerprints, but I don't believe there was any push to get all federal agencies to have fingerprint readers on all systems. And even if they did unless integrated to the same extent as what Apple does for their fingerprint sensors would cause me concerns that the system could be compromised.
On 10 August 2017 at 10:34, Scott Granados <scott.grana...@gmail.com> wrote: > A-Men brother, well said. > > I read the article Mark posted and it’s very interesting. It’s not that > the numbers and letter replacement method was bad it was more that nobody > was remembering passwords and using the same thing over and over again. I > think the author would rather have us use passwords easy to remember but > different across sites instead of one somewhat complex but guessable phrase. > > I’m like you a very big proponent of 2factor. I use 2factor absolutely > everywhere from my bank to Apple, Google, Digital Ocean and across the > entire enterprise at work. It’s so important. The lack of 2factor was > instrumental in our last election it’s so important. > > Well said and +1 to Chris’s points. > > > > On Aug 10, 2017, at 10:16 AM, christopher hallsworth < > challswor...@icloud.com> wrote: > > > > Hello, if possible, I protect my accounts with two factor > authentication, two step verification, security keys and the like. > Basically, a second layer such as a randomly generated code, sent by text, > as well as my account specific password, is my personal best advice. That > way, even if someone manages to correctly guess your password, they will > still be locked out unless they have your nominated phone with them. Apple > particularly takes this level of security very seriously, and is now > required for apps to use certain iCloud features, such as Microsoft Outlook > for Mail, Calendar and People. > >> On 10 Aug 2017, at 04:38, M. Taylor <mk...@ucla.edu> wrote: > >> > >> Password expert says he was wrong: Numbers, capital letters and symbols > are > >> useless > >> By Ashley May > >> > >> USA TODAY Cybersecurity experts say certain password rules are > ineffective. > >> Here is some of the latest advice on setting and resetting them. Time > The > >> man who said use capital letters, special characters and numbers in your > >> password is now taking back that advice. (Photo: hanieriani, Getty > >> Images/iStockphoto) The man behind the 2003 report responsible for many > >> current password guidelines says the advice is wrong. Bill Burr, the > author > >> of an 8-page publication released by the National Institute of > Standards and > >> Technology, told The Wall Street Journal his previous advice of creating > >> passwords with special characters, mixed-case letters and numbers won't > >> deter hackers. In fact, he told the journal,'the paper wasn't based on > any > >> real-world password data, but rather a paper written in the 1980s. > 'Much of > >> what I did I now regret,' Burr told The Wall Street Journal . The > problem is > >> that federal agencies, businesses and institutions took the paper > >> seriously'very seriously. The report turned into password protocol. > Today, > >> even though Burr's report was updated in June, we are still prompted to > >> change our password every 90 days using at least one capital letter, > symbol > >> and number. These combinations aren't secure,'mainly because people > choose > >> predictable combinations. The advice about frequently changing a > password > >> has been criticized since the report. A 2010 study by the University of > >> North Carolina at Chapel Hill showed that updating passwords often can > >> actually help hackers identify a pattern. Another study from Carleton > >> University said frequent changes are more inconvenient than helpful. The > >> better solution could be to simply use a password with four random > words, > >> because the number of letters can be more difficult to hack than a small > >> combination of letters and special characters, the Journal reports. > Finally, > >> a good reason to ignore those password prompts and come up with one we > can > >> actually remember. Follow Ashley May on Twitter: @AshleyMayTweets > >> > >> Original Article at: > >> https://www.usatoday.com/story/news/nation-now/2017/08/ > 09/password-expert-sa > >> ys-he-wrong-numbers-capital-letters-and-symbols-useless/552013001/ > >> > >> > >> -- > >> The following information is important for all members of the Mac > Visionaries list. > >> > >> If you have any questions or concerns about the running of this list, > or if you feel that a member's post is inappropriate, please contact the > owners or moderators directly rather than posting on the list itself. > >> > >> Your Mac Visionaries list moderator is Mark Taylor. You can reach mark > at: macvisionaries+modera...@googlegroups.com and your owner is Cara > Quinn - you can reach Cara at caraqu...@caraquinn.com > >> > >> The archives for this list can be searched at: > >> http://www.mail-archive.com/macvisionaries@googlegroups.com/ > >> --- > >> You received this message because you are subscribed to the Google > Groups "MacVisionaries" group. > >> To unsubscribe from this group and stop receiving emails from it, send > an email to macvisionaries+unsubscr...@googlegroups.com. > >> To post to this group, send email to macvisionaries@googlegroups.com. > >> Visit this group at https://groups.google.com/group/macvisionaries. > >> For more options, visit https://groups.google.com/d/optout. > > > > -- > > The following information is important for all members of the Mac > Visionaries list. > > > > If you have any questions or concerns about the running of this list, or > if you feel that a member's post is inappropriate, please contact the > owners or moderators directly rather than posting on the list itself. > > > > Your Mac Visionaries list moderator is Mark Taylor. You can reach mark > at: macvisionaries+modera...@googlegroups.com and your owner is Cara > Quinn - you can reach Cara at caraqu...@caraquinn.com > > > > The archives for this list can be searched at: > > http://www.mail-archive.com/macvisionaries@googlegroups.com/ > > --- > > You received this message because you are subscribed to the Google > Groups "MacVisionaries" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to macvisionaries+unsubscr...@googlegroups.com. > > To post to this group, send email to macvisionaries@googlegroups.com. > > Visit this group at https://groups.google.com/group/macvisionaries. > > For more options, visit https://groups.google.com/d/optout. > > -- > The following information is important for all members of the Mac > Visionaries list. > > If you have any questions or concerns about the running of this list, or > if you feel that a member's post is inappropriate, please contact the > owners or moderators directly rather than posting on the list itself. > > Your Mac Visionaries list moderator is Mark Taylor. You can reach mark > at: macvisionaries+modera...@googlegroups.com and your owner is Cara > Quinn - you can reach Cara at caraqu...@caraquinn.com > > The archives for this list can be searched at: > http://www.mail-archive.com/macvisionaries@googlegroups.com/ > --- > You received this message because you are subscribed to the Google Groups > "MacVisionaries" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to macvisionaries+unsubscr...@googlegroups.com. > To post to this group, send email to macvisionaries@googlegroups.com. > Visit this group at https://groups.google.com/group/macvisionaries. > For more options, visit https://groups.google.com/d/optout. > -- The following information is important for all members of the Mac Visionaries list. If you have any questions or concerns about the running of this list, or if you feel that a member's post is inappropriate, please contact the owners or moderators directly rather than posting on the list itself. Your Mac Visionaries list moderator is Mark Taylor. You can reach mark at: macvisionaries+modera...@googlegroups.com and your owner is Cara Quinn - you can reach Cara at caraqu...@caraquinn.com The archives for this list can be searched at: http://www.mail-archive.com/macvisionaries@googlegroups.com/ --- You received this message because you are subscribed to the Google Groups "MacVisionaries" group. To unsubscribe from this group and stop receiving emails from it, send an email to macvisionaries+unsubscr...@googlegroups.com. To post to this group, send email to macvisionaries@googlegroups.com. Visit this group at https://groups.google.com/group/macvisionaries. For more options, visit https://groups.google.com/d/optout.
