Alan Turing’s contribution can’t be computed

Alan Turing was born a hundred years ago this year and his most important paper was published seventy-six years ago (November 1936). It is close to impossible to overstate the influence that Turing has had on the modern world. It is something well worth celebrating his life throughout this centennial year. Although any celebration must […]

Hashing fast and slow: GPUs and 1Password

The net is atwitter with discussion of Jeremi Gosney’s specially crafted machine with 25 GPUs that can test hundreds of billions of passwords per second using hashcat, a password cracking system. Password crackers, like hashcat, look at the cryptographic hashes of user passwords and repeatedly make guesses to try to find a password that works. […]

Don’t trust a password management system you design yourself!

Nicole Perlroth of The New York Times penned an article on “How to Devise Passwords That Drive Hackers Away“. The article has a typical mixture of good advice that could often be better, along with some implied advice that I actually consider very poor. The two security experts that Perlroth cites – Jeremiah Grossman, an expert on […]

Credit card numbers, checksums, and hashes. The story of a robocall scam

As  Lívia and I were out walking Molly and Patty on Monday evening, I received a telephone call from an unknown number. I decided to answer the phone anyway, and I was greeted by a recorded voice telling me that my Bank of America debit card beginning with 4217 has been limited and whether I […]

Dropbox follows through on password resets

Have you been asked to reset your password when you try to log into Dropbox.com? You aren’t alone, and this is all as expected. If you haven’t changed your Dropbox password in a while, you (like me) will be asked to change when you log into the website. Back in July, Dropbox announced that they […]

1Password users should wait a bit before trying Dropbox’s two-step verification

Dropbox has just released a new, optional, two-step authentication process. 1Password 3 (Mac and iOS) and 1Password for Windows use Dropbox for synchronizing your 1Password data across systems and platforms. So anything that has to do with Dropbox security is of interest to us and to 1Password users. The bottom line is that I recommend […]

Guess what? A Post-It under your keyboard is not the worst place to keep a password

The Sophos NakedSecurity blog has some excellent password security advice to kick off your Monday morning: “Before being interviewed on TV, wipe passwords off whiteboard“. Here’s a shot from TVP, a Polish television channel, that prompted this timely refresher: Note that “hasło” is the Polish word for ‘password’. I guess a scrap of paper under your keyboard is […]

On Ars Technica’s most excellent comprehensive review of password security

Dan Goodin at Ars Technica published an excellent article reviewing password security and explaining why people need randomly generated and unique passwords for every site and service. That is a message you hear from us frequently. One thing that is clear from Goodin’s review is that many of the underlying issues are more complicated than most people […]

More than just one password: Lessons from an epic hack

Mat Honan, a 1Password user and writer for Wired, did everything right. He had strong, unique passwords everywhere. Yet he was the victim of an “epic hack”, and had to put a great deal of effort into getting his digital life back. A very brief account of this Homer-worthy hack is that someone talking to […]

Blizzard and insecurity questions: My father’s middle name is vR2Ut1VNj

By now most people will have heard that email addresses, hashed passwords, and some other data has been stolen from Blizzard’s Battle.net servers, and people are advised to change their passwords there. As unfortunate as this story is, it serves as yet another good reminder of why we very strongly encourage people to not reuse […]