Entries by Jeff

Hashing fast and slow: GPUs and 1Password

The net is atwitter with discussion of Jeremi Gosney’s specially crafted machine with 25 GPUs that can test hundreds of billions of passwords per second using hashcat, a password cracking system. Password crackers, like hashcat, look at the cryptographic hashes of user passwords and repeatedly make guesses to try to find a password that works. […]

Don’t trust a password management system you design yourself!

Nicole Perlroth of The New York Times penned an article on “How to Devise Passwords That Drive Hackers Away“. The article has a typical mixture of good advice that could often be better, along with some implied advice that I actually consider very poor. The two security experts that Perlroth cites – Jeremiah Grossman, an expert on […]

Dropbox follows through on password resets

Have you been asked to reset your password when you try to log into Dropbox.com? You aren’t alone, and this is all as expected. If you haven’t changed your Dropbox password in a while, you (like me) will be asked to change when you log into the website. Back in July, Dropbox announced that they […]

1Password users should wait a bit before trying Dropbox’s two-step verification

Dropbox has just released a new, optional, two-step authentication process. 1Password 3 (Mac and iOS) and 1Password for Windows use Dropbox for synchronizing your 1Password data across systems and platforms. So anything that has to do with Dropbox security is of interest to us and to 1Password users. The bottom line is that I recommend […]

Guess what? A Post-It under your keyboard is not the worst place to keep a password

The Sophos NakedSecurity blog has some excellent password security advice to kick off your Monday morning: “Before being interviewed on TV, wipe passwords off whiteboard“. Here’s a shot from TVP, a Polish television channel, that prompted this timely refresher: Note that “hasło” is the Polish word for ‘password’. I guess a scrap of paper under your keyboard is […]

More than just one password: Lessons from an epic hack

Mat Honan, a 1Password user and writer for Wired, did everything right. He had strong, unique passwords everywhere. Yet he was the victim of an “epic hack”, and had to put a great deal of effort into getting his digital life back. A very brief account of this Homer-worthy hack is that someone talking to […]

Password reuse strikes again, and a bit closer to home at Dropbox

Not so long ago, I wrote about a case where attackers were taking passwords that were leaked from one site to go after users on another. In that case, the target was Best Buy. Today’s case hits a bit closer to home for 1Password users, as Dropbox accounts are being attacked using passwords stolen from non-Dropbox […]