- Friday, 11 September 2015
- Hits: 1814
GCHQ wants to set your passwords. In a good way
Britain's spy agency the GCHQ has changed its password security guidance in a new document offering sensible advice that, if followed, should harden systems and make life easier for admins and users.
The guidance advocates a ban on password strength meters, mandatory resets, and predictable combinations, instead encouraging brute force rate limiting and reduced access controls. The report busts old and damaging myths too; kill the horrible mandatory password reset and instead force changes only in the event of a possible security breach. Read more...
Lockpickers 3-D Print TSA Master Luggage Keys From Leaked Photos!
The TSA is learning a basic lesson of physical security in the age of 3-D printing: If you have sensitive keys—say, a set of master keys that can open locks you’ve asked millions of Americans to use—don’t post pictures of them on the Internet.
University of Pennsylvania computer science professor and noted lock picker Matt Blaze says that the photo leak and subsequent 3-D printing demonstration does show just how quickly a theoretical slip-up can turn into a real security compromise. Read more...