Wireless Connection

"Brian K" wrote in message
ond.com...
See this page regarding password strength....

https://www.grc.com/haystack.htm
What an interesting article; I think I'll start "padding" all the passwords
I use pdq

"BillW50" wrote in message
...

"RnR" wrote in message
...
On Mon, 26 Mar 2012 17:27:25 +1100, "Brian K"
wrote:

I don't bother hiding the SSID as it gives you no extra security. No-one
is
going to get past your WPA2 even if they sit outside your house for a few
years.

In theory NOT true but speaking in a practical sense, I agree.
Unless one is paranoid, he's safe with WPA2 but there is free software
to try to decrypt it. The problem is it takes a lot of cpu or time to
do so and no one is going to bother unless they think it's worth the
effort and have the money to buy multiple pc's to work on the
decryption.

I don't know if you have heard this before, but there was a hackers
convention years ago in Las Vegas (or was it in Phoenix?), that hackers
logged in on a stock WiFi for a new record of being 52 miles (50 something
anyway) away. Later I heard newer records being hundreds of miles away.
Now where are these guys when I setup my WiFi? As I have a hard time
pulling in mine just 600 feet away. lol

--
Bill
Gateway M465e ('06 era) - Windows Live Mail 2009
Centrino Core2 Duo T7400 2.16 GHz - 1.5GB - Windows 8 CP
LOL

Interesting too...

https://www.grc.com/passwords.htm

On Wed, 28 Mar 2012 12:53:29 +1100, "Brian K"
wrote:

Interesting too...

https://www.grc.com/passwords.htm



I read a lot of your references but I didn't see another (unless I
missed it) aspect to password security. It's recommended to change
your password on a regular basis. I have been hacked once or twice
(luckily I was warned) and had to change my password on those
accounts. Since I was hacked into once or twice, I do believe it's a
good idea to change passwords from time to time.

On 3/27/2012 9:53 PM, Brian K wrote:
Interesting too...

https://www.grc.com/passwords.htm



Agreed, and a high entropy password is the most uncrackable.

Passwords are the essence of wireless security. All other security
measures can eventually fail when employed with a weak password. And a
strong password makes many other common security measures, like masking
the SSID, practically unnecessary.

Enduring the inconvenience of a very long, high entropy password is
rewarded with a good night's sleep.

Daddy

"RnR" wrote in
:

I read a lot of your references but I didn't see another (unless I
missed it) aspect to password security. It's recommended to change
your password on a regular basis. I have been hacked once or twice
(luckily I was warned) and had to change my password on those
accounts. Since I was hacked into once or twice, I do believe
it's a good idea to change passwords from time to time.


A couple listeners asked about that in Gibson's netcast Q&A episodes:

http://media.grc.com/sn/sn-316.mp3 (fast-forward to 1:32:00)

http://media.grc.com/sn/sn-322.mp3 (fast-forward to 0:50:30)

The gist of Gibson's position is it serves no purpose to require routine,
periodic changing of users' passwords. Such policies lead to weaker
passwords being used, so the choice often comes down to whether it's
better to have a strong password that doesn't get changed vs. a series of
weaker passwords that get changed periodically.

Of course, if you've been hacked or if a server's password database has
been compromised, then passwords should be changed immediately.
(Hopefully, nobody would be thinking, "Well, we got hacked last night,
but it's okay because we have a policy that will require everyone to
change their password in three weeks anyway.")

So, if you have a strong password and it hasn't been compromised, forcing
a user to change it provides no benefit. And if it's been compromised
and you know it, then you're going to change it immediately regardless of
whether there's a forced-change policy or not.

The only question, then, is what happens if it's compromised and you
*don't* know it? The gist of Gibson's position is that exposed passwords
would get used immediately and a policy of forcing periodic changes won't
prevent that from happening.

I suppose that's debatable. But I think he has a valid point that
forced-change policies can actually be harmful if they lead to users
using weaker passwords or writing them down on post-its because they're
changed too often to keep memorized.

Probably the best practice is to change your password occasionally but
only if you're not diluting its strength. If one uses a password manager
like lastpass or keepass (my preference), that shouldn't be hard to do.

On Wed, 28 Mar 2012 20:48:06 +0000 (UTC), dg1261
wrote:

"RnR" wrote in
:

I read a lot of your references but I didn't see another (unless I
missed it) aspect to password security. It's recommended to change
your password on a regular basis. I have been hacked once or twice
(luckily I was warned) and had to change my password on those
accounts. Since I was hacked into once or twice, I do believe
it's a good idea to change passwords from time to time.


A couple listeners asked about that in Gibson's netcast Q&A episodes:

http://media.grc.com/sn/sn-316.mp3 (fast-forward to 1:32:00)

http://media.grc.com/sn/sn-322.mp3 (fast-forward to 0:50:30)

The gist of Gibson's position is it serves no purpose to require routine,
periodic changing of users' passwords. Such policies lead to weaker
passwords being used, so the choice often comes down to whether it's
better to have a strong password that doesn't get changed vs. a series of
weaker passwords that get changed periodically.

Of course, if you've been hacked or if a server's password database has
been compromised, then passwords should be changed immediately.
(Hopefully, nobody would be thinking, "Well, we got hacked last night,
but it's okay because we have a policy that will require everyone to
change their password in three weeks anyway.")

So, if you have a strong password and it hasn't been compromised, forcing
a user to change it provides no benefit. And if it's been compromised
and you know it, then you're going to change it immediately regardless of
whether there's a forced-change policy or not.

The only question, then, is what happens if it's compromised and you
*don't* know it? The gist of Gibson's position is that exposed passwords
would get used immediately and a policy of forcing periodic changes won't
prevent that from happening.

I suppose that's debatable. But I think he has a valid point that
forced-change policies can actually be harmful if they lead to users
using weaker passwords or writing them down on post-its because they're
changed too often to keep memorized.

Probably the best practice is to change your password occasionally but
only if you're not diluting its strength. If one uses a password manager
like lastpass or keepass (my preference), that shouldn't be hard to do.


The last thing seems to be the consensus of what I've read over the
years. I think if you change it often enough, maybe the strength
won't be that important unless you make it too easy to guess. As you
said earlier, it's debatable. I guess there is no right or wrong
answer here. For me, I like the idea of at least a medium strength
password but that's debatable too.

The main reason why hiding the SSID is of no help in securing your network.
Hackers can find the SSID anyway.

http://www.howtogeek.com/howto/28653...y-more-secure/