Password “strength” is understood by most folks to be determined by the variety of character types in a password. But while signup forms might think complexity is security, attackers disagree. Complexity no longer defends against a modern threat model. What makes strong passwords in 2019? We need to first examine the actual threat model faced by most folks. Password Complexity Misses the Point Password “strength” is often just a function of complexity, or the amount of randomness in a password, measured by the use of symbols, numbers, and upper… Read more
How to Set a Firmware Password on Your Mac
Nearly everyone has a login password set on their laptops these days. It’s a simple way to secure your account and its data from unwanted eyes, as well as keep your account completely private. If you’re using a Mac, an additional layer of security can be achieved by using Filevault, which ensures that only logged-in users can access your drive’s data. However, neither of these methods prevent someone from booting your Mac from an external drive which can allow an unknown user to reinstall firmware into your Mac and access or delete your data. An easy fix for this is to set a firmware password… Read more
Hashing vs. Encryption: How Your Password Is Being Stored in Server
Let’s say you set up an account at VerySecureWebsite.com. You type in your email address and password and set up your account. A little while later you receive an email informing you that, ironically, the website has been hacked, and the usernames and passwords of every user, which were stored in plaintext, are now for sale on the dark web. While you start changing the password on all your accounts (you only use one, you monster), you wonder, “Isn’t that a bad idea? Shouldn’t my password be in some kind of secret code so hackers can’t just read it?” You’re correct. Any web app or… Read more