[PCWorld]

Post your comments for Tweet of day: How to create a strong password to guard against hackers here

[MKZ1945]

Use KeePass and change your passwords often

[Num2]

The article completely ignores the fact that the passwords were basically given way by Twitter. No password no mater how strong or how often changed can save you in this case.

[DrSpanky]

Quote

The article completely ignores the fact that the passwords were basically given way by Twitter. No password no mater how strong or how often changed can save you in this case.

This is a common oversight. When these major breaches come to light, all the tech writers suggest strategies and applications to create or remember strong passwords. However, as Num2 points out, the strongest password ever created is useless when some intruder is accessing your account through a back door hack. The real question is, can we trust these social networks with our private information?

[MKZ1945]

Quote

DrSpanky

This is a common oversight. When these major breaches come to light, all the tech writers suggest strategies and applications to create or remember strong passwords. However, as Num2 points out, the strongest password ever created is useless when some intruder is accessing your account through a back door hack. The real question is, can we trust these social networks with our private information?

It’s a great question and if anyone out there assumes the answer is yes, they are probably kidding themselves. It has amazed me on how much personal information people have been willing to share on Face Book. Some make it pretty easy for others to easily guess the password they use just to get into their account.

[mail2ri]

I believe the article completely misses the point. This was not a case of random Twitter a/cs being compromised because they had 'weak' passwords, but because Twitter didn't care to protect users' privacy by encrypting and storing passwords in the first place. Had it done so, no hacker would have found it so easy to repeatedly break into Twitter for such large scale intrusion. So, it's not Twitter users who are to blame, though they should be worried this can happen again, thanks to Twitter's callousness.

[PwdRsch]

Quote

Num2: The article completely ignores the fact that the passwords were basically given way by Twitter. No password no mater how strong or how often changed can save you in this case.

That's incorrect. Because twitter used a strong form of password hashing, the stronger (meaning less guessable) the password you used the less likely it is that bad guys will be able to crack it.

Even if my Twitter account had been among the compromised I would not have been concerned because my password was strong enough that it isn't crackable using current techniques or computing hardware.

Quote

mail2ri: This was not a case of random Twitter a/cs being compromised because they had 'weak' passwords, but because Twitter didn't care to protect users' privacy by encrypting and storing passwords in the first place.

You are correct that the account data wasn't accessed due to weak passwords, but due to a security breach at Twitter. However, Twitter did use a very strong method of 'encrypting' the passwords. Because they did so this makes it difficult for the bad guys to crack any but the very worst passwords chosen by users.

They protected your passwords better than some banks do, so give them credit for that.

[Jay38]

SplashData's SplashID Safe is a great password generation tool. It even has a reminder for password change schedule. It offers a lot of other advantages as a virtual safe to secure personal or even hundreds of confidential business record.

[alreaud]

A great password, actually passphrase, generator that is very easy to remember is Diceware, http://world.std.com...d/diceware.html

A few years ago, not having dice, I created an Excel spreadsheet, based on Diceware, that creates random passphrases. It's available at http://happycattech....-applications-0 in both Microsoft Excel and LibreOffice formats, under the GNU-GPL.

For better security, one sets up rules, only known to oneself, that is something like capitalize the first letter, the first o converts to a zero, or the first a converts to @, the first i to !, etc.