• Patch Lady – so should we freak out about passwords?

    Posted on February 21, 2019 at 11:03 CST by Comment in the Forums

    We urge folks to use stronger passwords, but then it’s hard to keep track of them.  So we use password managers.  But there’s news out that these manager programs aren’t as secure as we’d like them to be and may leak things like… oh the master password.  But if I’m reading the white paper correctly, some of the techniques used to discover these secrets means that the system was either compromised to begin with, or it’s being examined physically and forensically – that is the researcher is looking at dump files, and examining memory in such a way that you have to have physical access to the machine.  If an attacker has physical access to your machine, it’s not your machine anymore.

    There is an old old old post of which I can only find other blog posts about the original post about 10 laws of security that was first put out by Microsoft:

    Law #1: If a bad guy can persuade you to run his program on your computer, it’s not solely your computer anymore.
    Law #2: If a bad guy can alter the operating system on your computer, it’s not your computer anymore.
    Law #3: If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore.
    Law #4: If you allow a bad guy to run active content in your website, it’s not your website any more.
    Law #5: Weak passwords trump strong security.
    Law #6: A computer is only as secure as the administrator is trustworthy.
    Law #7: Encrypted data is only as secure as its decryption key.
    Law #8: An out-of-date antimalware scanner is only marginally better than no scanner at all.
    Law #9: Absolute anonymity isn’t practically achievable, online or offline.
    Law #10: Technology is not a panacea.

    I think number 3 is at play.  Granted it still may be safer to buy and do this.  And add multi factor authentication where you can.  And realize we’re never 100% secure.  Just acceptably secure.  For now.  Until the next headline.

    Excuse me while I go buy some aluminum foil.

    Windows News
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    May 2025
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    25262728293031

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.