Richard Bullington-McGuire ([info]obscurerichard) wrote,
@ 2008-02-11 15:48:00
Previous Entry  Add to memories!  Tell a Friend  Next Entry
Current mood: satisfied
Entry tags:geek, security, work

Password Pandemonium and Gigabit Ethernet
About six months ago, I set up two D-Link DGS-1224T Gigabit Ethernet switches for work. However, I neglected to record the new password for one of the two switches. I spent an hour trying to remember the missing password a week ago before giving up. Today I tried again, and on the 12th or 13th guess, I finally got it.

The password explosion problem most of us face is quite annoying. I'm landing more and more in Bruce Schneier's camp regarding what to do with the explosion of passwords, that is, write them down. Every now and then, I think about using a password generator (see this cool demo), but I haven't committed to using this yet. It looks like I can save the password generator page for local viewing and use on my Treo 680, though, so I'm going to ponder this some more.

A quick word about the DGS-1224T: this Gig-E switch hits the sweet spot for me in that it supports all the heavy-duty performance and security features I care about (jumbo frames, 802.1Q VLAN tagging, 802.3ad link aggregation) at a rock-bottom price for a smart switch. The pair of switches have been rock-solid so far.


(3 comments) - (Post a new comment)


[info]colinmac
2008-02-11 10:57 pm UTC (link)
I actually went with Scheier's suggestion (which I didn't see on that page) of using a standard prefix and/or suffix, and writing down the rest. That combines Something You Have with Something You Know.

So I randomly generate a 6-character mix of uppercase, lowercase, numbers, and special characters, and write that down. Then the real password is that plus something like 'Z%', which is the same for all of my passwords. The surprising thing is how well I can remember a completely random password if I use it enough.

A further refinement would be to have one prefix/suffix for work systems, one for public accounts (Amazon, Gmail), etc. Not sure how much difference that makes, though...

(Reply to this) (Thread)

[info]kattrags
2008-02-12 03:16 am UTC (link)
Yep, I know that problem well, despite the claim of my employer that we have a "Single Sign-on Password" :-)

Even my handful of usual suspects has become insufficient, due to the "no former passwords" rules, and the mutation of them--- adding caps, swapping letters for numbers, etc.-- just ends up causing brain death when I can least afford it.

But if I write them down, I write down a suggestion or partial. This worked better before all these applications got so damned picky about caps and numbers and no repeats.

(Reply to this) (Parent)
Secret Server
[info]grassyknoll67
2008-02-15 12:54 am UTC (link)
So my employer uses a web product called secret server (I'll get the url later and email it to you because I can't recall it at the moment). What I like is the fact that we have several levels of granularity and the solution keeps up with it. All the Application specialists have to remember dev, staging, and prod passwords, but only a few of us need pix, netscaler, and even fewer of us the root passwords. Secret Server keeps up with the scalability, and I think that's cool.

(Reply to this)

(3 comments) - (Post a new comment)

Create an Account
Forgot your login or password?
Login w/ OpenID
English • Español • Deutsch • Русский…