Sign in or Join FriendFeed
FriendFeed is the easiest way to share online. Learn more »

Lloyd Budd › Likes

Robert Scoble
Robert Scoble
I wonder how many people and companies are changing their passwords and policies this morning because of #twittergate and http://www.techcrunch.com/2009... ? I know I am, I was doing a few of the stupid practices that caught Twitter.
July 19, 2009 - Comment - Share
Does anyone have a good blog post for how to come up with strong password names and policies? - Robert Scoble
71 more comments
taht's great, I am also willing to change my password. - Madhav Tripathi
1Password on the Mac... - Holger Eilhard
not for corp use but for personal use 1Password is perfect - Mike Bracco
Holger: beat me to it :) - Mike Bracco
Mike: Sometimes I'm faster. Rarely, but happens :-) - Holger Eilhard
I will write a blog post about it. - Madhav Tripathi
Robert on the network side of things there are programs that generate strong passwords. But you can develop a "feel" for it. I have to create them all the time. Just don't use "memory aids" they lead to social hacks - Melanie Reed
You're okay if you don't use 3rd party apps to login to Twitter, right? - Steven E. Streight
Sorry, should have linked to the TechCrunch article about how the hacker broke into Twitter: http://www.techcrunch.com/2009... - Robert Scoble
Steven: this isn't about your Twitter account's security. It's about your security on the Web. - Robert Scoble
I have no need because my passwords have always been 12+ characters, include caps, random characters, and numbers. I'm sure most people that use FF are the same way. The engineers I work with bitch about my choice of passwords all the time. - coldbrew
The sad reality is any password can be hacked. It's just a matter of time as in attrition. But you can make it harder for them with strong passwords - Melanie Reed
Yeah, we've always tried to make sure our hosting customers understand how important it is create good passwords, but many still use bad passwords, hopefully all of this recent press will scare them into using better passwords. Most people don't care about their password until something bad happens to them. It's similar to people who ignore making backups and then find out the hard way. - Scott Beale
I use Lastpass.com to generate and save passwords. - mrshl
Just pick a couple good ones that you can use for different things. Practice typing them so you can remember the keystrokes easier. The more you use them the easier it will be to remember. Use keepass or FFox to keep track of them. - Logan Lindquist
1Password hands down for ease of use and strong password creation on OSX and iPhone - Jerry Schuman
I wrote this regarding Twitter, security & the cloud: Here's my thoughts http://www.thetechnewsblog.com/2009... #twittergate - Jim Connolly
Melanie: it's the social hacks that will catch the most people. Not the strength of the passwords. Notice that he didn't need to guess the passwords, he just needed to use the ecosystem against itself. - Robert Scoble
I agree 100% about 1Password, one of the best Mac apps out there: http://agilewebsolutions.com/product... - Scott Beale
Roboform on Windows. Otherwise 1Password. - Herb Hernandez
Very few. People and companies generally don't make policy changes until they're bitten themselves. - Darren
Good point about social engineering, Scoble. - coldbrew
Robert: yes. its the easiest hack to employ - Melanie Reed
Or there's a business requirement . e.g. Customers inquire about policies based on what they've read in the news and impose requirements on their partners. - Darren
If you need cross-platform then I'd look at http://www.keepassx.org - Jerry Schuman
1 - Mark
Unfortunately most companies don't change passwords until they have too, the IT department doesn't want to deal with the calls when someone can't remember there password. - Kim Landwehr
my 14 character alphanumeric pass for my gmail account was hacked about 2mo ago. After fixing, Ive gone and changed all passes; & none of them are of the same ilk. my twitter account is the simplest; cause i care less if its hacked. - clarke thomas
The best thing to happen to corporate security was the public insecurity of Microsoft software int the late part of the 90s and earlier in the decade. - Darren
I use Roboform Password Manager to navigate and automatically login to websites using complex passwords: http://www.eenmanierom.nl/wachtwo... (Dutch post but Google Translate is nearby). - Patrick Mackaaij
a lot, I hope..... - Alex Griffiths
FTR, I use Keepass (hosted on sourceforge). - coldbrew
I had to this week my XBL account was hacked. - Dylan Richardson
I had to change everything and cancel 2 cards. - Dylan Richardson
I use GRC to gen and never use anything less than 20 chars unless the site doesn't support that length. Sometimes I use the first 20 in a 64 bit key, sometimes I use the last 20, sometimes I pick the middle 20. Sometimes I use 21, 22, 23, 19 char length. I also lie on all reminder questions. - Brian Daniel Eisenberg
I use a hosted version of clipperz (http://clipperz.com/), totally random passwords, web accessible from anywhere and hosted on my own server. - Justin Yost
same here, Justin. I use lastpass which generates random passwords, and has one master password, which is a very secure one. - Tim Hoeck
A couple of months ago, my gmail was hacked. They then quickly went and changed my Itunes account over to another email and started buying iphone apps. In the about an hour and a half, that they had control over my email they spent almost $1000. Luckily they made the mistake of changing the name and language on my account. I don't use the email much anymore but g reader so I spotted it.... more... - Rasmus Lauridsen
for years, private corporate systems have had security measures like password strength policies for a domain, password age policies, secure connection requirements, logon policies that deny multiple logons, locking out user accounts after multiple password failures, etc. etc. etc. this incident with Twitter is a huge wake-up call. - Karim
What first caught my eye was this article was written by Nik Cubrilovic. I had wondered what had happened to him, and hoped everything was well with him. - Lloyd Budd
Yeah, Nik was in the TechCrunch office when I was there the other day. I figured a big story was underway cause Arrington told me to stop wasting Nik's time and to go bug the interns. :-) - Robert Scoble
Making an awesomely strong password wouldn't have prevented this attack. It was using the same awesomely strong password that made the attack possible. And who hasn't done that? There's just too many apps that require passwords out there. - marziah
I typically use KeePass to generate as strong a password as I can. I try to keep passwords to a minimum of 20 characters and use letters, numbers and symbols...some sites allow this some do not. If there is a password character max I will use that max (within reason). The problem I have is with some of the accounts I want to be able to access from my Blackberry. Having a 50 character... more... - Sean Brady
I use RoboForm to create all my passwords. I have them backed up and honestly couldn't type one out if I tried, they all are 14-16 chars long - George Handlin
+1 George. A good pw generator like RoboForm or 1password can save you a lot of grief later on. - Bill Sodeman
interesting experiment, make accounts at free websites and have really awful passwords and see how long it takes to get hacked! - Mark
I agree with Sean Brady, makes it tough entering on the blackberry. Especially how sometimes it will cap the first character and when it's masked, makes it even tougher. Wish there was something I could host on my own server that would work with all my machines (Win/Mac) and my phones. I don't like the idea of storing on some hosted service. Thinking of trying RoboForms hosted service since they are trusted and I've gained personal trust for the application. - George Handlin
It makes me anxious not knowing my password is for a particular site... so I've always been wary of things like 1password or roboform. I also need something that I can pull up from any computer, which rules out 1password. I've heard good things about supergenpass - Mark Philpot
Take a look at Clipperz then, if you can get to the internet you can get to Clipperz (http://www.clipperz.com/) - Justin Yost
Justin - @jtyost2 - I just checked out www.clipperz.com for the password mgmt, looks promising, but wish there were better integration w/ Firefox somehow. It's pretty cumbersome to get started. - Alex Schleber
Yeah that is a drawback. - Justin Yost
thanks 4 reminder should do it now arrgh!! as we speak!! - polou/indigo_bow
Robert due to all the virus issues we went to a more secured password format 3 months ago. We use a minimum of 8 characters numbers letter and mixed case password plus you can not use your name. We force our users to change their passwords every 3 months. - Rob Cairns
I think for a security policy to be effective it has to be secret... - Alexandros Georgiadis
KeePass (Win) and KeePassX (cross platform) is excellennt! Strong public encryption and publicly available source code. I would love to go with LastPass, they have a beautiful cross platform syncing solution, but since they are closed source (for now) I'm holding off switching to their product. - Daniel Chow
I stopped using the same password years ago. To help me keep up with the various passwords, I have been using KeePass on Windows, Windows Mobile and OS X for several years; I'm waiting for iKeePass to become available. - MiniMage, enterRUPPted
http://www.yubico.com/home... for hardware PW protection, https://addons.mozilla.org/en-US... FireFox addon LastPass is for software app, https://www.grc.com/passwor... for GRC's ultra High Security (put it on a usb flash and copy paste), http://www.thegeekstuff.com/2008... geeks know everything! - Rich Weaver
Yep the 'ecosystem' is undoubtedly insecure. I believe this type of hacking also has elements of social engineering to it. I dislike the "secret questions" as today when most people's personal information is transparent online what purpose do those questions serve, except to weaken security? Can we please opt out of dumb security questions... someone start a petition or something! - ASKJDOG
Great Post, I learned more about improving my security in 15 minutes than I would have at a 2 day seminar. :) - Robert Higgins
I hope the lasting legacy of twittergate is better security thanks to articles like this one. - Stephen Mack
I use http://passwordmaker.org/ for most of my password, it means I only need to remember a single password and it generates a unique password for each site I use (by hashing my password with the url). For the remaining sites, I use http://passwordsafe.sourceforge.net/ and dropbox to sync my password database across machines. - Wilka Hudson
I see many people using/recommending password generator sites. I also recommend these, but one day I thought - what if the password generators are hacked? --> http://robotterror.com/site... - Robert J Taylor
Password Maker (the first link) isn't just a password generator site - I use it as a FireFox plugin. It's also open source, so if you're really unsure about the safety of it you can have a look at the code yourself. I realise that's not a very good answer for an non-coders, but it does mean that if it was hacked *somebody* would notice and it would be all over blogs like Bruce Schneier http://www.schneier.com/blog/ - Wilka Hudson
Also, for you those of using Firefox - you should look at this: http://cubicledenizen.blogspot.com/2008... - Wilka Hudson
I think unless we develop somethig better than passwords we will never fix the problem. Using different strong passwords is good but it's no better than locking a cycle up outside a store, they just ensure that only dedicated people hack your acount/steal your cycle, which in general are the worst people to hack your account. - Darren Rollett
Some people on here have informed the world what their password policy is and what tool they use to generate passwords. If this had been a conversation down the pub then probably not a problem but if I want information on high value passwords FriendFeed would probably be the place to go due to the people who use the system. - Darren Rollett
Nobody has mentioned https://mashedlife.com - it uses a bookmarklet to log you into your sites. That way you can use anything for the password. Cliperz looks like a similar system. - Daniel Siva
Mark Jaquith
Mark Jaquith
Others have noticed increase in FriendFeed subscriptions too. I think Twitter/FB finder is the cause: http://friendfeed.com/friends... (hat tip @h0bbel)
May 4, 2009 from Twitter - Comment - Share
Scott Beale
Scott Beale
May 17, 2008: ZOMG LOL! Ben's in Town, Let's go haz CheezBurgers! at Joe's Cable Car Restaurant - http://upcoming.yahoo.com/event...
May 14, 2008 from Upcoming - Comment - Share
Other ways to read this feed:Feed readerFacebook