Hi Guys,

As we approach a time where all our data and software is "online", isn't securing it going to become more and more important?

I think this will involve two things, encrypting the data itself and making sure access to the data in the first place is secure.

I'm pretty worried about getting my identity stolen, it happened to millions last year in the USA. I personally think a lot that is to do with mismanagement of passwords. I know my parents are terrible at keeping their passwords safe, not to mention creating them. (Your birthday HELLO!!!).

One of the pieces of software I use is LogMeIn, so I can log onto my home PC anywhere in the world. It's awesome but I worry that it's easy to hack with only my passwords protecting it. NO! I didn't use my birthday as my password. BUT, I still don't feel that secure.

How can I make access to my PC (and all those incrementing pictures ;-) ) via LogMeIn more secure?

http://web2.minasi.com/forum/topic....

That will tell you exactly what you want to know.

Well, I wouldn't be as worried about the "incrementing" photos as the "incriminating" photos. You've got something about your parents there. The weakest link is the users. They are the ones that don't obey rules, who behave erratically, who summarize and simplify, even if what they do is not prudent. The best thing is to keep part of their access permission out of their hands. 2-factor authentication is a perfect example. In the case with PhoneFactor which you just described, the second factor is successful if they have their phone. It's binary.

Haha,

That was my bad "incrementing", yes I don't know if such a photo exists what do you think?

I had a look at that link guapo posted to another forum.

PhoneFactor is a great solution. It's really got that wow factor, along with IMHO technically the best 2-factor solution out there. I would recommend anyone to go over to their site and try out their demo (it's really easy an you don't need to install anything: http://www.phonefactor.com/

Some people' "El Guapo" is the actual "El Guapo" (3 Amigos). Does the phone simply act as a token?

You could compare it to a token. That's a good way to look at it.

Excerpt, hacking passwords:

"Assuming the hacker has a reasonably fast
connection and PC here is an estimate of the
amount of time it would take to generate
every possible combination of passwords for a
given number of characters. After generating
the list it’s just a matter of time before
the computer runs through all the
possibilities - or gets shut down trying."

5 Character lower case password e.g. "tiger"
can be hacked in 11.9 seconds, is this true!

See here http://onemansblog.com/2007/03/26/hack-your-weak-passwords/

So you are saying that the phone receives a random number which is then input into the browser window along with the username and password? I'm not sure I like that :-( Seems to undervalue the network-attached status of the phone!

I would say that the times for cracking a password, listed on that blog, are accurate if you already have the encrypted password and are using John The Ripper to crack it.

However, doing a remote dictionary or brute force attack is another story. With some of those crackers, a user name has to be provided. If you don't have one, it has to be brute forced as well. That adds to the time it takes to make it happen.

I looked at the top 10 crackers they listed. John The Ripper is great if you already have the encrypted file but can take days or weeks if the password is strong. The remote cracker, Brutus, is worthless in my book. I've tried to crack my Unix box which is right next to my Windows box. If it doesn't stop running it gives a false positive.