[ale] evernote security breach

Richard Bronosky richard at bronosky.com
Tue Mar 5 00:54:25 EST 2013


This is the beauty of the xkcd password for Android users. You install the
REAL Swype keyboard and then create passwords out of combinations of words
that Swype reliably. I have 30+ char passwords that I can enter in 3
seconds flat.

Need help remembering these passwords? Choose combinations of words that
express how you feel about the app, or the competition, or how you felt
before you had the app. I suggest not choosing words that describe what the
app does.

Sent from my Samsung Galaxy S3 using the Swype software keyboard.
--Richard Bronosky
On Mar 4, 2013 9:19 PM, "Ron Frazier (ALE)" <
atllinuxenthinfo at techstarship.com> wrote:

>
>
> Jay Lozier <jslozier at gmail.com> wrote:
>
> >On 03/04/2013 12:38 PM, Ron Frazier (ALE) wrote:
> >>
> >> "Michael H. Warfield" <mhw at WittsEnd.com> wrote:
> >>
> >>> On Mon, 2013-03-04 at 09:35 -0500, Ron Frazier (ALE) wrote:
> >>>> Hi all,
> >>>> I first saw the link to this article on the dc404 mailing list.  If
> >>> you're an evernote user, you need to know about this.
> >>>
> >>>> http://www.theverge.com/2013/3/2/4056704/evernote-password-reset
> >>> If you are an Evernote user, you need to change your password.  The
> >>> attackers had access to user-id's and password hashes.  The
> >passwords
> >>> where hashed and salted but simple passwords are still subject to
> >>> off-line brute force and rainbow table attacks.  Change your
> >password
> >>> to
> >>> a good, high complexity, password or passphrase.
> >>>
> >> Do you think a 15 character random alphanumeric generated by Lastpass
> >is good enough?  Or, should you go longer if the site will let you?
> >I tend to use very long gibberish passwords (Keypassx) that include any
> >
> >keyboard character including punctuation. I consider 15 characters
> >unacceptably short.
> >
> >The reason for both is the potential complexity of the password is
> >increased forcing hackers to use purely  brute force methods which can
> >become time consuming with very long passwords. My goal is to be hard
> >enough that the hackers will eventually give up.
> >
> >Also, every site has its own password so even if they crack one
> >password
> >it not used any where else.
> ><xnip>
> >
> >--
> >Jay Lozier
> >jslozier at gmail.com
> >
>
> My wife, who's not a super geek, rightly pointed out that the weak link in
> my chain is now the master password to the lastpass database.  If that were
> cracked at the lastpass website, or on a stolen PC, I'd be in trouble.  I
> do have to remember that one, and I do have to type it, every time I want
> to access the passwords for ANY site.  I'll have to give that some more
> thought.
>
> Sincerely,
>
> Ron
>
>
>
> --
>
> Sent from my Android Acer A500 tablet with bluetooth keyboard and K-9 Mail.
> Please excuse my potential brevity if I'm typing on the touch screen.
>
> (PS - If you email me and don't get a quick response, you might want to
> call on the phone.  I get about 300 emails per day from alternate energy
> mailing lists and such.  I don't always see new email messages very
> quickly.)
>
> Ron Frazier
> 770-205-9422 (O)   Leave a message.
> linuxdude AT techstarship.com
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20130305/b711fd6e/attachment.html>


More information about the Ale mailing list