Comments
yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Expo on Google News

2008 West
DIAMOND SPONSOR:
Data Direct
SOA, WOA and Cloud Computing: The New Frontier for Data Services
PLATINUM SPONSORS:
Red Hat
The Opening of Virtualization
GOLD SPONSORS:
Appsense
User Environment Management – The Third Layer of the Desktop
Cordys
Cloud Computing for Business Agility
EMC
CMIS: A Multi-Vendor Proposal for a Service-Based Content Management Interoperability Standard
Freedom OSS
Practical SOA” Max Yankelevich
Intel
Architecting an Enterprise Service Router (ESR) – A Cost-Effective Way to Scale SOA Across the Enterprise
Sensedia
Return on Assests: Bringing Visibility to your SOA Strategy
Symantec
Managing Hybrid Endpoint Environments
VMWare
Game-Changing Technology for Enterprise Clouds and Applications
Click For 2008 West
Event Webcasts

2008 West
PLATINUM SPONSORS:
Appcelerator
Get ‘Rich’ Quick: Rapid Prototyping for RIA with ZERO Server Code
Keynote Systems
Designing for and Managing Performance in the New Frontier of Rich Internet Applications
GOLD SPONSORS:
ICEsoft
How Can AJAX Improve Homeland Security?
Isomorphic
Beyond Widgets: What a RIA Platform Should Offer
Oracle
REAs: Rich Enterprise Applications
Click For 2008 Event Webcasts
SYS-CON.TV
Top Links You Must Click On


No Passwords | @CloudExpo #Cloud #API #AI #ML #DL #DX #Cybersecurity
Right after the Sony Hack became public knowledge (circa November 2014), cybersecurity paranoia set in

Every time there’s a notable cybersecurity breach, someone (even me) writes a comprehensive primer on the proper way to create “secure” passwords. Lather, rinse, repeat. Until a few years ago, everyone (including me) based their password advice on a 2003 paper from the National Institute of Standards and Technology (NIST), with the catchy title “NIST Special Publication 800-63.” The paper recommended that passwords be cryptic, contain special characters, and be as close to nonsense as possible.

I was in a camp I called “How to Make a Cryptic Password You Can Easily Remember.” The short version was this: take a phrase you know, such as a favorite quote from a movie, and use the first letter of each word. For example, Sheriff Brody’s famous line from Jaws, “I think we’re gonna need a bigger boat,” becomes 1twgn@bb. The trick was using Leet (a technique where letters are replaced by numbers and symbols; see my post from July 2012, “Yahoo! Hacked: What You Need To Do Now”) to add the numbers and special characters. But as you can see from the example, a password made in this way is total nonsense to everyone but you – unless you forget your favorite quote.

That Was Then
Right after the Sony Hack became public knowledge (circa November 2014), cybersecurity paranoia set in and everyone started grasping for ways to enhance their cyberdefenses.

Once again, passwords were in the spotlight, but two strategic camps had evolved. Camp one was advocating the creation of more-cryptic passwords and changing them often (like monthly), and camp two began advocating for the longest passwords possible, made from any words you like and left alone until there was a reason to change them. All my cybersecurity friends fell squarely into the second camp, advocating for the longest passwords possible. My thinking evolved and I fell into line with camp two.

Fast Forward to Today
According to the Wall Street Journal, Bill Burr (the man who wrote the NIST memo back in 2003 that recommended the cryptic craziness and frequent replacement guidelines) has had an epiphany. “Much of what I did I now regret,” said Mr. Burr, 72 years old, who is now retired. If the reporting is accurate, he had very little evidence upon which to base the NIST’s recommendations. (Sort of makes me think about the USDA Food Chart I grew up with. But that’s for another article.) Why were Mr. Burr’s assumptions wrong?

The Math
This very widely circulated cartoon from XKCD tells the story beautifully.

The key takeaway is that the longer the password is, no matter its complexity, the harder it is for a computer to guess.

Now What?
The good news is that Mr. Burr’s old memo has been discarded and the NIST has published new Digital Identity Guidelines. The bad news is that it is going to take quite a while for these new guidelines to become widely adopted. Many sites limit the length of your password to “8-12 characters.” If that’s the case, you can’t use a password that is long enough to be considered safe under the new guidelines. As you know, many sites (especially government sites) require a special character and a number for a password to be considered strong. In practice, it may be years before the Internet catches up. By then, we may not be using passwords at all.

No Passwords
For consumers, passwords are just a way to validate that you are who you say you are. If you forget your password, you can request an email, a txt, or in some cases a phone call to obtain a temporary replacement. So if there’s another valid way to authenticate you, passwords really aren’t necessary. Google, Facebook, and several other sites can be easily used to verify that you are who you say you are. If proper authentication protocols are used, any site could determine you are you by checking to see if you are properly logged in to Facebook or Gmail. Lots of sites already do this, and there are a host of biometric and multifactor identification and authentication schemas fighting to be the new new thing in secure Internet living. Password science is evolving quickly, but it’s likely to be a hot mess for the foreseeable future.

So What Do I Do?
Do what the experts are now telling you to do. Start using the longest passwords possible. I would not use correcthorsebatterystaple, but “passwordswedontneednostinkinpasswords” will absolutely do the job.

Other Articles You May Enjoy

CMOs Shouldn’t Buy Tech, Ever!

How Do You See the Future?

The Five Jobs Robots Will Take First

The Five Jobs Robots Will Take Last

Just How Dangerous Is Alexa?

I’d Pay You $500,000 a Year, but You Can’t Do the Work

Machine Learning & AI: When to Start?

Artificial Intelligence: 5 Things Every CEO Should Know

My Banned Words for 2017

The post Passwords: What if Everything You Know Is Wrong? originally appeared here on Shelly Palmer

About Shelly Palmer
Shelly Palmer is the host of Fox Television’s "Shelly Palmer Digital Living" television show about living and working in a digital world. He is Fox 5′s (WNYW-TV New York) Tech Expert and the host of United Stations Radio Network’s, MediaBytes, a daily syndicated radio report that features insightful commentary and a unique insiders take on the biggest stories in technology, media, and entertainment.

Enterprise Open Source Magazine Latest Stories . . .
Widespread fragmentation is stalling the growth of the IIoT and making it difficult for partners to work together. The number of software platforms, apps, hardware and connectivity standards is creating paralysis among businesses that are afraid of being locked into a solution. EdgeX...
One problem that all developers and companies struggle with is trying to decide if they should "build it" or "buy it". Software developers love to build things. That is what we do! Their natural reaction tends to lean towards building things. We are also always up for a new challenge. ...
MongoDB, an open-source document store and most popular NoSQL database on the market today, offers a variety of advanced features to administer security over your MongoDB deployments. In this tutorial post, we’re going to show you how to set up role-based access control (RBAC) to manag...
SYS-CON Events announced today that Evatronix will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Evatronix SA offers comprehensive solutions in the design and implementation ...
The 22nd International Cloud Expo | 1st DXWorld Expo has announced that its Call for Papers is open. Cloud Expo | DXWorld Expo, to be held June 5-7, 2018, at the Javits Center in New York, NY, brings together Cloud Computing, Digital Transformation, Big Data, Internet of Things, DevOps...
First, let's outline a frame of reference for multithreading and why we may need to use a thread pool. A thread is an execution context that can run a set of instructions within a process - aka a running program. Multithreaded programming refers to using threads to execute multiple ta...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021




SYS-CON Featured Whitepapers
ADS BY GOOGLE