Thursday, October 6, 2011

Password Creation Key Material - If you HAVE to used known passwords

I was reading my RSS Feeds today and saw a post from Wayne Small over at SBS FAQ talking about Passwords and how people store them.
He spoke about a Password Card from Savernova which gives you the beginning of a secure password system. It won’t protect you from a KeyLogger but it might protect a password to a password, which is what I might use it for…
I already use KeyPass for storing and generating my high value credentials so I can just copy and paste into Application and Web Dialogs well ones I don’t already have Single Sign on for (but that is another post)
KeyPass allows me to use a Password to open the Encrypted Password Safe AND I’m Pretty PARANOID (They still might be out to get me) so I store the App and Data on an IronKey that is pretty much always with me. Oh yeah the IronKey is Decrypted with a Password Sad smile
Now at work I use a Smartcard to login and our user Attributes are set to Require Smartcard so there is no worries about a Password or is there? My SmartCard Pin is an 8 Character Password DAMN
So to login to my Internet Banking I need a 24 Character Password I stored in KeyPass so here goes…
I am tempted to make lots of the passwords the same to make them easy to remember but I work in an Identity Management, Authentication and Security Team hmmm maybe not. Now If I did maybe they might be @BettyisPretty after someone I follow on Twitter (Because that Twitter ID makes me Smile)
Today I looked at Wayne's Card and thought NOT Strong Enough and set about making my own
Here is how I did it:

  • Create a Constant in Excel and call it Characters

  • Insert the Characters in your Password Policy: 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!@#$%^&*[]{}-+

  • Create a Matrix of Cells I used the same one as the Card from Wayne's post and added some I didn’t think I needed to miss

  • Copy the Random Selection Formula to each Cell: =MID(Characters,INT(RAND()*LEN(Characters))+1,1)

  • Put a Border around it like Map Co-ordinates and you are good to go

  • Print

  • Laminate and

  • Insert into your Smart Card Holder


image
This is not the Matrix I’m using Smile and it changes with each open anyway so make sure you print a spare and save it SECURELY (against Loss not Compromise)
In my Scenario I might use the following to Comply with the ISM (Govt Security Guidance) Complexity Recommendations
Smartcard Pin – I5 Diagonal Down 7 Chars = iR5p7xh
IronKey Password – D9 Horizontal 8 Chars = “&0yfmgk
KeyPass Password – L3 Vertical 8 Chars = V-deJp#3
Posted by at
Labels: , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)