![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
about your passwords
2020-Jul-30, Thursday 01:53 amOn Microsoft Windows, I know enough to be able to retrieve a lot of passwords from laptops where I already have a local account. It's not very hard, even. Don't think that your passwords in Windows are any more secure than that Post-It note that you keep under your keyboard. (Hint: Use Linux.)
For improved security anywhere, I recommend using KeePass as a password manager for generating individual passwords on each website you visit. It's not automatically integrated with your web browsers like some other products are, but that's a good thing.
Over my many years as an Information Technology technician across several companies, many people have shared their passwords with me intentionally to allow for easy access to their profile for diagnostics and fixes. I've tried during the last year to break myself and everyone else of that bad habit. Some passwords that people use include curse words. That's okay. I'm not shocked. Really, I'm not. Passwords should be easy for the user to remember! I have never reported anyone for their private passwords that I learned.
But...
I'll gloss over the muddy details by saying generically that Anonymous has doxed the police officers who are now awaiting trial for the murder of George Floyd here in Minneapolis. I've seen the file that's been offered. I know nothing about its authenticity. Home addresses, social security numbers, credit card numbers. It's all there. But it's the passwords that I want to call your attention to now.
But asshole passwords would make me consider a notice to Human Resources. So don't do that.
Not ever.
For improved security anywhere, I recommend using KeePass as a password manager for generating individual passwords on each website you visit. It's not automatically integrated with your web browsers like some other products are, but that's a good thing.
"The three golden rules to ensure computer security are: do not own a computer; do not power it on; and do not use it."
- https://en.wikipedia.org/wiki/Robert_Morris_(cryptographer)
- https://en.wikipedia.org/wiki/Robert_Morris_(cryptographer)
Over my many years as an Information Technology technician across several companies, many people have shared their passwords with me intentionally to allow for easy access to their profile for diagnostics and fixes. I've tried during the last year to break myself and everyone else of that bad habit. Some passwords that people use include curse words. That's okay. I'm not shocked. Really, I'm not. Passwords should be easy for the user to remember! I have never reported anyone for their private passwords that I learned.
But...I'll gloss over the muddy details by saying generically that Anonymous has doxed the police officers who are now awaiting trial for the murder of George Floyd here in Minneapolis. I've seen the file that's been offered. I know nothing about its authenticity. Home addresses, social security numbers, credit card numbers. It's all there. But it's the passwords that I want to call your attention to now.
"Passwords: {mn311lane, thomlaa, nigger123}"
Please... if you are using racist, authoritarian, asshole passwords anywhere, please change them now. As an I.T. worker, I consider my end users sort of like a psychiatrist, doctor, or priest would consider their charges, with an appreciation and urgent need for sacrosanct honesty that allows me to help correct problems and create a better order to a very messy world. I have no desire to snitch on anyone about anything that I learn as a tech who helps users solve their reported problems, and I never have reported any such issues up the chain of authority.But asshole passwords would make me consider a notice to Human Resources. So don't do that.
Not ever.