PasswordCard - Safe to have passwords written down?

Yesterday a friend of mine sent me a link to a different way of memorizing passwords.

PasswordCard has a unique grid of random letters and digits on it. The rows have different colors, and the columns different symbols. All you do is remember a combination of a symbol and a color, and then read the letters and digits from there.

The sentence that made me crazy was: "It's far safer to pick secure passwords and write them down, than it is to remember simple and easy to guess passwords. You already protect your wallet very well, and even if it does get stolen the thief will still not know which of the many thousands of possibilities on the card is your password." - I don't know what kind of study they followed, but ok.. I won't discuss that.

My analysis: The minimum password length usually is 8 chars, most people will choose 8 chars (the minimum) or the ones worried about security will go for the 12 chars. I'll guess (ey it's just my guess) that most people will just choose a password from left to right, so:

- We have 22 * 8 (176) possibilities of 8 chars passwords; and

- We have 18 * 8 (144) possibilities of 12 chars passwords.

I don't know about you.. but I don't feel safe with this.

Symantec: 65% of adults worldwide have been a victim of cybercrime

Another report from a security vendor, wait.. they are using a independent market research firm. You can find the report in the following link

I think the report is well structured and the information could be easily used by a sales team. As always it should be more focused on awareness than making people scared.


I like to comment on the following:
It’s sad but true that nearly nine in 10 adults (86%) are thinking about cybercrime and over a
quarter (28%) actually expect to be scammed or defrauded online. Only a tiny minority (3%) think cybercrime won’t happen to them.

I am more afraid of the 3% than the rest.

What we need, and we urgently need in Portugal, is a security awareness program where people would say "I know it exists, I think about it, and I do my best to minimize the probability of being a victim of cybercrime".

Cloud Security Knowledge

With all the buzz about Cloud Computing it should be expected that this would happen in the near future... Cloud Security Alliance released "Certificate of Cloud Security Knowledge", the knowledge (information) that you should know (memorize) to do the following online exame could be found in here:

CSA Guidance: http://cloudsecurityalliance.org/guidance/csaguide.v2.1.pdf
ENISA: http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment

The Preparation Guide can be found in here: http://www.cloudsecurityalliance.org/CCSK-prep.pdf

Online exams.. in a couple of years CISSP from ISC2 will be available from PersonVUE, now I ask... why do they bother to do this certifications/exams in the name of a higher knowledge?

Just admit: You want my money!

Welcome

I don't know exactly what kind of information will be added to this blog.. but I hope it will be useful for someone out there.