How To: Diceware Passwords

I strongly advocate the use of password managers. In October I will be reviewing and providing tutorials for a number of password managers as part of my National Cyber Security Awareness Month posts. Even with password managers, however, you still need to remember – and be able to manually enter – at least a few passwords. Your like full-disk encryption and password manager require passwords you know and remember. Diceware passwords are cryptographically sound passphrases that are easily remembered and easily created. This technique is quickly becoming one of my favorite for creating good passphrases. Continue reading “How To: Diceware Passwords”

Usernames as a Security Measure

I was recently a guest alongside my co-author, Michael Bazzell on the Social-Engineer podcast (the episode will be be available tomorrow).  We discussed social engineering for security and privacy reasons.  Since being on the show I have thought more about social engineering than at any time since I attended Chris Hadnagy’s SE course back in 2013. One realization I’ve had is that social engineering attacks commonly begin with a starting point.  An email address to which the attacker can send phishing emails.  A phone number she can use to hack your cell account.  A username she can use to call customer service and request access.  Along this line of thought, it has also occured to me that it is never a bad time to restress the importance of usernames as a security measure. Continue reading “Usernames as a Security Measure”