[ale] evernote security breach
Jay Lozier
jslozier at gmail.com
Mon Mar 4 18:54:50 EST 2013
On 03/04/2013 12:38 PM, Ron Frazier (ALE) wrote:
>
> "Michael H. Warfield" <mhw at WittsEnd.com> wrote:
>
>> On Mon, 2013-03-04 at 09:35 -0500, Ron Frazier (ALE) wrote:
>>> Hi all,
>>> I first saw the link to this article on the dc404 mailing list. If
>> you're an evernote user, you need to know about this.
>>
>>> http://www.theverge.com/2013/3/2/4056704/evernote-password-reset
>> If you are an Evernote user, you need to change your password. The
>> attackers had access to user-id's and password hashes. The passwords
>> where hashed and salted but simple passwords are still subject to
>> off-line brute force and rainbow table attacks. Change your password
>> to
>> a good, high complexity, password or passphrase.
>>
> Do you think a 15 character random alphanumeric generated by Lastpass is good enough? Or, should you go longer if the site will let you?
I tend to use very long gibberish passwords (Keypassx) that include any
keyboard character including punctuation. I consider 15 characters
unacceptably short.
The reason for both is the potential complexity of the password is
increased forcing hackers to use purely brute force methods which can
become time consuming with very long passwords. My goal is to be hard
enough that the hackers will eventually give up.
Also, every site has its own password so even if they crack one password
it not used any where else.
<xnip>
--
Jay Lozier
jslozier at gmail.com
More information about the Ale
mailing list