Post Process

Everything to do with E-discovery & ESI

Archive for the ‘Password Protection’ Category

The problem with passwords

Posted by rjbiii on September 25, 2007

I’m sure none of us has ever noticed this before:

Paying bills and buying merchandise online may be convenient but carries a well-known side effect: Too many passwords.

Virtually every secure Web site involved in transacting financial information requires a username and password. Your credit cards. Your mortgage. Your auto loan. Your phone. Your cell phone. Your bank account. Your 401(k) account. Your brokerage account. Your health insurance account. Your prescription drug provider. Shopping sites. Hotel reservation sites. Airline reservation sites. You get the idea.
[…]
Over the years, estate attorneys have discovered a lesser-known side-effect: Some people go to their graves preserving their passwords, leaving relatives and representatives of their estates with no knowledge of how to access the various accounts – or even which accounts exist.

(emphasis added)

I’m pretty good about remembering passwords, yet I’ve had to call certain vendors to re-set on a number of occassions. While processing evidence, we often come up on password protected files. While there are a number of apps that take advantage of back-door routes, often the only answer is brute force. At some point, I’ll look at password protected files in the context of the legal standard of “reasonably accessible.”

Posted in Computer Security, Password Protection | Leave a Comment »

Want to crack a password fast?

Posted by rjbiii on September 10, 2007

To all those EDD operators who run up against password protection, and can’t get past it, try Orphcrack.

The multi-platform password cracker Ophcrack is incredibly fast. How fast? It can crack the password “Fgpyyih804423” in 160 seconds. Most people would consider that password fairly secure. The Microsoft password strength checker rates it “strong”. The Geekwisdom password strength meter rates it “mediocre”.

New toys…and new fears. [HT: Slashdot]

Posted in Computer Security, Password Protection | Leave a Comment »