Category Archives: Password

A few posts that are related to passwords, e.g., password generation, key safe, entropy of passphrases, etc.

FortiGate SMS featured image

FortiGate 2-Factor Authentication via SMS

Two-factor authentication is quite common these days. That’s good. Many service providers offer a second authentication before entering their systems. Beside hardware tokens or code generator apps, the traditional SMS on a mobile phone can be used for the second factor.

The FortiGate firewalls from Fortinet have the SMS option built-in. No feature license is required for that. Great. The only thing needed is an email-to-SMS provider for sending the text messages. The configuration process on the FortiGate is quite simple, however, both the GUI as well as the CLI are needed for that job. (Oh Fortinet, why aren’t you improving your GUI?)

Here is a step-by-step configuration tutorial for the two-factor authentication via SMS from a FortiGate firewall. My test case was the web-based SSL VPN portal.

Continue reading FortiGate 2-Factor Authentication via SMS

Password Policy Featured Image

Password Policies – Appropriate Security Techniques

How are passwords stolen? What are common password flaws? What are the security techniques to enhance the security of passwords respectively the security of the login-services? What authentication methods provide long-term security? How often should a password be changed? Which methods achieve good security while not being too complicated to be used by end-users?

This blog post discusses several methods of how passwords are stolen and provides approaches of how login-services can be secured.

Continue reading Password Policies – Appropriate Security Techniques

Eselsbruecke-Passwort_small2

Sichere Passwörter erzeugen & merken

Wie dem auch sei: Wir kommen nicht um die Benutzung von Passwörtern herum und es ist nach wie vor wichtig, sichere (= komplexe) Passwörter zu verwenden. Dabei ist es vor allem schwierig, einen Mittelweg aus *sehr schwierigem Passwort* und *trotzdem merkbar* zu finden. Ich möchte hier eine Methode erläutern, bei der man sich ein komplexes Passwort so erzeugt, dass es sich durch eine Eselsbrücke einfach merken lässt.
Continue reading Sichere Passwörter erzeugen & merken

Password Entropy

Password Strength/Entropy: Characters vs. Words

This is a mathematical post which is related to the xkcd 936 comic about password strength. The central question is: What is better for passwords? A password containing a few random characters or a passphrase containing a (less) few random words? Here comes a mathematical discussion.

Continue reading Password Strength/Entropy: Characters vs. Words

KeePass-GeneratedPasswords

Password Generator Options for KeePass

This is a short post in which I show the options I am using when generating random passwords with the Password Generator that ships with the password safe KeePass. The character set should be as big as possible while not containing letters that could confuse the end-user. Of course, all upper- & lower-case alphabetic characters as well as the digits are included. For all other symbols, I chose those which are inside the ASCII table as well as writeable with the keyboard layouts for US and German keyboards.

Continue reading Password Generator Options for KeePass

KeePass-Hauptfenster

KeePass Passwort-Speicher Einführung

Eine der häufigsten Fragen bzw. Tipps, die ich meinen Bekannten gebe, ist: Benutzt sichere Passwörter! Am besten noch verschiedene für alle Services, also Dienste/Homepages/E-Mail/etc. im Internet und Co. Und uns ist allen klar: Das macht keiner… 😉 Außer man hat einen vernünftigen Passwortspeicher den man auch flexibel und von verschiedenen Orten aus benutzen kann. In einem solchen Programm kann man alle verschiedenen Passwörter eingeben und verschlüsselt in einer Datei speichern. Das heißt, man braucht zwar ein sehr gutes (= langes & komplexes) Passwort, erspart sich aber das Merken von allen anderen Passwörtern. Sprich: Man muss sich fortan nur noch ein Passwort merken und hat dann einen sicheren Zugriff auf alle möglichen anderen Passwörter. Ich verwende den KeePass Password Safe und möchte hier eine komplette Einführung in dessen Benutzung geben.

Continue reading KeePass Passwort-Speicher Einführung