Michelle MazurekMar 19, 2023

Saving the absolute worst for last on the UMD security training, on passwords/phrases:
* Substitute 3 for E and R for "are"
* Never write down your passphrase, never store it in your browser
* Use a familiar phrase, perhaps a line from your favorite song.

What are we even doing here?

Show threadAdam Shostack  Mar 19, 2023
@mmazurek I think you forgot the phrase "wrong answers only" :)
Show threadAdam Shostack  
@mmazurek more seriously, I think these practices are incredibly dangerous on several levels: we waste budget (both cash and time), we waste credibility, and having done both, security staff can't get to useful work.
Mar 19, 2023 at 4:12pmWeb
Show threadMichelle MazurekMar 19, 2023
@adamshostack strong agree. Our CIO is even a CS professor, and I've talked to him about related issues a number of times. Incredibly frustrating.