Passwords you should NOT USE on physically insecure devices - PIDs
This guidance is for anyone who stores passwords but in particular
when they use a password on a device which could be accessed by
Also see Passwords - best practices as that page covers the use of passwords on web sites.
Any device (hardware or software) which protects access to it's contents
by use of a password has to have both (#1) the data to check your password against
AND (#2) the algorithm by which it does that check.
If a thief can even momentarily make a copy of #1 you could be seriously
compromised because #2 is often publically known and in some cases easy
to crack! Even worse is that is if they have copied rather than stolen your
device then you will probably be unaware you have been
compromised and the thief will have plenty of time to create a plan
to extract the absolute maximum cash and other assets from every
aspect of your life!
This means that you must never use passwords on these devices that
are common in any way with other passwords - especially those
which are protecting more important assets such as your bank account,
credit card or financial investments.
This page © Business before Technology 2008-9 - see the respective sites of the owners for their copyright as well as terms and conditions
Links and other information last validated on 22nd May 2009.
Please use the Contact us page to suggest any additions or revisions.