Customer Reviews


9 Reviews
5 star:
 (4)
4 star:
 (4)
3 star:
 (1)
2 star:    (0)
1 star:    (0)
 
 
 
 
 
Average Customer Review
Share your thoughts with other customers
Create your own review
 
 

The most helpful favorable review
The most helpful critical review


17 of 17 people found the following review helpful
4.0 out of 5 stars Passwords are surprisingly interesting
I never thought I would find a whole book about passwords to be interesting, but I really like Mark Burnett's Perfect Passwords. This short book (134 pages without the appendices, which can be ignored) is remarkably informative. I recommend anyone developing password policies or security awareness training reading Perfect Passwords.

The book is unique because...
Published on March 17, 2006 by Richard Bejtlich

versus
4 of 11 people found the following review helpful
3.0 out of 5 stars Good Thoughts, But Not So Much
Mark Burnett's book appears to be the work of someone who has been in the security business for 10 years, been to a few lectures, seen lots of password policies, maybe even taken a class or two; but didn't understand some basic concepts. Bad guys may be baffled by the passwords someone creates by this book, but only if they're stupid. Most people aren't, and anyone who...
Published on August 9, 2006 by S. Barbour


Most Helpful First | Newest First

17 of 17 people found the following review helpful
4.0 out of 5 stars Passwords are surprisingly interesting, March 17, 2006
This review is from: Perfect Passwords: Selection, Protection, Authentication (Paperback)
I never thought I would find a whole book about passwords to be interesting, but I really like Mark Burnett's Perfect Passwords. This short book (134 pages without the appendices, which can be ignored) is remarkably informative. I recommend anyone developing password policies or security awareness training reading Perfect Passwords.

The book is unique because the author bases many of his recommendations on research, not theory. He says that over the course of his consulting career he has collected somewhere between 3 and 4 million passwords. (This seems somewhat suspicious, but I suppose dropping the usernames would make that practice acceptable.) By performing statistical analysis on those millions of real passwords, the author knows exactly what makes a bad password.

Perfect Passwords does a good job dispelling common password policy myths. I was glad to hear him report that changing passwords once a month is a stupid idea. A weak password is not "protected" by a monthly change, since it can be broken in a matter of hours. Instead, use 15 or more characters in passwords, and change them less frequently (perhaps every 6 or 12 months, depending on sensitivity).

The author also rightfully criticizes "secret questions" and stand-alone biometrics. Both systems suffer an important flaw: "the answer to the question is usually a fact that will never change," like the make of your first car or your fingerprint. If secret questions must be used, add a three-digit code to the answer. With biometrics, always accompany them with a password.

I had no major problems with Perfect Passwords. I did think that 21 pages of words in Appendix B and 16 pages of numbers in Appendix C didn't serve any real purpose. I thought the hand-drawn figures seemed really weak in places (Figure 3.1 is a lawn sprinkler?). One mathematical note -- pp 43-44 discuss combinations vs permutations. With permutations, it's important to note whether a number can be selected repeatedly, or only once. With a lottery (the book's example), numbers are usually selected once. So, the permutations for a three digit lottery yield 10 * 9 * 8 = 720 possibilities, not 1000.

Overall I liked Perfect Passwords. This is a great addition to any security professional's library, and it contains many sound suggestions.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


12 of 12 people found the following review helpful
4.0 out of 5 stars Quirky, but very useful..., February 9, 2006
This review is from: Perfect Passwords: Selection, Protection, Authentication (Paperback)
Mark Burnett has probably spent more time thinking and investigating passwords that either you or I. He takes all his accumulated experience and wisdom and offers it up in the book Perfect Passwords - Selection, Protection, Authentication.

Contents: Passwords - The Basics and Beyond; Meet Your Opponent; Is Random Really Random?; Character Diversity - Beyond the Alphabet; Password Length - Making It Count; Time - The Enemy of All Secrets; Living with Passwords; Ten Password Pointers - Building Strong Passwords; The 500 Worst Passwords of All Time; Another Ten Password Pointers Plus a Bonus Pointer; The Three Rules for Strong Passwords; Celebrate Password Day; The Three Elements of Authentication; Test Your Password; Random Seed Words; Complete Randomness; Index

If you've been around computer systems for any time, you've heard the conventional wisdom on creating secure passwords. And regardless of how many times it's said, you still get users picking the word "password" for access to the payroll system. Burnett has created an easy-to-read, easily-understood guide on how passwords work, how passwords are usually chosen, and why most of those methods are really bad. But rather than just be gloom and doom, he also presents a number of techniques for generating long passwords that are easy to remember but that will resist virtually all efforts at password cracking. For instance, passwords of 15 to 20 characters with a mix of upper case, lower case, numbers, and special characters are resistant to every known form of cracking attempt (even rainbow lists). But how do you pick a word or words that meet that criteria? Maybe you use rhyming (poor-white-dog-bite) or repetition (2bitter@2bitter.com). Visualization is pretty good, too (Frozen banana in my shoe.) The phrases are nonsensical, but that's why they are not "guessable". And the diversity of the character set coupled with the length of the phrase means that the permutation possibilities are astronomical and can't even begin to be brute-forced with today's technology.

I'm not sure you could get every user in your company to read the book, but it'd be worth trying. It's a fast read at only 180 pages, and they could even benefit just by making sure their password isn't in the top 500 list. :)
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


10 of 12 people found the following review helpful
5.0 out of 5 stars Great, quick read, April 12, 2006
This review is from: Perfect Passwords: Selection, Protection, Authentication (Paperback)
Mark has made a great, quick, must-read book on passwords. I had read a few chapters of it before it was published (my quote is on the back cover), and liked it, but the overall book should be read by all system administrators. It contains commonsense, practical advice, just more of it than most of us have thought about alone-all in one place.

I think every system administrator will see one or two of their own personal passwords in the book...which is a wake-up call.

I was able to quickly read/skim the entire book, pull out all the useful tips in under an hour while my daughter was getting her braces tightened. A complete slow read would probably take a day. I think all system administrators should buy and understand this book.

Roger A. Grimes
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


3 of 3 people found the following review helpful
5.0 out of 5 stars "Perfect Passwords" Is Perfect! :), December 29, 2009
Verified Purchase(What's this?)
This review is from: Perfect Passwords: Selection, Protection, Authentication (Paperback)
Review For: "Perfect Passwords: Selection, Protection, Authentication", ISBN 1597490415, by Mark Burnett, 2005

There are LOTS and LOTS of tips and tricks in this book for forming long, memorable, and hard-to-crack passwords. But if all you're interested in is the Meat and Potatoes, I can shortcut the matter and give it to you here: "The Perfect Password" has eight (8) elements to it:

1. It has UPPERCASE letters (ABC...).
2. It has lowercase letters (def...).
3. It has numbers (123...).
4. It has spaces (" ").
5. It has punctuation (.,:;-!? and the like, usually used in sentences).
6. It has symbols (@&+=>$#*^~ and the like, usually NOT used in sentences).
7. It has respelling (i.e., no words that can be found in a
dictionary -- for example, using "kwean", and not "queen").
8. It has more than 15 characters, and the more the better.

That's it, Jack! If you can easily come up, on the spur of the moment, with a passphrase or password which meets ALL of these criteria, AND which is easy to remember... then YOU DON'T NEED TO BUY THIS BOOK, you've already got it made!

Otherwise, the aforementioned Tips & Tricks will come in very very handy. And not only that, it's (surprisingly!) entertaining, too -- like the annectdote about the author's 5-year-old son, whose password was:

"ooooooooooooooo"

(Shux, his son liked the letter "o", and he could count to the minimum password length of 15, so that's what the lil' kidlet tyke used, LOL!)

For those with Kindles, a Kindle version of this book is available: Click Here.

Buy this book. Please trust me, you won't be sorry. :)

<*>
This comment is directed at Amazon itself: Your product title (e.g., in the "This review is from" line) says "Perfect Password", but if you look at the book cover image itself, you can clearly see that the title actually is "Perfect Passwords" (plural on "passwords"). It irks me every time I see this discrepancy.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


1 of 1 people found the following review helpful
5.0 out of 5 stars curiously complete, September 26, 2009
By 
WJCarpenter (Pacific Northwest, USA) - See all my reviews
Verified Purchase(What's this?)
This review is from: Perfect Passwords: Selection, Protection, Authentication (Paperback)
When I saw this book, I thought the same thing you are probably thinking ... how could you have a whole book on this subject? Then I read the quotes from luminaries on the back cover, and I figured they were just friends of the author and hadn't bothered to read the book.

Well.

This is a short book, but it's amazingly complete on the subject. I don't agree 100% with all of the policy advice he gives, but it's fascinating to read the real-life password analyses he's done. If you are just someone who wants to pick better passwords for yourself, you *might* like this book. If you are an admin trying to figure out a sensible password policy for your bailiwick, I *strongly recommend* this book to you. It won't take you long to read it, and you are almost certainly going to get some insights even if you are pretty experienced already. (I am, and I did.)

I'm glad I bought it, and I'm glad I read it.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


5.0 out of 5 stars Great resource, April 23, 2014
Verified Purchase(What's this?)
This is a must read for everyone that has passwords. The first couple of chapters are a bit dry dealing with the importance of having unique passwords, but then it gets into great examples of easy to remember but nearly impossible to crack passwords.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


4.0 out of 5 stars Must read if you are using a computer, January 17, 2011
This review is from: Perfect Passwords: Selection, Protection, Authentication (Paperback)
You will learn in this book how to construct a strong and easy to remember password. Since passwords are used on a daily basis, you should have good knowledge on how to make them strong and easy to remember. Perfect Password from Mark Burnett is a very good starting point. His tips are easy to follow and can help in defining password policies for your enterprise (That was my main goal for reading this book). Even in 2011 the majority of people are using very weak password. If you can't come up with something other then Summer123 or qwerty as a password, this book is for you. A must read for anybody using a computer. I'm using passwords managers for years and I still pick up some good advice. Happy password day!
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


4.0 out of 5 stars Interesting read, October 10, 2014
By 
K. Simpson (South Florida) - See all my reviews
(REAL NAME)   
Gives one the knowledge to create good passwords.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


4 of 11 people found the following review helpful
3.0 out of 5 stars Good Thoughts, But Not So Much, August 9, 2006
This review is from: Perfect Passwords: Selection, Protection, Authentication (Paperback)
Mark Burnett's book appears to be the work of someone who has been in the security business for 10 years, been to a few lectures, seen lots of password policies, maybe even taken a class or two; but didn't understand some basic concepts. Bad guys may be baffled by the passwords someone creates by this book, but only if they're stupid. Most people aren't, and anyone who has spent any time understanding the math or the way people pick passwords won't be fooled too much by Mr. Burnett's suggestions. This book does have some merit in that it does educate the reader in basic security, but don't bother spending more than $5 for this book. You can get pretty much the same answers by googling around for an hour or so.
Help other customers find the most helpful reviews 
Was this review helpful to you? Yes No


Most Helpful First | Newest First

Details

Perfect Passwords: Selection, Protection, Authentication
Perfect Passwords: Selection, Protection, Authentication by Mark Burnett (Paperback - December 25, 2005)
$27.95 $23.47
In Stock
Add to cart Add to wishlist
Search these reviews only
Send us feedback How can we make Amazon Customer Reviews better for you? Let us know here.