123
-=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- (c) WidthPadding Industries 1987 0|612|0 -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=-
Socoder -> Off Topic -> Re/\\/\\3/\\/\\b3R

Posted : Wednesday, 05 June 2013, 04:17
Cower
Re: the poll, I use long randomly generated passwords for almost everything. I suggest that if you don’t do this, you really, really should.
Posted : Wednesday, 05 June 2013, 04:17
CodersRule
I used to do that (64-char base64 strings), but I've found it significantly easier to just type out sentences. "The long dragon-horse was startled by the boisterous flock of green Jayenkais." is easier to remember and still about as hard to crack as "MDA4MTc4MGIyM2Q0MmFlMDc1Nzg5OTA0NDRjNDY4ZjlmNjVjMzBmZjI3NDlkN2Qy".
Posted : Wednesday, 05 June 2013, 04:24
Jayenkai
Yeah, same here. I used to scramble like a crazy Munky until I read somewhere that "four random words" is just as hard to crack. Kinda makes sense when you think about it.
I have a sort of equation for all my passwords now, using numbers from a memorable date, a consistent password, and a few other words, mixing things up for each and every website, with little keywords attributed to each website.
Trying to remember the order I'd put them in, is usually the trickiest!

Complicated enough that I occasionally forget, but easy enough for the most part.

-=-=-
''Load, Next List!''
Posted : Wednesday, 05 June 2013, 06:05
Cower
Four random words is actually pretty easy to crack. First, the words are almost all known (unless made up, in which case they can possibly be mined from data on the person holding the password). Second, it's not difficult to construct a sequence of four words. The possible space is larger, but you can break it down and use some intelligent guesses. In CR's case, for example, we can assume grammatical correctness because remembering something grammatically incorrect is pretty hard. Using that, you can limit the possible word choices for a point to a given class of words. There are plenty of other things you can use that make the whole pass phrase thing really not as secure as people think it is (xkcd's fault), like using known information about the target.

Basically, if you want security, you have to use a password that is without known patterns and more or less random garbage. Sentences and words don't meet that requirement because we're human and even when trying to avoid patterns, we apply them, especially to passwords.
Posted : Wednesday, 05 June 2013, 06:59
steve_ancell
My memory is pretty much fuxored, so in my case it's keep it easy, change often.
Posted : Wednesday, 05 June 2013, 07:02
9572AD
Modify that to:
Basically, if you want [the maximum amount of] security, you have to use a password that is without known patterns and is more or less random garbage.

Whether the maximum amount of security is more useful in the real world or not is debatable.

-=-=-
All the raw, animal magnetism of a rutabaga.
Posted : Wednesday, 05 June 2013, 07:03
spinal
I would agree with cower but for the fact that who on earth is likely to assume your password is a sentence of some sort, rather than some random letters or a single word?

-=-=-
Check out my excellent homepage!
Posted : Wednesday, 05 June 2013, 07:30
Jayenkai
Speaking of passwords, I was alarmed by a certain set of circumstances that recently occurred.

I went to buy Animal Crossing from Amazon.
Used my iPad. Placed the order.
It asked me what my password was, and I'd forgotten, so I clicked "I've forgotten" and it sent me an email.
.. Which i got on my iPad.
Then I clicked the link on my iPad and got a confirmation email, which I again clicked and typed in a new password.
Then I clicked "place my order" and it got ordered.

..
Now, as safe as that is, there's the slight issue that, if someone had hold of my iPad, they could pretty much do what they wanted, and have access to all my data, with barely a problem.
Hmm...

Keep your devices safe, guys, they're infinitely more important than your passwords!!

-=-=-
''Load, Next List!''
Posted : Wednesday, 05 June 2013, 11:42
dna
You are right about using long random passwords. I tried that but had a problem remembering them.

I might switch back after devising a method for hiding them on disk.

@Codersrule: You are right about a long phrase but in instances, and depending upon how the information is stored, it might be clearly visible when searching the disk with a low level disk reader.

-=-=-
DNA
Posted : Wednesday, 05 June 2013, 12:26
CodersRule
@Cower: I'll gladly give you a SHA-256 hash of my Google account password and tell you that it uses perfect English grammar, spelling, and punctuation. It is a comprehensible English sentence. Have fun trying to crack it.

My point is that, though it goes without saying that random garbage is inevitably going to be more secure, nothing short of quantum computing is going to crack that password anytime soon. If you have the processing power to crack my password before the heat-death of the universe, a 128-byte random string also won't stand up to the brute force.
Posted : Wednesday, 05 June 2013, 14:27
dna
Here you go

www-ssl.intel.com/content/www/us/en/forms/passwordwin.html

Use This one for fun

There once was a man from Nantucket

and this one

ksjfh9280347!$

The phrase password supports Codersrules original statement.

-=-=-
DNA
Posted : Wednesday, 05 June 2013, 22:08
Evil Roy Ferguso
Randomly-generated usually, but occasionally if I'm lazy I'll use a passphrase if I misspell enough words and punctuate it badly enough. ("/Chut-chut with Some1 h0tt like an equalitarian; and Yam-Yngdorian/") I also get lazy if I know for a fact that the site does stupid, irresponsible things with my password, because at that point it barely even matters.

I'm currently looking to change banks. Mine allows for four-digit numeric passwords. (Yes. Not alphanumeric. Numeric.)

Now, you do also need to enter some personal security questions, and while my hunch is that those are probably stored in plaintext, I just want to note that as far as my bank is concerned, my dog's name is 8EswASpapatetR8WrAwEb+sTUd8Uq4Ru and I grew up on cH3qu2RuFRu%DarA8 Avenue.
Posted : Thursday, 06 June 2013, 13:37
dna
You are right Roy about some being stored in plain text.

That was my reason for mentioning the low level disk reader. Any plain text is easily discernible regardless of what the Intel password checker claims.

If a person knows approximately where to look, 30 seconds later you have been breached.

-=-=-
DNA
Posted : Saturday, 08 June 2013, 00:25
Dabz
One of my old passwords was the rude version of the Fraggle Rock theme... and do you know what, I cannot remember what the hell it was now!

Dabz

-=-=-
Intel Core i5 6400 2.7GHz, NVIDIA GeForce GTX 1070 (8GB), 8Gig DDR4 RAM, 256GB SSD, 1TB HDD, Windows 10 64bit