01-21-2010, 09:43 AM | #1 (permalink) | |
Tilted Cat Head
Administrator
Location: Manhattan, NY
|
Passwords: How easy are yours? How often do you change them?
Quote:
For email, I use a very robust password since that is the nexus of someone being able to gain access to all your other accounts. It's long, has upper and lowercase, and has a number. I'm just missing the symbol and it would be the "perfect" password according to security folks. Are you the person in the article with the easy to guess password? Why? Why not?
__________________
I don't care if you are black, white, purple, green, Chinese, Japanese, Korean, hippie, cop, bum, admin, user, English, Irish, French, Catholic, Protestant, Jewish, Buddhist, Muslim, indian, cowboy, tall, short, fat, skinny, emo, punk, mod, rocker, straight, gay, lesbian, jock, nerd, geek, Democrat, Republican, Libertarian, Independent, driver, pedestrian, or bicyclist, either you're an asshole or you're not. |
|
01-21-2010, 10:00 AM | #2 (permalink) |
Young Crumudgeon
Location: Canada
|
The attack they're describing is a dictionary attack, and it's very common. A simple script, 20 minutes or so and if the website in question doesn't have specific measures in place to counteract it, an account can be cracked.
I do generally follow secure password policy. My only conceit is that I do reuse passwords to some extent. I have a list of them memorized and will select one more or less at random for a new account. One of the benefits of this system is that if I should forget what password goes with which account or website, I only have to guess a limited number of times before I hit on the right one. The monumental downside is that if someone were to somehow obtain a list of all my passwords they'd have access to basically everything. The principles of a strong password have been understood for a long time. No words, mix of numbers and letters, mixed case, at least 8 characters. If more people followed these guidelines there'd be less cybercrime. It's as simple as that.
__________________
I wake up in the morning more tired than before I slept I get through cryin' and I'm sadder than before I wept I get through thinkin' now, and the thoughts have left my head I get through speakin' and I can't remember, not a word that I said - Ben Harper, Show Me A Little Shame |
01-21-2010, 10:02 AM | #3 (permalink) |
Here
Location: Denver City Denver
|
Mine aren't very hard to figure out.
I figure if you take the time to hack into anything of mine, you're an idiot and didn't do much homework/background work on me. I have no money, all my credit cards are maxed out, and I don't own anything. So even if you managed to steal my identity or what have you... You can't do fuck all with it.
__________________
heavy is the head that wears the crown |
01-21-2010, 10:10 AM | #4 (permalink) |
Upright
Location: A green and pleasant land
|
My solution is simple use an address which is familiar to you for example Tony Hancocks address in Hancocks half hour:
23 Railway cuttings or pick one from somewhere you have visited like a bed and breakfast place: 38 marine drive They are not likely to pick that out of the blue
__________________
Say what you mean, don't prevaricate about the bush |
01-21-2010, 03:22 PM | #5 (permalink) |
Banned
Location: The Cosmos
|
The way I do it, so that they're easy to remember for me, but hard to figure out, is;
I have 3 bases which may or may not be real words. Then I have three strings of numbers which have significance to me but not obvious (not even close to my birthday or license plate). I then take those and mix them up for each new account I need secured. There are more common ones which I use for things in which I need less security. And rarer/longer password combos which might actually be cracked (like MMO accounts). So if I forget, I first ask myself the security level, which narrows it down, then usually remember the letter string associated with the account, then its only 3 choices on the number string. So I almost never forget my passwords, yet I have 9 standard + ~3 bonus varying in complexity all the way up to 12 characters. Yes, I'm quite pleased with myself Last edited by Zeraph; 01-21-2010 at 03:25 PM.. |
01-21-2010, 04:07 PM | #6 (permalink) |
The Reforms
Location: Rarely, if ever, here or there, but always in transition
|
I used to use passwords, but now I don't anymore.
I either use the same standard (unconventional) letter+number+symbol string, that may or may not also be my favorite titlepiece, or I comes up with a random 21 character key that I promptly 'wand'. If it should ever break (it has happened once), I just use the original e-mail address I provided to obtain a new password. Besides the above, I shift usernames (and specific throwaway e-mail addys) instead of passwords. No sense in letting one cracked accounted become the gateway to multiples.
__________________
As human beings, our greatness lies not so much in being able to remake the world (that is the myth of the Atomic Age) as in being able to remake ourselves. —Mohandas K. Gandhi |
01-21-2010, 04:10 PM | #7 (permalink) |
Getting it.
Super Moderator
Location: Lion City
|
I have a long one with Caps and numbers.
I use different ones for different sites. I can't believe people still use things like password or 123456.
__________________
"My hands are on fire. Hands are on fire. Ain't got no more time for all you charlatans and liars." - Old Man Luedecke |
01-21-2010, 06:31 PM | #8 (permalink) |
Delicious
|
It doesn't matter if you have a 100 digit password, a keylogger with steal in an instant.
I just try to keep my passwords long enough and random enough to avoid dictionary and brute force attacks. I change my passwords fairly often even though I probably have far less to lose than other people. I think the only thing connected to my email is my World of Warcraft account and a ton of newsletters which I didn't subscribe to. I don't log into my email and stuff from any computer other than my own because I don't know if they're secure. If I do have to log into one of my accounts from another computer, I change my password when I get home.. It just bugs me if I don't change it.
__________________
“It is better to be rich and healthy than poor and sick” - Dave Barry |
01-21-2010, 07:38 PM | #9 (permalink) |
The sky calls to us ...
Super Moderator
Location: CT
|
Type a word you're familiar wit and can touch type
password As anyone can tell you, that's a terrible password. Move your hands over one row of keys to the right [sddeptf Now add a number to the end to make brute forcing a bit harder [sddeptf0 Now double it [sddeptf0[sddeptf0 Good luck guessing that. Mix it up, only move your right hand over and leave your left in place; move your right hand up a row, move your left hand over to the left so "a" becomes capslock and makes it even more difficult to brute force. 0AAQ9ES In a way it's like an old Caesar cypher, but without knowing the 12 letter phrase I use and what permutation of hand position, it makes encryption a lot stronger. |
01-21-2010, 07:53 PM | #10 (permalink) |
I read your emails.
Location: earth
|
My passwords for important items are usually a variation very tight, for stupid online things i always make it one generic word/number that would be easily guessable if you really wanted to post as me on some online places...go nuts.
What shocks me is the a lot of those people who keep those same strong password, then write them down near there computer. We did a consulting job once found a top level access guy had a freaking Rolex on his desk of all his passwords...even personal bank stuff...he worked for a major company. brutal. |
01-21-2010, 07:56 PM | #11 (permalink) |
Forming
Location: ....a state of pure inebriation.
|
My password's very, very easy. So easy I can't get away with on it on most sites these days...
I don't really care. I don't store private info on the intrawebz.
__________________
"The fact is that censorship always defeats its own purpose, for it creates, in the end, the kind of society that is incapable of exercising real discretion..." - Henry Steel Commager "Punk rock music is great music played by really bad, drunk musicians." -Fat Mike |
01-21-2010, 10:20 PM | #12 (permalink) |
Junkie
|
I used to use v1o9l6k4s which comes from
v o l k s 1 9 6 4 I used lbc for a hint, which stands for the "little blue car" that I learned how to drive in. LBC hint changes the case of the letters in the password. I don't use that pw any more. Obviously works with any five letter word and four digit number. Lindy |
01-22-2010, 05:33 AM | #13 (permalink) |
Paladin of the Palate
Location: Redneckville, NC
|
I have aset of passwords that I change depending on the site i"m on, I need to change all of them again as I have a similar password on a lot of sites now. I should think about that today.
My boss sets all the admin passwords for his servers he sets up as 1Password. It's sad. |
01-22-2010, 06:44 AM | #15 (permalink) | |
More Than You Expect
Location: Queens
|
Quote:
I don't worry so much about forums or social networking sites but I've got one email account that I guard pretty rigorously and several disposable accounts that forward everything sent and received back into that one account. All the passwords are different and so nothing is really lost in the event that one becomes compromised. But even then, it's not like I really need an archive of my emails.
__________________
"Porn is a zoo of exotic animals that becomes boring upon ownership." -Nersesian |
|
01-22-2010, 02:34 PM | #16 (permalink) |
Done freeloading here
Location: on my ass :) - Norway
|
I have a "safe" password I use permutations of, and an easy one for all my nonimportant online activities. The safe password is in the form of 593epd (random numbers and letters), then I add the initials of the website and perhaps an "index" if I need to change my password frequently. If I was working for KFC and was required to change my password often it could be 593epdKFCg. Easy for me, but hard to bruteforce.
At high school I had a 26 character password built with parts of a long phrase translated to leet-speak. Needed a tough one as we tried to hack eachother all the time. I won by creating a program imitating the log on prompt, checking the username and then either steal the password or call the real password prompt if allready snatched. The user got a "Invalid password" message once, then every thing worked fine. Later I collected the hidden files containing usernames and passwords Good times!
__________________
The future ain't what it used to be. |
01-22-2010, 02:38 PM | #17 (permalink) |
Junkie
Location: bedford, tx
|
I use incredibly complex passwords. One time, it got me fired. I was hired as the systems administrator for a very small 60 employee company. I changed the primary domain administrator account password to K@$m1rF@bric$@dm1n
They were not amused
__________________
"no amount of force can control a free man, a man whose mind is free. No, not the rack, not fission bombs, not anything. You cannot conquer a free man; the most you can do is kill him." |
01-22-2010, 03:07 PM | #18 (permalink) |
lightform
Location: Edge of the deep green sea
|
"So the combination is... one, two, three, four, five? That's the stupidest combination I've ever heard in my life! The kind of thing an idiot would have on his luggage!"
Some of mine are easy, some are more difficult. It depends on what they are for.
__________________
We're about to go through the crucible, but we'll come out the other side. We always arise from our own ashes. Everything returns later in its changed form. - Children of Dune |
01-22-2010, 07:42 PM | #20 (permalink) |
Addict
Location: Houston, Texas
|
I have two different passwords that I use, but both are about the same. One has numbers, the other doesn't.
Is it possible the hack number is so high in the study because some people made an account with a simple, one time use password just to fool around or maybe for some other reason?
__________________
Our revenge will be the laughter of our children.
Give me convenience or give me death! |
02-23-2010, 09:15 AM | #21 (permalink) | |
Lennonite Priest
Location: Mansfield, Ohio USA
|
Quote:
__________________
I just love people who use the excuse "I use/do this because I LOVE the feeling/joy/happiness it brings me" and expect you to be ok with that as you watch them destroy their life blindly following. My response is, "I like to put forks in an eletrical socket, just LOVE that feeling, can't ever get enough of it, so will you let me put this copper fork in that electric socket?" |
|
02-23-2010, 12:23 PM | #23 (permalink) |
Lover - Protector - Teacher
Location: Seattle, WA
|
My password is hunter2. I use it for everything. See how it's starred out so none of you can see it?
__________________
"I'm typing on a computer of science, which is being sent by science wires to a little science server where you can access it. I'm not typing on a computer of philosophy or religion or whatever other thing you think can be used to understand the universe because they're a poor substitute in the role of understanding the universe which exists independent from ourselves." - Willravel |
02-23-2010, 12:38 PM | #26 (permalink) |
Lover - Protector - Teacher
Location: Seattle, WA
|
hunter2 reference was actually from QDB: Quote #244321, kinda one of those interweb memes. In other words, totally irrelevant to most people.
__________________
"I'm typing on a computer of science, which is being sent by science wires to a little science server where you can access it. I'm not typing on a computer of philosophy or religion or whatever other thing you think can be used to understand the universe because they're a poor substitute in the role of understanding the universe which exists independent from ourselves." - Willravel |
02-23-2010, 01:10 PM | #28 (permalink) |
Eccentric insomniac
Location: North Carolina
|
I paid attention to this thread because I got the "your password is 14,000+ days old" message and was curious what prompted the forced password change.
I have several standard passwords, one for things I don't have to keep protected (TFP) one for banking, and one for things I intend to keep really secure. The last two I rotate.
__________________
"Socialism is a philosophy of failure, the creed of ignorance, and the gospel of envy, its inherent virtue is the equal sharing of misery." - Winston Churchill "All men dream: but not equally. Those who dream by night in the dusty recesses of their minds wake in the day to find that it was vanity: but the dreamers of the day are dangerous men, for they may act out their dream with open eyes, to make it possible." Seven Pillars of Wisdom, T.E. Lawrence |
02-23-2010, 01:14 PM | #29 (permalink) |
... a sort of licensed troubleshooter.
|
Same. I read message as "we assume you suck at picking or maintaining passwords, so we're forcing you to change yours." My password is fine. All of my passwords online are just fine. A 15+ digit, random, alpha-numeric password is basically as secure as you can get within reason.
|
02-23-2010, 02:35 PM | #31 (permalink) |
Done freeloading here
Location: on my ass :) - Norway
|
>How often do you change it?
Got this message on TFP today: Your password is 14663 days old, and has therefore expired. That's my oldest password so far. (It's 40.15 years old - older than me and most of the World Wide Web)
__________________
The future ain't what it used to be. |
02-23-2010, 02:54 PM | #32 (permalink) |
Invisible
Location: tentative, at best
|
It doesn't matter - The Mentalist or any CSI team can guess it just by looking around your room.
__________________
If you want to avoid 95% of internet spelling errors: "If your ridiculous pants are too loose, you're definitely going to lose them. Tell your two loser friends over there that they're going to lose theirs, too." It won't hurt your fashion sense, either. |
02-23-2010, 03:47 PM | #33 (permalink) |
Alien Anthropologist
Location: Between Boredom and Nirvana
|
Heheheh....I work with an IT major dweeb ( a friend who looks a lot like my favorite high school BF!) and this dude makes us change ours every 4 weeks, on the job. So my newest game is to continually devise the longest & most diversified PW ever. He thinks it's a game and hasn't "broKen it" yet.
Luckily we are very good buds. (I know his deepest darkest secrets!!!) /Gottya create fun wherever you are!!/Yes!
__________________
"I need compassion, understanding and chocolate." - NJB |
02-23-2010, 05:20 PM | #34 (permalink) | |
Lover - Protector - Teacher
Location: Seattle, WA
|
Quote:
__________________
"I'm typing on a computer of science, which is being sent by science wires to a little science server where you can access it. I'm not typing on a computer of philosophy or religion or whatever other thing you think can be used to understand the universe because they're a poor substitute in the role of understanding the universe which exists independent from ourselves." - Willravel |
|
02-23-2010, 07:44 PM | #35 (permalink) |
... a sort of licensed troubleshooter.
|
My point is that it's as secure as it can be within reason on my end. I can't control how it's kept safe otherwise, which is why I never use the same password in two places anymore.
Anyway, this is a forum so the worst thing that could happen if someone did access my TFP is maybe some trolling or something, maybe deleting some of my old posts or changing settings. I'd be more worried about my online banking and shopping, but those are generally pretty damned secure. |
02-23-2010, 07:58 PM | #36 (permalink) |
immoral minority
Location: Back in Ohio
|
The difficulty of my password goes down the more often I have to change it. And I would trade convenience over security (If LifeLock can monitor stuff, so can my bank without charging me. I think it is a scam), like I get full credit card statements in the mail that has no security, but I have to log in and jump through a bunch of hoops because I use random networks to access my account. My e-mail is far more secure at least for the basic statement.
It would be impossible for me to create new passwords for every bank, credit card, e-mail account, forum, paypal, on-line retailer, and computer every few months and keep them all straight. |
02-23-2010, 08:42 PM | #37 (permalink) |
Who You Crappin?
Location: Everywhere and Nowhere
|
i have a couple of passwords I use interchangeably on different sites, but neither are real words and are completely nonsensical to anyone but me.
__________________
"You can't shoot a country until it becomes a democracy." - Willravel |
02-23-2010, 08:51 PM | #38 (permalink) |
Lover - Protector - Teacher
Location: Seattle, WA
|
This analogy would hold if your mail went through about 60,000,000 hands (in other countries) before it go to you. You're looking at about a dozen hops per packet between you and the bank's website. As it is, postal mail usually goes through 3-4 hands and a few machines in secure buildings the US between you and the sender. In directed attacks specifically on you, they're roughly the same security.. wait outside your mailbox / firewall. But in random sniffing attacks like phishers, postal mail seems like maximum security compared to the Internet.
__________________
"I'm typing on a computer of science, which is being sent by science wires to a little science server where you can access it. I'm not typing on a computer of philosophy or religion or whatever other thing you think can be used to understand the universe because they're a poor substitute in the role of understanding the universe which exists independent from ourselves." - Willravel Last edited by Jinn; 02-23-2010 at 08:53 PM.. |
02-24-2010, 05:35 AM | #40 (permalink) |
Asshole
Administrator
Location: Chicago
|
And the horse is now dead. And rotted. And the corpse has been hauled off to the dog food factory.
Can we put a stop to the jokes about the password change requirement? There was a very good reason that we asked everyone to do that (one I'm not about to discuss in a google-crawled area of the board). Yes, it was a pain in the ass. Yes, the message looked a little silly to some of you. The same joke being told in 2 different threads wore thin a while ago though.
__________________
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - B. Franklin "There ought to be limits to freedom." - George W. Bush "We have met the enemy and he is us." - Pogo |
Tags |
change, easy, passwords |
|
|