Passwords

Discussion in 'Computers' started by tofo, Jan 18, 2013.

  1. tofo

    tofo Funster

    Joined:
    Oct 1, 2007
    Messages:
    6,587
    Likes Received:
    6,213
    Location:
    Kirby cross further from londin
    • Like Like x 1
  2. Bailey58

    Bailey58 Funster Life Member

    Joined:
    Jun 23, 2010
    Messages:
    6,348
    Likes Received:
    9,613
    Location:
    Norfolk and Toftir.
    I use steve mclaren for all my logins, nobody would ever remember him. :Laughing:
     
    • Like Like x 1
  3. Gromett

    Gromett Funster

    Joined:
    Feb 27, 2011
    Messages:
    7,914
    Likes Received:
    13,956
    Location:
    UK
    Hmm, that is so far behind the times it is scary.

    Hackers have dumped entire databases of passwords to places like pastebin and these have been thoroughly analysed now.

    I can put together a list of articles if anyone is interested about how bad spelling is not enough when it comes to passwords.

    A average password will contain at least 2 numbers and 1 uppercase character.
    Dogswhatsits23 Is classed as medium

    A good password is one that has capitals but not at the beginning or end and has numbers also interspersed not clumped.

    dOgswhat2its3 is classed as good

    A very good password will not contain anything resembling a real word with a mix of uppercase and lowercase.
    Uvha7Afa1Abcz is classed as very good.

    An excellent password will have a random collection of upper case, lowercase and other non alphanumeric characters such as.
    aIsh&6a$vX&23

    Other indicators are length. 8 characters used to be good enough. Then 12 characters. Now days 16 Characters is the bare minimum to give an excellent password.

    BUT: The most important thing with passwords is NEVER use the same password across multiple sites.

    Even I can't follow all those rules so I now use Lastpass which was recommended by another Funster.

    Who am I to advise on this? I run and have run for many years internet facing servers with literally 1,000's of users across multiple services. I have to deal with the backlash of insecure passwords and attacks on my servers.
    Client password choices are the biggest cause of headaches for me now.

    If you don't believe me on the mispelling issue just do a google search for rainbow tables, the second entry was http://www.freerainbowtables.com/ and these guys have done all 2 words including mispellings already...
     
  4. Gromett

    Gromett Funster

    Joined:
    Feb 27, 2011
    Messages:
    7,914
    Likes Received:
    13,956
    Location:
    UK
    Also check on GPU password hashing.

    These passwords were cracked in under 3 and 2 minutes.
    Two years ago they were considered above average as passwords.
    Password (between the ' marks): 'Pa5$w0d'
    Hex: 0x50613524773064
    real 2m12.367s
    user 1m23.420s
    sys 0m16.510s

    --------

    Password (between the ' marks): 'K#n&r4Z'
    Hex: 0x4B236E2672345A
    real 1m51.962s
    user 1m4.740s
    sys 0m15.320s
     
  5. sedge

    sedge Funster

    Joined:
    Jul 7, 2009
    Messages:
    4,499
    Likes Received:
    3,848
    Location:
    Nr Jct 3 M6
    So bearing in mind for instance I need a different password for everything I access, that's 1. my email 'user' password 2. Bank account 3. Site to order prescriptions 4 & 5. 2 different diabetes forums 6. MHF 7. forum re university course 8. BNF 9. I have got facespace but frankly that can go.

    There's bound to be something else, can't think now though.

    All passwords that have to look different and random, and I have to remember them all and not write them down and not tell anyone else. Plus every couple of months or whatever, I have to change em all again, to stay robust.

    Don't be daft. I can't.
     
  6. Gromett

    Gromett Funster

    Joined:
    Feb 27, 2011
    Messages:
    7,914
    Likes Received:
    13,956
    Location:
    UK
    Of course you can't. I can't either and I need to for even bigger security reasons. At last count I had well over 150 passwords to remember, just not possible. That's why I use LastPass. I have it password protected with one really gnarley password and I have configured last pass to generate random passwords using the following rules for me;

    Use 16 characters,
    Use A-Z a-z 0-9 and special characters
    Minimum digit count 5 (minimum of 5 numbers interspersed)
    Require every character type

    Here is an example password.

    v#i@3jnlW09$r4Yp

    So each of my bank accounts, forum logins, server logins have a unique password like above and I never have to remember any of them :thumb:

    That reminds me I haven't gotten round to resetting this forum password:Rofl1:
     

    Attached Files:

    Last edited: Jan 18, 2013
  7. sedge

    sedge Funster

    Joined:
    Jul 7, 2009
    Messages:
    4,499
    Likes Received:
    3,848
    Location:
    Nr Jct 3 M6
    Sorry, I'm obviously a bit thick.

    When you sign in to your bank account for instance, you need to type your User ID and password in. I don't set it to remember in case someone breaks in and nicks the puter. Or worse - our grandkids hack it.

    Then of course there's a security thing that you have to enter randomly generated specific digits of your chosen security doings.

    So how do you type it all in the little boxes if you don't know what they are?
     
  8. Gooney

    Gooney Funster

    Joined:
    Jun 2, 2010
    Messages:
    4,758
    Likes Received:
    7,772
    Location:
    Flintshire
    I'm using an app called secure safe, it's free up to 50 passwords, I thought that would be ample, I've used 42 already without even trying, I was absolutely gobsmacked when I realised how often passwords come into your life:cry:
     
  9. scotjimland

    scotjimland Funster Life Member

    Joined:
    Jul 25, 2007
    Messages:
    28,934
    Likes Received:
    25,574
    Location:
    .
    I use Keepass , a free app, it was a member on here who recommended..

    KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish). For more information, see the features page.

    http://keepass.info/

    On line Banking passwords and PINs should never be saved..

    Just had a quick count and I have over 60 passwords.. all generated by Keepass, each with 112bit encryption .. 20 random alpha, numeric, upper/lower case characters ..

    I only need to remember one master password ... I back up the passwords on a memory stick, in a file encrypted by Keepass.

    Tried Last Pass, but not that keen on it as it's cloud based..

    Many will use Firefox for password saving, but did you realise how easy it would be for someone to find them ?
    If you do it is recommended that you use a Master Password

    here's why http://lifehacker.com/154099/geek-to-live--secure-your-saved-passwords-in-firefox

    a useful way of generating and remembering a master password..

    http://support.mozilla.org/en-US/kb/create-secure-passwords-keep-your-identity-safe
     
    Last edited: Jan 19, 2013
  10. mitzimad

    mitzimad Funster

    Joined:
    Jan 28, 2008
    Messages:
    2,962
    Likes Received:
    3,300
    Location:
    walthamstow east london
    why did fingerprint recognition never catch on a while ago it was on many laptops but has since disapeared ?
     
  11. scotjimland

    scotjimland Funster Life Member

    Joined:
    Jul 25, 2007
    Messages:
    28,934
    Likes Received:
    25,574
    Location:
    .
    I have it on my Sony Vaio ... pain in the ass.. never worked properly :Doh:

    that's not to say it's not a good idea.. or indeed iris recognition..
     
  12. BritStops

    BritStops Trader BritStop Owner

    Joined:
    May 31, 2010
    Messages:
    425
    Likes Received:
    540
    Location:
    Cambs
    Thought this was interesting on how what we think of as strong passwords are not actually that strong when it comes to being "guessed" by a piece of software designed to find passwords. It's from the maths/science/computing cartoon website XKCD (which I heartily recommend btw)

    PASSWORD STRENGTH

    Steve :Smile:
     
    • Like Like x 1
  13. Gromett

    Gromett Funster

    Joined:
    Feb 27, 2011
    Messages:
    7,914
    Likes Received:
    13,956
    Location:
    UK

    Ok you got me there Sedge :Rofl1: My bank supplies a dongle which generates a security code each time. I do use a password in this setting which i have had to remember.

    But this is the only place where I don't use a random generated password... And it is the only place I have used this password.
    So if for instance a forum I was on got hacked. If the hackers then decrypted my password they couldn't use it to get into any other site such as my bank or facebook for example.
     
  14. sedge

    sedge Funster

    Joined:
    Jul 7, 2009
    Messages:
    4,499
    Likes Received:
    3,848
    Location:
    Nr Jct 3 M6
    Well I think I understand now, to get into whatever it is, first go to whatever password encryption site you've used, find the one you want, copy and paste into whatever site you are trying to access?

    Is it?
     
  15. annadg

    annadg Read Only Funster

    Joined:
    Aug 28, 2012
    Messages:
    106
    Likes Received:
    84
    Location:
    Suffolk
    Yes .. But ..
    Aren't we all a bit paranoid ? Banking and stuff re finance obviously requires strong passwords which is why we now have those card reader thingies.
    But for things like forums .. Eg mhf .. Surely the same password is OK ? In real terns who the f**** would want to pretend they are me?

    And if I buy something via Amazon etc they notify me .. And notify me if I change my password.

    A good password with differences that are personal .. IMO that's what's needed
     
  16. Gromett

    Gromett Funster

    Joined:
    Feb 27, 2011
    Messages:
    7,914
    Likes Received:
    13,956
    Location:
    UK
    Not quite. It is an addon to your web browser. When you load your browser it asks for your primary password then whenever you go to a website that requires a login it can automatically fill it in for you.

    On my personal computer that no one else has access to lastpass is permanently loaded and never asks me for my primary password. I just click a button at the top of the browser to fill in any username/passwords needed.
     
  17. cbrookson

    cbrookson Funster

    Joined:
    May 5, 2011
    Messages:
    243
    Likes Received:
    120
    Location:
    Suffolk
    Lastpass is cloud based, but it is stored encrypted in the cloud, so only your local copy on the PC is unencrypted. I do keep a local (encrypted copy) just in case their cloud service crashes ....

    I use Lastpass with a Yubikey which protects Lastpass with a token. Bit Belts and Braces! :Eeek:

    Cheers
     
    • Like Like x 1
  18. Gooney

    Gooney Funster

    Joined:
    Jun 2, 2010
    Messages:
    4,758
    Likes Received:
    7,772
    Location:
    Flintshire
    The answer

    The answer
     

    Attached Files:

    • Like Like x 1
  19. canopus

    canopus Funster Life Member

    Joined:
    Nov 27, 2010
    Messages:
    2,818
    Likes Received:
    3,188
    Location:
    Lincolnshire
    We also use keepass - or rather Lynda does :Rofl1::Rofl1::Rofl1:
     
Loading...

Share This Page