Passwords (2 Viewers)

tofo · Jan 18, 2013

Knew my bad spellering would be handy

Me and yosser ahead of currant thinking

http://money.aol.co.uk/2013/01/18/is-bad-spelling-the-key-to-a-good-password/

:thumb::thumb::thumb:

Bailey58 · Jan 18, 2013

I use steve mclaren for all my logins, nobody would ever remember him.

Gromett · Jan 18, 2013

Hmm, that is so far behind the times it is scary.

Hackers have dumped entire databases of passwords to places like pastebin and these have been thoroughly analysed now.

I can put together a list of articles if anyone is interested about how bad spelling is not enough when it comes to passwords.

A average password will contain at least 2 numbers and 1 uppercase character.
Dogswhatsits23 Is classed as medium

A good password is one that has capitals but not at the beginning or end and has numbers also interspersed not clumped.

dOgswhat2its3 is classed as good

A very good password will not contain anything resembling a real word with a mix of uppercase and lowercase.
Uvha7Afa1Abcz is classed as very good.

An excellent password will have a random collection of upper case, lowercase and other non alphanumeric characters such as.
aIsh&6a$vX&23

Other indicators are length. 8 characters used to be good enough. Then 12 characters. Now days 16 Characters is the bare minimum to give an excellent password.

BUT: The most important thing with passwords is NEVER use the same password across multiple sites.

Even I can't follow all those rules so I now use Lastpass which was recommended by another Funster.

Who am I to advise on this? I run and have run for many years internet facing servers with literally 1,000's of users across multiple services. I have to deal with the backlash of insecure passwords and attacks on my servers.
Client password choices are the biggest cause of headaches for me now.

If you don't believe me on the mispelling issue just do a google search for rainbow tables, the second entry was http://www.freerainbowtables.com/ and these guys have done all 2 words including mispellings already...

Gromett · Jan 18, 2013

Also check on GPU password hashing.

These passwords were cracked in under 3 and 2 minutes.
Two years ago they were considered above average as passwords.
Password (between the ' marks): 'Pa5$w0d'
Hex: 0x50613524773064
real 2m12.367s
user 1m23.420s
sys 0m16.510s

--------

Password (between the ' marks): 'K#n&r4Z'
Hex: 0x4B236E2672345A
real 1m51.962s
user 1m4.740s
sys 0m15.320s

sedge · Jan 18, 2013

So bearing in mind for instance I need a different password for everything I access, that's 1. my email 'user' password 2. Bank account 3. Site to order prescriptions 4 & 5. 2 different diabetes forums 6. MHF 7. forum re university course 8. BNF 9. I have got facespace but frankly that can go.

There's bound to be something else, can't think now though.

All passwords that have to look different and random, and I have to remember them all and not write them down and not tell anyone else. Plus every couple of months or whatever, I have to change em all again, to stay robust.

Don't be daft. I can't.

Gromett · Jan 18, 2013

sedge said:
So bearing in mind for instance I need a different password for everything I access, that's 1. my email 'user' password 2. Bank account 3. Site to order prescriptions 4 & 5. 2 different diabetes forums 6. MHF 7. forum re university course 8. BNF 9. I have got facespace but frankly that can go.

There's bound to be something else, can't think now though.

All passwords that have to look different and random, and I have to remember them all and not write them down and not tell anyone else. Plus every couple of months or whatever, I have to change em all again, to stay robust.

[HI]Don't be daft. I can't[/HI].

Of course you can't. I can't either and I need to for even bigger security reasons. At last count I had well over 150 passwords to remember, just not possible. That's why I use LastPass. I have it password protected with one really gnarley password and I have configured last pass to generate random passwords using the following rules for me;

Use 16 characters,
Use A-Z a-z 0-9 and special characters
Minimum digit count 5 (minimum of 5 numbers interspersed)
Require every character type

Here is an example password.

v#i@3jnlW09$r4Yp

So each of my bank accounts, forum logins, server logins have a unique password like above and I never have to remember any of them :thumb:

That reminds me I haven't gotten round to resetting this forum password

sedge · Jan 18, 2013

Sorry, I'm obviously a bit thick.

When you sign in to your bank account for instance, you need to type your User ID and password in. I don't set it to remember in case someone breaks in and nicks the puter. Or worse - our grandkids hack it.

Then of course there's a security thing that you have to enter randomly generated specific digits of your chosen security doings.

So how do you type it all in the little boxes if you don't know what they are?

Gooney · Jan 19, 2013

I'm using an app called secure safe, it's free up to 50 passwords, I thought that would be ample, I've used 42 already without even trying, I was absolutely gobsmacked when I realised how often passwords come into your life

scotjimland · Jan 19, 2013

I use Keepass , a free app, it was a member on here who recommended..

KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish). For more information, see the features page.

http://keepass.info/

On line Banking passwords and PINs should never be saved..

Just had a quick count and I have over 60 passwords.. all generated by Keepass, each with 112bit encryption .. 20 random alpha, numeric, upper/lower case characters ..

I only need to remember one master password ... I back up the passwords on a memory stick, in a file encrypted by Keepass.

Tried Last Pass, but not that keen on it as it's cloud based..

Many will use Firefox for password saving, but did you realise how easy it would be for someone to find them ?
If you do it is recommended that you use a Master Password

here's why http://lifehacker.com/154099/geek-to-live--secure-your-saved-passwords-in-firefox

a useful way of generating and remembering a master password..

http://support.mozilla.org/en-US/kb/create-secure-passwords-keep-your-identity-safe

mitzimad · Jan 19, 2013

why did fingerprint recognition never catch on a while ago it was on many laptops but has since disapeared ?

scotjimland · Jan 19, 2013

mitzimad said:
why did fingerprint recognition never catch on a while ago it was on many laptops but has since disapeared ?

I have it on my Sony Vaio ... pain in the ass.. never worked properly

oh:

that's not to say it's not a good idea.. or indeed iris recognition..

s7ev0 · Jan 19, 2013

Thought this was interesting on how what we think of as strong passwords are not actually that strong when it comes to being "guessed" by a piece of software designed to find passwords. It's from the maths/science/computing cartoon website XKCD (which I heartily recommend btw)

PASSWORD STRENGTH

Steve :Smile:

Gromett · Jan 19, 2013

sedge said:
Sorry, I'm obviously a bit thick.

When you sign in to your bank account for instance, you need to type your User ID and password in. I don't set it to remember in case someone breaks in and nicks the puter. Or worse - our grandkids hack it.

Then of course there's a security thing that you have to enter randomly generated specific digits of your chosen security doings.

So how do you type it all in the little boxes if you don't know what they are?

Ok you got me there Sedge

My bank supplies a dongle which generates a security code each time. I do use a password in this setting which i have had to remember.

But this is the only place where I don't use a random generated password... And it is the only place I have used this password.
So if for instance a forum I was on got hacked. If the hackers then decrypted my password they couldn't use it to get into any other site such as my bank or facebook for example.

sedge · Jan 19, 2013

Well I think I understand now, to get into whatever it is, first go to whatever password encryption site you've used, find the one you want, copy and paste into whatever site you are trying to access?

Is it?

annadg · Jan 22, 2013

Gooney said:
I'm using an app called secure safe, it's free up to 50 passwords, I thought that would be ample, I've used 42 already without even trying, I was absolutely gobsmacked when I realised how often passwords come into your life

Yes .. But ..
Aren't we all a bit paranoid ? Banking and stuff re finance obviously requires strong passwords which is why we now have those card reader thingies.
But for things like forums .. Eg mhf .. Surely the same password is OK ? In real terns who the f**** would want to pretend they are me?

And if I buy something via Amazon etc they notify me .. And notify me if I change my password.

A good password with differences that are personal .. IMO that's what's needed

Gromett · Jan 22, 2013

sedge said:
Well I think I understand now, to get into whatever it is, first go to whatever password encryption site you've used, find the one you want, copy and paste into whatever site you are trying to access?

Is it?

Not quite. It is an addon to your web browser. When you load your browser it asks for your primary password then whenever you go to a website that requires a login it can automatically fill it in for you.

On my personal computer that no one else has access to lastpass is permanently loaded and never asks me for my primary password. I just click a button at the top of the browser to fill in any username/passwords needed.

cbrookson · Jan 23, 2013

ScotJimland said:
I use Keepass , a free app, it was a member on here who recommended..

Tried Last Pass, but not that keen on it as it's cloud based..

Lastpass is cloud based, but it is stored encrypted in the cloud, so only your local copy on the PC is unencrypted. I do keep a local (encrypted copy) just in case their cloud service crashes ....

I use Lastpass with a Yubikey which protects Lastpass with a token. Bit Belts and Braces! :Eeek:

Cheers

Gooney · Jan 23, 2013

The answer

The answer

canopus · Jan 23, 2013

We also use keepass - or rather Lynda does

Forums

Rallies

Reviews

Local Guide

Classifieds

Resources

Journals

Passwords (2 Viewers)

tofo

Bailey58

Gromett

Gromett

sedge

Funster

Gromett

Attachments

sedge

Funster

Gooney

scotjimland

mitzimad

scotjimland

s7ev0

Funster

Gromett

sedge

Funster

annadg

Free Member

Gromett

cbrookson

Gooney

Attachments

canopus

Latest journal entries

Italy Sept 2023

28 days in Languedoc (including travel)

Germany and Poland 2024

Funsters who are viewing this thread