Forum Settings
       
« Previous 1 2
Reply To Thread

P@$$w0rd S3cur!tyFollow

#1 Oct 18 2013 at 7:33 AM Rating: Decent
Avatar
****
8,943 posts
Ok, so I consider myself a moderate when dealing with passwords. I don't use common names, dates and/or words, none of my security questions and answers are legit and I vary the level of password difficulty pending on what I'm safeguarding. However, I don't use 20 character passwords or have paranoia that people are always trying to hack me.

So, with that being said, I've been getting rather frustrated with the varying password policies from websites. I applaud their desire to protect our data, but their policies aren't uniform and are dumb, making me create and remember more and more passwords. The more unnecessary restrictions you have, the less possibilities there are.

Prime example. Same website made me create a password that had to be at least so many characters, but no special characters. Later, in the same website, I had to create another password that had to be EXACTLY 8 characters, using at least one number, one special character, but only SOME special characters. (I don't remember the exact policies, but they were something to that effect). Because my first password violated the second password policy, I had to create an entirely different (modified) password for the same site! And, no, this wasn't Healthcare.gov.

As I start to do more stuff online, I run into this more and more and has become more and more frustrating. What's the point of creating a policy that doesn't allow special characters?

What say ye?
____________________________
Demea wrote:
Almalieque wrote:

I'm biased against statistics
#2 Oct 18 2013 at 7:49 AM Rating: Good
Unforkgettable
*****
13,212 posts
I just use KeePass to manage all my passwords.
____________________________
Banh
#3 Oct 18 2013 at 7:50 AM Rating: Decent
******
21,717 posts
Funny you mention healthcare.gov. I was going to sign up for that until they told me my USERNAME had to have numbers and/or special characters. Password security recommendations are fine. Arbitrary restrictions left up to the developers to determine are asinine.
____________________________
R.I.P. Jessica M. 5/3/2010
This post brought to you by Carl's Jr.
gbaji wrote:
You guys keep tossing facts out there like they mean something.


#4 Oct 18 2013 at 7:54 AM Rating: Good
******
21,717 posts
Spoonless wrote:
I just use KeePass to manage all my passwords.

KeePass is great, unless you ever need to log in from a computer that doesn't have access to your password kdb file. I use DropBox to ensure that I have access to it from several computers, but **** all if I'm going to download my password db to a third party or public computer, let alone download or install KeePass to read it.

____________________________
R.I.P. Jessica M. 5/3/2010
This post brought to you by Carl's Jr.
gbaji wrote:
You guys keep tossing facts out there like they mean something.


#5 Oct 18 2013 at 9:26 AM Rating: Excellent
Meat Popsicle
*****
11,624 posts
I have 3 different generic passwords I use commonly. Those are varied enough that I can almost always use one of them no matter the restrictions. Since most places give you 3 guesses on your password it works out well for the whole remembering part (which I suck at). After that important stuff has subtle variations of the above, something that easy enough for me to remember (i.e. somehow related), but changes the password fairly significantly, and has some part I can iterate on if I'm forced to change things up a bit, like the work password which changes every few months.

The questions are the bane of my existence though. Firstly I don't have a favorite teacher, or a favorite fruit, don't remember the model of my first girlfriend's car, split my childhood between a few different houses, can never seem to remember whether or not my first phone number should include the area code, and that theme continues for 90% of what they come up with. I'd make up fake answers for those (which I'm told is best to do anyway), but I get forced into using those questions so infrequently I can't seem to remember my fake answers.

I'll just stick with the herd thing and hope enough of the rest of you are feeble, injured, or somehow look more delicious so the predators will go after you first and leave me alone. Smiley: nod

Edited, Oct 18th 2013 8:28am by someproteinguy
____________________________
That monster in the mirror, he just might be you. -Grover
#6 Oct 18 2013 at 9:53 AM Rating: Good
Needs More Smut
Avatar
******
20,221 posts
My passwords these days all follow a specific pattern, but each one is unique. I think of a keyword related to the site I'm trying to access (like bank, or game) and tack on a specific number combo and special character at the end. I almost always end up with nice, 8-10 character passwords that are unique to the service I'm trying to access. Even if someone keylogs me one place, it won't help them get anywhere else without brute forcing a bit.
____________________________
FFXI: Catwho on Bismarck. Once again a top bard on the server: Dardaubla 90 on 1/6/2014
Thayos wrote:
I can't understand anyone who skips the cutscenes of a Final Fantasy game. That's like going to Texas and not getting barbecue.

FFXIV: Katarh Mest on Lamia - Member of The Swarm and leader of Grammarian Tea House chat LS
#7 Oct 18 2013 at 10:19 AM Rating: Good
Skelly Poker Since 2008
*****
15,675 posts
I disappointed no one has come up with something easier and more secure for the home computer user than passwords. Retina-scans, odor-recognition or fingerprint passes, heck even a swipe card would work.
____________________________
Alma wrote:
Post and be happy!
#8 Oct 18 2013 at 10:19 AM Rating: Excellent
Avatar
******
29,859 posts
I may have one or two thoughts on the subjects of passwords...
http://everquest.allakhazam.com/forum.html?forum=25&mid=130025123118577481
____________________________
Arch Duke Kaolian Drachensborn, lvl 95 Ranger, Unrest Server
Tech support forum | FAQ (Support) | Mobile Zam: http://m.zam.com (Premium only)
Forum Rules
#9 Oct 18 2013 at 12:07 PM Rating: Excellent
Soulless Internet Tiger
******
34,677 posts
I will not discuss my passwords here. TLW frequents this place.
____________________________
Donate. One day it could be your family.
Need a hotel at a great rate? More hotels being added weekly.

An invasion of armies can be resisted, but not an idea whose time has come. Victor Hugo

#10 Oct 18 2013 at 12:52 PM Rating: Decent
Lunatic
******
29,256 posts
What's the point of creating a policy that doesn't allow special characters?

It makes users feel more secure. The reality is most password files are barely encrypted if not kept in plaintext and take an hour for a 12 year old to break. Forcing users to rule out "password" as a password seems like a good idea until dictionary attacks add "password_1" to lists.
____________________________
Disclaimer:

To make a long story short, I don't take any responsibility for anything I post here. It's not news, it's not truth, it's not serious. It's parody. It's satire. It's bitter. It's angsty. Your mother's a whore. You like to jack off dogs. That's right, you heard me. You like to grab that dog by the bone and rub it like a ski pole. Your dad? Gay. Your priest? Straight. **** off and let me post. It's not true, it's all in good fun. Now go away.

#11 Oct 18 2013 at 12:58 PM Rating: Good
Avatar
*****
19,656 posts
Relevant.
Screenshot
____________________________
IDrownFish wrote:
Anyways, you all are horrible, @#%^ed up people

lolgaxe wrote:
Never underestimate the healing power of a massive dong.
#12 Oct 18 2013 at 1:03 PM Rating: Excellent
Meat Popsicle
*****
11,624 posts
Quote:
Through 20 years of effort, we've successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess.
One more sign the computer overlords have already taken over.

Smiley: tinfoilhat

Edited, Oct 18th 2013 12:05pm by someproteinguy
____________________________
That monster in the mirror, he just might be you. -Grover
#13 Oct 18 2013 at 4:39 PM Rating: Decent
Avatar
****
8,943 posts
someproteinguy wrote:
I have 3 different generic passwords I use commonly. Those are varied enough that I can almost always use one of them no matter the restrictions. Since most places give you 3 guesses on your password it works out well for the whole remembering part (which I suck at). After that important stuff has subtle variations of the above, something that easy enough for me to remember (i.e. somehow related), but changes the password fairly significantly, and has some part I can iterate on if I'm forced to change things up a bit, like the work password which changes every few months.

Smiley: nod

Edited, Oct 18th 2013 8:28am by someproteinguy


That's how I am and that usually isn't an issue, but over time, I have come across ridiculous password policies that forces me to alter my passwords, creating new alterations.

SPG wrote:
The questions are the bane of my existence though. Firstly I don't have a favorite teacher, or a favorite fruit, don't remember the model of my first girlfriend's car, split my childhood between a few different houses, can never seem to remember whether or not my first phone number should include the area code, and that theme continues for 90% of what they come up with. I'd make up fake answers for those (which I'm told is best to do anyway), but I get forced into using those questions so infrequently I can't seem to remember my fake answers.

I'll just stick with the herd thing and hope enough of the rest of you are feeble, injured, or somehow look more delicious so the predators will go after you first and leave me alone.


Easy solution. Think of one place: Gotham City, One name : Peter Parker, One Pet Name: Alpha5, one car name: Pento and use those for every question. NEVER USE anything real that someone can use facebook/ social engineering to get.
Name of best friend/ girlfriend/ teacher/etc. = Peter Parker.

Place of birth; honeymoon; first vacation, etc = Gotham City

Now, the key is to remember this if a person challenges you on the phone. You have to ask are these MY security questions or are you using your database? A few years ago, a woman asked me the name of my son. I responded "??? I don't have a son, do you know something that I don't know?". There was an awkward pause, until I realized that she was asking my security question and answered. We laughed.

Smasharoo wrote:
What's the point of creating a policy that doesn't allow special characters?

It makes users feel more secure. The reality is most password files are barely encrypted if not kept in plaintext and take an hour for a 12 year old to break. Forcing users to rule out "password" as a password seems like a good idea until dictionary attacks add "password_1" to lists.


I think you misread what I wrote. I'm asking why create a policy that does NOT allow special characters.
idiggory, King of Bards wrote:


I've been arguing this concept for awhile. The more restrictions that you give, the less possibilities there are.
____________________________
Demea wrote:
Almalieque wrote:

I'm biased against statistics
#14 Oct 18 2013 at 6:36 PM Rating: Default
Avatar
****
7,460 posts
I use password protected computers on a private network to generate me a random password every week at noon, it then auto dumps to my PC and replaces the saved password information saved on my PC. I can access the same file on my phone but have to manually change passwords (Gay.)

I removed my self from the password making process and life has never been more blissful.
____________________________
HEY GOOGLE. **** OFF YOU. **** YOUR **** SEARCH ENGINE IN ITS **** SHITTY BINARY ASS. ALL DAY LONG.

#15 Oct 18 2013 at 6:51 PM Rating: Default
Avatar
****
8,943 posts
rdmcandie wrote:
I use password protected computers on a private network to generate me a random password every week at noon, it then auto dumps to my PC and replaces the saved password information saved on my PC. I can access the same file on my phone but have to manually change passwords (Gay.)

I removed my self from the password making process and life has never been more blissful.


Different strokes for different folks. That's too much automation involved with sensitive information. I like to have some interaction. Besides, how exactly are your passwords automatically dumped onto your PC if the generator is on a private network? Sounds like spillage.
____________________________
Demea wrote:
Almalieque wrote:

I'm biased against statistics
#16 Oct 18 2013 at 7:10 PM Rating: Decent
Avatar
****
7,460 posts
Well its not really that sensitive. Online Games/online game forums/associated emails/freeporn/news papers.

Why anyone would put sensitive stuff on the net is beyond me.

Edited, Oct 18th 2013 9:12pm by rdmcandie
____________________________
HEY GOOGLE. **** OFF YOU. **** YOUR **** SEARCH ENGINE IN ITS **** SHITTY BINARY ASS. ALL DAY LONG.

#17 Oct 18 2013 at 7:24 PM Rating: Default
Avatar
****
8,943 posts
rdmcandie wrote:
Well its not really that sensitive. Online Games/online game forums/associated emails/freeporn/news papers.

Why anyone would put sensitive stuff on the net is beyond me.

Edited, Oct 18th 2013 9:12pm by rdmcandie


You don't do online banking? I would imagine that anyone who has a program to create and update their passwords would also be a proponent of auto-pay. Not having to ever worry about paying bills is a great feeling.
____________________________
Demea wrote:
Almalieque wrote:

I'm biased against statistics
#18 Oct 18 2013 at 8:13 PM Rating: Good
Avatar
*****
11,922 posts
Uglysasquatch wrote:
I will not discuss my passwords here. TLW frequents this place.


It's like you don't trust me.
____________________________
"India black magic anal sex zionist blow job terrorism child rape bicycle"
Just as Planned.
#19 Oct 18 2013 at 9:08 PM Rating: Decent
Avatar
****
7,460 posts
Almalieque wrote:
rdmcandie wrote:
Well its not really that sensitive. Online Games/online game forums/associated emails/freeporn/news papers.

Why anyone would put sensitive stuff on the net is beyond me.

Edited, Oct 18th 2013 9:12pm by rdmcandie


You don't do online banking? I would imagine that anyone who has a program to create and update their passwords would also be a proponent of auto-pay. Not having to ever worry about paying bills is a great feeling.


Oh I have autopay, I just don't use online banking, I also have direct deposit but I don't need to do anything with it at all, I already go to the bank twice a month to talk about my investments with my representative, and if I have any actual pressing banking matters I can clean them up while I am there anyway.

I think maybe the most sensitive information I have on the internet might be my pay pal account, which Is tied to my credit card, but that is just a pay as you go credit card unaffiliated with my bank used solely to top up pay pal so I can play and buy games. Everything else is pretty much on my debit card, and statements from banking machines IF I need cash, which only happens if I go to the bar, or need to buy some more weed.

Lets see. Ya I don't think Ive ever visited the bank website outside of my bank and making my first password. Now I could...I just haven't.


Actually that is not true the Government made me put my birthdate and my sin number into an online form a few years back when I was applying to colleges and college loans.

Edited, Oct 18th 2013 11:10pm by rdmcandie

Edited, Oct 18th 2013 11:11pm by rdmcandie
____________________________
HEY GOOGLE. **** OFF YOU. **** YOUR **** SEARCH ENGINE IN ITS **** SHITTY BINARY ASS. ALL DAY LONG.

#20 Oct 19 2013 at 1:53 AM Rating: Decent
Avatar
****
8,943 posts
RDD wrote:
Oh I have autopay, I just don't use online banking, I also have direct deposit but I don't need to do anything with it at all, I already go to the bank twice a month to talk about my investments with my representative, and if I have any actual pressing banking matters I can clean them up while I am there anyway.

I think maybe the most sensitive information I have on the internet might be my pay pal account, which Is tied to my credit card, but that is just a pay as you go credit card unaffiliated with my bank used solely to top up pay pal so I can play and buy games. Everything else is pretty much on my debit card, and statements from banking machines IF I need cash, which only happens if I go to the bar, or need to buy some more weed.

Lets see. Ya I don't think Ive ever visited the bank website outside of my bank and making my first password. Now I could...I just haven't.


Actually that is not true the Government made me put my birthdate and my sin number into an online form a few years back when I was applying to colleges and college loans.


Whatever floats your boat. It just seems odd to me for a person who doesn't do online banking or make online purchases with credit cards to have such an over complex system for password management as opposed to having simple, but "safe" passwords.

It sounds like you have an unreasonable level of paranoia. If your password management is about simplicity and not security (because you have nothing sensitive to protect), then you realize the simplicity of online banking as opposed to physically visiting your bank.

Edited, Oct 19th 2013 9:53am by Almalieque
____________________________
Demea wrote:
Almalieque wrote:

I'm biased against statistics
#21 Oct 19 2013 at 8:29 AM Rating: Decent
*****
12,810 posts
I have a wireless password that follows more in line with the XKCD comic. I would love to see someone brute force it. I wonder how many decades it would take....
____________________________
Twitter: http://www.twitter.com/pawkeshup
YouTube: http://www.youtube.com/pawkeshup
Viddler: http://www.viddler.com/explore/pawkeshup/
UStream: http://www.ustream.tv/channel/pawkeshup-s-gaming-stream
Blog: http://pawkeshup.blogspot.com
Olorinus the Ludicrous wrote:
The idea of old school is way more interesting than the reality
#22 Oct 19 2013 at 8:34 AM Rating: Decent
Avatar
****
7,460 posts
Are you just making an argument for the sake of arguing?

I don't use online banking because I HAVE to go to the bank 2 times a month already, Im not sure how much you frequent online banking (nor do I care) but I can't seem to think it would have any more use than a couple times a month to maybe check balances or move money. The same stuff I can do while at the bank that I am going to go to anyway.

Now if for whatever reason I did use online banking I wouldn't have much issue using it, because I am confident that my PC and information is protected on my end just as much as it is their end. But that day has not come yet. I seem to be able to tackle all my banking needs when I visit my bank 2 times a month to discuss my investments.

Now do I need random passwords thrown at me from an old PC? Not really.
Why do it then if you don't need it? Why not.



Edited, Oct 19th 2013 10:35am by rdmcandie
____________________________
HEY GOOGLE. **** OFF YOU. **** YOUR **** SEARCH ENGINE IN ITS **** SHITTY BINARY ASS. ALL DAY LONG.

#23 Oct 19 2013 at 8:41 AM Rating: Excellent
Supreme Lionator
*****
14,174 posts
Just use whatever, then forget it.
____________________________
“Socialism never took root in America because the poor see themselves not as an exploited proletariat but as temporarily embarrassed millionaires.”
#24 Oct 19 2013 at 8:51 AM Rating: Excellent
Liberal Conspiracy
*******
TILT
rdmcandie wrote:
I don't use online banking because I HAVE to go to the bank 2 times a month already, Im not sure how much you frequent online banking (nor do I care) but I can't seem to think it would have any more use than a couple times a month to maybe check balances or move money. The same stuff I can do while at the bank that I am going to go to anyway.

Personally, it's the sort of thing that's just handy when I need it. If I want/need to know my balance or whether the sitter finally cashed that check or whatever, I can find out there and then. It's never saved a life or rescued a tree full of kittens but it's a nice quality-of-life thing.
____________________________
Belkira wrote:
Wow. Regular ol' Joph fan club in here.
#25 Oct 19 2013 at 9:11 AM Rating: Decent
Avatar
****
7,460 posts
Jophiel wrote:
rdmcandie wrote:
I don't use online banking because I HAVE to go to the bank 2 times a month already, Im not sure how much you frequent online banking (nor do I care) but I can't seem to think it would have any more use than a couple times a month to maybe check balances or move money. The same stuff I can do while at the bank that I am going to go to anyway.

Personally, it's the sort of thing that's just handy when I need it. If I want/need to know my balance or whether the sitter finally cashed that check or whatever, I can find out there and then. It's never saved a life or rescued a tree full of kittens but it's a nice quality-of-life thing.



Thats what I assumed, just another tool that is nice to have available should you need it.
____________________________
HEY GOOGLE. **** OFF YOU. **** YOUR **** SEARCH ENGINE IN ITS **** SHITTY BINARY ASS. ALL DAY LONG.

#26 Oct 19 2013 at 9:11 AM Rating: Good
Avatar
******
27,023 posts
Online banking is mostly a way for me to keep an eye on my money, especially with my bank's app. Since I almost ever have or use cash it's basically my wallet.
____________________________
Theophany wrote:
YOU'RE AN ELITIST @#%^ AETHIEN, NO WONDER YOU HAVE NO FRIENDS AND PEOPLE HATE YOU.
someproteinguy wrote:
Aethien you take more terrible pictures than a Japanese tourist.
Astarin wrote:
One day, Maz, you'll learn not to click on anything Aeth links.
#27 Oct 19 2013 at 5:06 PM Rating: Decent
Avatar
****
8,943 posts
RDD wrote:
Are you just making an argument for the sake of arguing?


I'm honestly not. It just doesn't make sense to me. That's like running RAID on your computer and saying that you don't have anything important to back up as opposed to using the additional storage space and simply backing up important stuff in a cloud or an external media device.

RDD wrote:

Now do I need random passwords thrown at me from an old PC? Not really.
Why do it then if you don't need it? Why not.


Nothing against doing it for no real reason, but if it's for simplicity purposes, then going fully automated is the obvious solution.

RDD wrote:
I don't use online banking because I HAVE to go to the bank 2 times a month already, Im not sure how much you frequent online banking (nor do I care) but I can't seem to think it would have any more use than a couple times a month to maybe check balances or move money. The same stuff I can do while at the bank that I am going to go to anyway.


I'm not sure how your bank is set up, but the line to discuss financial matters is different from the line to make normal transactions. So, instead of waiting in two completely differently lines, potentially doubling your time at the bank, you can complete your normal transactions any time of the day from your pc or cellphone. Not only does that minimize your time at the bank, but others as well.

Also, I would question the necessity of those two visits a month. I don't know your investment or am I well versed in investments, but given this automated, quick fast and in a hurry society, I can't imagine a bank providing a service that requires that many visits to the bank. Please correct me if I'm wrong, because I know not, but with the bank cellphone apps that allow users to deposit checks with their cell phone, it sounds a bit counter productive. However, I do understand from a "job security" point of view, but big money makers tend to follow money trends that benefit them, not their employees.

____________________________
Demea wrote:
Almalieque wrote:

I'm biased against statistics
#28 Oct 19 2013 at 9:51 PM Rating: Good
******
43,443 posts
Kavekk wrote:
Just use whatever, then forget it.
Oh, you got it back. Nice.
____________________________
George Carlin wrote:
I think it’s the duty of the comedian to find out where the line is drawn and cross it deliberately.
#29 Oct 20 2013 at 1:58 AM Rating: Good
Repressed Memories
******
20,564 posts
All my passwords are a modular addition between a key phrase and a descriptive phrase of the particular usage. Every password is different, every password is easy to remember, looks entirely random, can be reset individually or as a group.
#30 Oct 20 2013 at 7:56 PM Rating: Good
Everyone's Oiran
Avatar
*****
15,915 posts
I am jealous of your mad logic skills.
____________________________
<3

http://www.reddit.com/r/Forum4/
#31 Oct 21 2013 at 1:36 AM Rating: Decent
Scholar
**
485 posts
If something doesn't let me use 123456789, i just give up.
____________________________
#32 Oct 22 2013 at 3:44 PM Rating: Excellent
Encyclopedia
******
31,484 posts
I use 12345, the same as my luggage.
____________________________
King Nobby wrote:
More words please
#33 Oct 22 2013 at 6:06 PM Rating: Excellent
******
43,443 posts
Hail Scroob.
____________________________
George Carlin wrote:
I think it’s the duty of the comedian to find out where the line is drawn and cross it deliberately.
#34 Oct 24 2013 at 4:23 AM Rating: Decent
****
7,545 posts
someproteinguy wrote:
I have 3 different generic passwords I use commonly.


[:picardTripleFacePalm;]

idiggory, King of Bards wrote:


dictionary attacks make it less effective now than it was at the time that comic was made

---

this is assuming the hackers have a hashed list and they are trying to test passwords by hashing them then comparing against that list of hashes. if your password is just encrypted...

the typical attack will involve someone using a massive list of passwords, this started with the rockyou breach back in 09, and trying those first. that breach lead to more and gave a lot of insight as it was the first major exposure of how real people do passwords. it also helped lead to more breaches that revealed more passwords which is an on going cycle.

after that they will use a dictionary attack that combines words, often the 1337 versions and maybe some numbers at the end. this attack vector will also combine those words, making correct battery horse staple not as strong. side note foreign words are the same as english words, most common languages will have many entries in the dictionary from not english

the fancier people trying to crack your hash will have a crawler scrape wikipedia then check all those strings, so that crazy lovecraft demon you use as as password sucks because it also could easily be a list.

that being said sites that make you use one of blah, blah, blah deserve to be shot. that just cause people to always reset their password (which is also a security risk), use the same password everywhere or use something terrible keyboard based system -> 1qaz@WSX looks cool and all elite but seriously...

being a crazy person that can remember some 20 odd random 12 character strings would be the most secure. otherwise a good password manager is your best bet. using the phase phrase system works, but it works best if you go something like: word1SYMBOLORSPACEword2withleetspeakDIFFERENTSYMBOLORSPACEword3ormaybeadate, etc etc. that adds more randomness and reduces the chance that what you are using will come up in a dictionary attack

as a side note people who think the new ios finger print thing is a password or that biometrics will become passwords are wrong, those are equivalent to user names not passwords.
____________________________
Hellbanned

idiggory wrote:
Drinking at home. But I could probably stand to get laid.
#35 Oct 24 2013 at 5:23 AM Rating: Decent
Avatar
****
8,943 posts
Quote:
this is assuming the hackers have a hashed list and they are trying to test passwords by hashing them then comparing against that list of hashes. if your password is just encrypted...

the typical attack will involve someone using a massive list of passwords, this started with the rockyou breach back in 09, and trying those first. that breach lead to more and gave a lot of insight as it was the first major exposure of how real people do passwords. it also helped lead to more breaches that revealed more passwords which is an on going cycle.

after that they will use a dictionary attack that combines words, often the 1337 versions and maybe some numbers at the end. this attack vector will also combine those words, making correct battery horse staple not as strong. side note foreign words are the same as english words, most common languages will have many entries in the dictionary from not english

the fancier people trying to crack your hash will have a crawler scrape wikipedia then check all those strings, so that crazy lovecraft demon you use as as password sucks because it also could easily be a list.

that being said sites that make you use one of blah, blah, blah deserve to be shot. that just cause people to always reset their password (which is also a security risk), use the same password everywhere or use something terrible keyboard based system -> 1qaz@WSX looks cool and all elite but seriously...

being a crazy person that can remember some 20 odd random 12 character strings would be the most secure. otherwise a good password manager is your best bet. using the phase phrase system works, but it works best if you go something like: word1SYMBOLORSPACEword2withleetspeakDIFFERENTSYMBOLORSPACEword3ormaybeadate, etc etc. that adds more randomness and reduces the chance that what you are using will come up in a dictionary attack

as a side note people who think the new ios finger print thing is a password or that biometrics will become passwords are wrong, those are equivalent to user names not passwords.


As much as I would like to argue against some of those points, I simply don't know enough in order to do so. I will say, that there is a limit that the average person should consider. Hackers who spend all of their effort cracking the toughest of passwords will eventually crack into whatever you have if they try. Unless of course, you have a MD/SHA hashed password that is sent every 15 seconds as a synchronous token that can only be accessed via biometrics and an additional random 2-factor authentication. You know, RDD's setup to get passwords to safeguard stuff that isn't sensitive.
____________________________
Demea wrote:
Almalieque wrote:

I'm biased against statistics
#36 Oct 24 2013 at 9:39 AM Rating: Excellent
Meat Popsicle
*****
11,624 posts
Horsemouth wrote:
someproteinguy wrote:
I have 3 different generic passwords I use commonly.


[:picardTripleFacePalm;]
I know I know... Smiley: rolleyes

But there's too many free sites that want you "to have a password" to cut down on abuse or whatever. If it's got nothing worth any monetary value to me I'm not going to put any effort into protecting the account. I suppose if someone really wants to hack my free account at sharecg.com or nexusmods.com they'll have an easier time, and it'll be the same password as that LOTRO account I never use and has no credit card linked to it. So they'd probably get into that fairly easily too. I'm sure my level 8 Minstrel probably would be fine with the extra attention anyway. Smiley: lol

Edited, Oct 24th 2013 8:41am by someproteinguy
____________________________
That monster in the mirror, he just might be you. -Grover
#37 Oct 24 2013 at 10:20 AM Rating: Good
Skelly Poker Since 2008
*****
15,675 posts
I pretty much use the same password for everything but my bank. I usually start with good intentions of having a different password but inevitably I forget what the other new password is. Then I have to go through the whole process of getting an email, correctly answering my secret questions (which I often get wrong) and then finally permission to reset my password.

When I get to the reset prompt I figure I should reset it to something I can remember.
____________________________
Alma wrote:
Post and be happy!
#38 Oct 24 2013 at 10:40 AM Rating: Excellent
Liberal Conspiracy
*******
TILT
I use Crazylovecraftdemon69 as my password everywhere.
____________________________
Belkira wrote:
Wow. Regular ol' Joph fan club in here.
#39 Oct 24 2013 at 10:51 AM Rating: Good
Skelly Poker Since 2008
*****
15,675 posts
Who else just tried to hack into Joph's zam account using the above password?
____________________________
Alma wrote:
Post and be happy!
#40 Oct 24 2013 at 10:53 AM Rating: Good
Everyone's Oiran
Avatar
*****
15,915 posts
I presumed it was really some variation of Cthulu and Ada Lovelace and tried that.
____________________________
<3

http://www.reddit.com/r/Forum4/
#41 Oct 24 2013 at 11:00 AM Rating: Excellent
Liberal Conspiracy
*******
TILT
Elinda wrote:
Who else just tried to hack into Joph's zam account using the above password?

Me!

Did it work?
____________________________
Belkira wrote:
Wow. Regular ol' Joph fan club in here.
#42 Oct 24 2013 at 11:03 AM Rating: Good
Everyone's Oiran
Avatar
*****
15,915 posts
Ah haw haw haw
____________________________
<3

http://www.reddit.com/r/Forum4/
#43 Oct 24 2013 at 1:20 PM Rating: Excellent
Avatar
******
27,023 posts
Jophiel wrote:
Elinda wrote:
Who else just tried to hack into Joph's zam account using the above password?

Me!

Did it work?
So TLW, how many new sock accounts have you gotten out of this thread?
____________________________
Theophany wrote:
YOU'RE AN ELITIST @#%^ AETHIEN, NO WONDER YOU HAVE NO FRIENDS AND PEOPLE HATE YOU.
someproteinguy wrote:
Aethien you take more terrible pictures than a Japanese tourist.
Astarin wrote:
One day, Maz, you'll learn not to click on anything Aeth links.
#44 Oct 26 2013 at 1:46 PM Rating: Good
Avatar
*****
11,922 posts
Some. Not Uglysasquatch's. Also, Nixnot changed his bank acct pass again, someone should tell him to stop emailing those passwords to himself in plaintext.
____________________________
"India black magic anal sex zionist blow job terrorism child rape bicycle"
Just as Planned.
#45 Oct 26 2013 at 2:24 PM Rating: Good
Avatar
*****
11,922 posts
Public service announcement: Buttsisnotapass3 is not secure. Almost anything with pass or password is insecure.
____________________________
"India black magic anal sex zionist blow job terrorism child rape bicycle"
Just as Planned.
#46 Oct 27 2013 at 4:19 AM Rating: Good
Soulless Internet Tiger
******
34,677 posts
Timelordwho wrote:
Some. Not Uglysasquatch's.
That's because he said new, right?
____________________________
Donate. One day it could be your family.
Need a hotel at a great rate? More hotels being added weekly.

An invasion of armies can be resisted, but not an idea whose time has come. Victor Hugo

#47 Oct 27 2013 at 6:34 AM Rating: Good
Supreme Lionator
*****
14,174 posts
Sock it to 'em.
____________________________
“Socialism never took root in America because the poor see themselves not as an exploited proletariat but as temporarily embarrassed millionaires.”
#48 Oct 27 2013 at 6:38 AM Rating: Good
Supreme Lionator
*****
14,174 posts
Do my posts actually make the slightest bit of sense?

I think I'm having an epiphany, but it's just too **** noisy in this library.
____________________________
“Socialism never took root in America because the poor see themselves not as an exploited proletariat but as temporarily embarrassed millionaires.”
#49 Oct 27 2013 at 8:19 AM Rating: Good
Avatar
******
27,023 posts
Kavekk wrote:
Do my posts actually make the slightest bit of sense?
Of course not.
____________________________
Theophany wrote:
YOU'RE AN ELITIST @#%^ AETHIEN, NO WONDER YOU HAVE NO FRIENDS AND PEOPLE HATE YOU.
someproteinguy wrote:
Aethien you take more terrible pictures than a Japanese tourist.
Astarin wrote:
One day, Maz, you'll learn not to click on anything Aeth links.
#50 Oct 27 2013 at 11:51 AM Rating: Good
Avatar
*****
11,922 posts
Kavekk wrote:
Do my posts actually make the slightest bit of sense?

I think I'm having an epiphany, but it's just too **** noisy in this library.


Making sense is not allowed in the asylum; Gbaji is here.
____________________________
"India black magic anal sex zionist blow job terrorism child rape bicycle"
Just as Planned.
#51 Oct 27 2013 at 4:05 PM Rating: Default
Avatar
****
8,943 posts
Kavekk wrote:
Do my posts actually make the slightest bit of sense?

I think I'm having an epiphany, but it's just too **** noisy in this library.


Was that a reference to the racially insensitive White girl describing the Chinese at her school?
____________________________
Demea wrote:
Almalieque wrote:

I'm biased against statistics
« Previous 1 2
Reply To Thread

Colors Smileys Quote OriginalQuote Checked Help

 

Recent Visitors: 48 All times are in CDT
Aethien, Donbayne, Elinda, ElneClare, lolgaxe, Technogeek, Anonymous Guests (42)