Go Back   Forums @ The Digital Fix > Gadgets and Gizmos > Computing Forum

Reply
 
Thread Tools Display Modes
Old 13-12-2011, 07:24   #1
driver8
M0D2.0 (trainee)
 
driver8's Avatar
 
Join Date: Jan 2003
Location: Malé, Maldives
Posts: 11,950
Thanks: 2,735
Thanked 2,860 Times in 1,254 Posts
Question Passwords - create & manage - online security apps & tools

There's an interesting article here at PC Pro about passwords & cracking - maybe nothing new, but it brings a lot of stuff together in a compact easy-read summary.

Next, you can check just how secure your passwords might be, here at the appropriately entitled How Secure Is My Password ? site.

But don't be too pleased with yourself just yet, cos thanks to a user post on that PC Pro article, you can see a common hacker 'dictionary' of 1 MILLION words and common passwords, collected & built up over the years - 16mb text file here. (This might crash your Notepad or Word, so open with Wordpad, and ctl-F to search for passwords. MS Word eventually told me this would need 30,000 pages to print, and contains 1.7+ million words & counting).

There's even a deluxe 70mb version containing over 30 MILLION passwords - "192,916 of the passwords came from English dictionary, the remaining were collected from leaked databases from various websites (including major sites e.g. Sony Pictures, Gawker)". It would obviously be much better if the 'How Secure Is My Password?' site was to also search this list !

So you'll see that a 'dictionary' isn't really the book that we know in the true sense of the word. None of my passwords are in the Oxford English dictionary, and haven't been for as long as I can remember, but 2 of my major alpha-numeric ones are actually on that list !

So if you're now wanting to update your passwords, you don't need something like ge3ReswuprU7uKAT6ava from PCtools.com or 0_5{7guva>;:83r]d.4H from Password Generator.com - impossible to remember, so writing them down makes you vulnerable too.

Just try using normal phrases that are easy for you to remember, upper or lower case, and then just add a number or 2 - ILikeHam2001 or 1666TickleMySticks. Or if you really can't manage that, Make Me A Password.net will give you one that's easier to remember, like AnesthetizedSodomy or TransoceanicSelfabuse !

Stay safe, kids.
__________________
| initiative-Q = free cash! | flickr | FB | eos6d | erazer x6807 | marantz+canton 5.1 | benq w1090 | dt990 | paperwhite | lenovo a10 | redmi note 9s |

Last edited by driver8; 08-12-2018 at 11:26. Reason: updated title
driver8 is offline   Reply With Quote
Thanked once by:
Leigh (13-02-2012)
Old 13-12-2011, 09:54   #2
ffc
On the sofa
 
Join Date: Dec 2001
Location: 800 yards from Woz and 12,500 miles from Bick
Posts: 1,670
Thanks: 5
Thanked 23 Times in 21 Posts
Hmmm, enter your password into a site called how secure is my password.....
__________________
Dave H
ffc is offline   Reply With Quote
Old 13-12-2011, 10:00   #3
Dodgy
Trusted User
 
Join Date: Oct 2000
Posts: 7,041
Thanks: 60
Thanked 44 Times in 18 Posts
Nothing wrong with writing your passwords down. If the main threat is from hackers on the Internet, they can't see inside that envelope you keep in the filing cabinet in the corner of your office.

Also, it's OK having a huge collection of dictionary and non-dictionary words to use to attack a database of passwords. But most of the time, you will be attacking 'online' so you only get a finite number of attempts before account lockout anyway. These massive collections of passwords are only good against an offline attack, and in an offline attack, the attacker has probably already compromised the server that he got your passwords from anyway.

I reckon the biggest risk is people who use the same (even massively strong 25 character) password on multiple sites. Some site admins have no way of seeing your passwords, but many do. How many times have you requested a password reminder only to get an email with the plain text of your password? That means they're not hashing your password, and these are the kind of sites that if hacked, will leave you open to attack on any other sites where you've used the same password.

I wish forums, ecom sites etc were more open about how they protect your password.

Personally, I grade my passwords like so:

1. Banking (Paypal, banks or any site that could leave me financially exposed)
I have completely unique passwords for this category and they are changed every year or so.

2. Ecommerce (sites that may store my address, phone number, DOB, purchasing history) etc
These are also unique but don't change so often

3. Forums
Unique(ish)

You have to find your own method I suppose. But I think the vast majority use the same password for ALL sites. They must just keep their fingers crossed.
__________________
Gone elsewhere, cheers folks!
Dodgy is offline   Reply With Quote
Old 13-12-2011, 10:10   #4
Tempest
Trusted User
 
Tempest's Avatar
 
Join Date: Jun 2000
Location: Horley (Gatwick)
Posts: 27,940
Thanks: 1,346
Thanked 1,012 Times in 608 Posts
We have a computer at work with a sticker on the front which says "Password = no password"
I'm not sure if that means there is no password, or that the password is "no password"
Tempest is offline   Reply With Quote
Old 13-12-2011, 10:17   #5
Dodgy
Trusted User
 
Join Date: Oct 2000
Posts: 7,041
Thanks: 60
Thanked 44 Times in 18 Posts
What industry is your work Tempest?
__________________
Gone elsewhere, cheers folks!
Dodgy is offline   Reply With Quote
Old 13-12-2011, 10:24   #6
Guest 9359
Gamertag: Kiruji
 
Join Date: Jun 2001
Location: Telford
Posts: 3,956
Thanks: 36
Thanked 15 Times in 9 Posts
None of my passwords are on that list. I use a method to create an easily remembered unique password for everything I need one for - so if a site I use gets compromised, the password doesn't work on anything else anyway.
Guest 9359 is offline   Reply With Quote
Old 13-12-2011, 11:00   #7
Wooglie
Rurouni
 
Wooglie's Avatar
 
Join Date: May 2001
Location: Farnborough
Posts: 6,080
Thanks: 1,613
Thanked 1,088 Times in 465 Posts
Quote:
Originally Posted by ffc View Post
Hmmm, enter your password into a site called how secure is my password.....
Yeah that was my initial thought.
Edit: It only uses javascript, so shouldn't be sending anything back to the server.

Last edited by Wooglie; 13-12-2011 at 11:01.
Wooglie is offline   Reply With Quote
Old 13-12-2011, 11:58   #8
Guest 41989
Trusted User
 
Join Date: May 2004
Posts: 10,628
Thanks: 100
Thanked 40 Times in 18 Posts
I have a system in place so that every website has a different password, but I wish there was some standardisation. So many say You can't have non alpha-numeric characters, or force you to have some. Some force you to have a number, some force you to have one cap. The amount of times I go to a site and can't remember the password because they don't confirm to a standard is way too often.
Guest 41989 is offline   Reply With Quote
Thanked once by:
qpw3141 (20-02-2021)
Old 13-12-2011, 12:20   #9
Xeon007
Trusted User
 
Xeon007's Avatar
 
Join Date: May 2001
Location: East Northants
Posts: 3,697
Thanks: 73
Thanked 92 Times in 48 Posts
I use Keepass - the main thing is to use a different password per site definitely.
Xeon007 is offline   Reply With Quote
Old 13-12-2011, 12:36   #10
IAmATeaf
Breast milk addict!
 
IAmATeaf's Avatar
 
Join Date: Nov 2000
Location: Up Ya Arse!
Posts: 3,502
Thanks: 4
Thanked 9 Times in 7 Posts
I use words from the current doc, magazine, newspaper I'm reading at the time to make up my passwords for all the sites I need to keep secure. For others like forum sites I again tend to use a sequence of words but they are in the main the same for all the forums.

Hmm, maybe I shouldn't have said the above
__________________
Regards
IAmATeaf is offline   Reply With Quote
Old 13-12-2011, 12:54   #11
liamail
stop staring at my knob
 
liamail's Avatar
 
Join Date: Aug 2002
Posts: 2,284
Thanks: 86
Thanked 56 Times in 27 Posts
Quote:
Originally Posted by driver8 View Post
Next, you can check just how secure your passwords might be, here at the appropriately entitled How Secure Is My Password ? site.
And after that you can check if your card number is compromised at ismycreditcardstolen.com

Quote:
Originally Posted by Tempest View Post
We have a computer at work with a sticker on the front which says "Password = no password"
I'm not sure if that means there is no password, or that the password is "no password"
Or perhaps that having password as your password is the same as no password
__________________
It appears my hypocrisy knows no bounds...

Last edited by liamail; 13-12-2011 at 13:01.
liamail is offline   Reply With Quote
Old 13-12-2011, 12:57   #12
liamail
stop staring at my knob
 
liamail's Avatar
 
Join Date: Aug 2002
Posts: 2,284
Thanks: 86
Thanked 56 Times in 27 Posts
.

Last edited by liamail; 13-12-2011 at 12:58.
liamail is offline   Reply With Quote
Old 13-12-2011, 22:48   #13
Hex
Chemical Member
 
Hex's Avatar
 
Join Date: Aug 2000
Location: Ynys Môn
Posts: 2,266
Thanks: 1
Thanked 8 Times in 6 Posts
I think my passwords are generally safe, letter and 8 digit number - if they are going to brute force that it's over 10,000,000 combinations at least. I would make every site totally random if nothing ever logged you out but it'd annoy me too much looking them up every time i need to log in to something.
__________________
Mini Me
precious things
Hex is offline   Reply With Quote
Old 13-12-2011, 23:01   #14
Tempest
Trusted User
 
Tempest's Avatar
 
Join Date: Jun 2000
Location: Horley (Gatwick)
Posts: 27,940
Thanks: 1,346
Thanked 1,012 Times in 608 Posts
Quote:
Originally Posted by Dodgy View Post
What industry is your work Tempest?
That particular PC is linked to a CMM checking machine.
Tempest is offline   Reply With Quote
Old 14-12-2011, 07:26   #15
Torf
PSN : Torf
 
Torf's Avatar
 
Join Date: Oct 2000
Location: York, Oop Narth
Posts: 2,334
Thanks: 236
Thanked 137 Times in 64 Posts
Yup, good call. Reminded me of this xkcd strip which changed my password outlook forever

http://xkcd.com/936/
Torf is offline   Reply With Quote
Thanked 4 times by:
Chris Locke (22-12-2011), driver8 (14-12-2011), fattyboombatty (14-12-2011), liamail (14-12-2011)
Old 14-12-2011, 08:21   #16
phollan1
Trusted User
 
Join Date: Nov 2000
Location: Essex
Posts: 652
Thanks: 19
Thanked 2 Times in 2 Posts
Top 25 passwords, if you use any of these suggest you may want to change them

1. Password
2. 123456
3. 12345678
4. Qwerty
5. abc123
6. monkey
7. 1234567
8. Letmein
9. trustno1
10. dragon
11. baseball
12. 111111
13. Iloveyou
14. Master
15. Sunshine
16. Ashley
17. Bailey
18. passw0rd
19. shadow
20. 123123
21. 654321
22. Superman
23. Qazwsx
24. Michael
25. Football
phollan1 is offline   Reply With Quote
Thanked once by:
driver8 (14-12-2011)
Old 17-12-2011, 10:55   #17
Guest 3999
Got Hr0n?
 
Join Date: Mar 2001
Location: Sector 7G
Posts: 4,387
Thanks: 2
Thanked 10 Times in 4 Posts
one of my passwords is on that list, surprising as it is a random character generated years ago, but another one isnt on there and it is a common word!
Guest 3999 is offline   Reply With Quote
Old 17-12-2011, 11:27   #18
Dave h-j
Suitable for vegetarians
 
Dave h-j's Avatar
 
Join Date: May 2000
Location: Strangely Northern
Posts: 3,855
Thanks: 31
Thanked 35 Times in 30 Posts
Quote:
Originally Posted by Torf View Post
Yup, good call. Reminded me of this xkcd strip which changed my password outlook forever

http://xkcd.com/936/
Same here! All my passwords are now word combinations like this - so much easier to remember.
Dave h-j is offline   Reply With Quote
Old 17-12-2011, 12:28   #19
Tempest
Trusted User
 
Tempest's Avatar
 
Join Date: Jun 2000
Location: Horley (Gatwick)
Posts: 27,940
Thanks: 1,346
Thanked 1,012 Times in 608 Posts
I just read that Windows 8 is going to have some fancy dancy password thingy built into it. Not sure what it was as only glimpsed it, but was supposed to be good.

http://tehrantimes.com/science/93586...ween-computers


.

Last edited by Tempest; 17-12-2011 at 12:38.
Tempest is offline   Reply With Quote
Old 18-12-2011, 00:28   #20
Wooglie
Rurouni
 
Wooglie's Avatar
 
Join Date: May 2001
Location: Farnborough
Posts: 6,080
Thanks: 1,613
Thanked 1,088 Times in 465 Posts
Quote:
Originally Posted by Dave h-j View Post
Same here! All my passwords are now word combinations like this - so much easier to remember.
The problem I have is that most of my banks don't allow spaces in the password

Last edited by Wooglie; 18-12-2011 at 00:28.
Wooglie is offline   Reply With Quote
Reply

Bookmarks

Tags
hacking, passwords, Phishing, threat

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
It's time to update my web site.... Guest 17513 Computing Forum 42 15-03-2012 15:21
Nokia: Auto-update of date & time Guest 20850 Mobile Phone and Satellite Navigation Forum 11 02-11-2008 01:18
SE W950i time update problem MaleStrom Mobile Phone and Satellite Navigation Forum 1 17-04-2007 19:11
Windows Update time again internetuser Computing Forum 10 10-02-2005 01:33

All times are GMT. The time now is 05:13.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2021, vBulletin Solutions, Inc.qq
Copyright ©2000 - 2021 Network N Ltd.