 |
|
13-12-2011, 07:24
|
#1
|
M0D2.0 (trainee)
Join Date: Jan 2003
Location: Malé, Maldives
Posts: 11,950
Thanks: 2,735
Thanked 2,860 Times in 1,254 Posts
|
Passwords - create & manage - online security apps & tools
There's an interesting article here at PC Pro about passwords & cracking - maybe nothing new, but it brings a lot of stuff together in a compact easy-read summary.
Next, you can check just how secure your passwords might be, here at the appropriately entitled How Secure Is My Password ? site.
But don't be too pleased with yourself just yet, cos thanks to a user post on that PC Pro article, you can see a common hacker 'dictionary' of 1 MILLION words and common passwords, collected & built up over the years - 16mb text file here. (This might crash your Notepad or Word, so open with Wordpad, and ctl-F to search for passwords. MS Word eventually told me this would need 30,000 pages to print, and contains 1.7+ million words & counting).
There's even a deluxe 70mb version containing over 30 MILLION passwords - " 192,916 of the passwords came from English dictionary, the remaining were collected from leaked databases from various websites (including major sites e.g. Sony Pictures, Gawker)". It would obviously be much better if the 'How Secure Is My Password?' site was to also search this list !
So you'll see that a 'dictionary' isn't really the book that we know in the true sense of the word. None of my passwords are in the Oxford English dictionary, and haven't been for as long as I can remember, but 2 of my major alpha-numeric ones are actually on that list !
So if you're now wanting to update your passwords, you don't need something like ge3ReswuprU7uKAT6ava from PCtools.com or 0_5{7guva>;:83r]d.4H from Password Generator.com - impossible to remember, so writing them down makes you vulnerable too.
Just try using normal phrases that are easy for you to remember, upper or lower case, and then just add a number or 2 - ILikeHam2001 or 1666TickleMySticks. Or if you really can't manage that, Make Me A Password.net will give you one that's easier to remember, like AnesthetizedSodomy or TransoceanicSelfabuse !
Stay safe, kids.
__________________
| initiative-Q = free cash! | flickr | FB | eos6d | erazer x6807 | marantz+canton 5.1 | benq w1090 | dt990 | paperwhite | lenovo a10 | redmi note 9s |
Last edited by driver8; 08-12-2018 at 11:26.
Reason: updated title
|
|
|
13-12-2011, 09:54
|
#2
|
On the sofa
Join Date: Dec 2001
Location: 800 yards from Woz and 12,500 miles from Bick
Posts: 1,670
Thanks: 5
Thanked 23 Times in 21 Posts
|
Hmmm, enter your password into a site called how secure is my password.....
__________________
Dave H
|
|
|
13-12-2011, 10:00
|
#3
|
Trusted User
Join Date: Oct 2000
Posts: 7,041
Thanks: 60
Thanked 44 Times in 18 Posts
|
Nothing wrong with writing your passwords down. If the main threat is from hackers on the Internet, they can't see inside that envelope you keep in the filing cabinet in the corner of your office.
Also, it's OK having a huge collection of dictionary and non-dictionary words to use to attack a database of passwords. But most of the time, you will be attacking 'online' so you only get a finite number of attempts before account lockout anyway. These massive collections of passwords are only good against an offline attack, and in an offline attack, the attacker has probably already compromised the server that he got your passwords from anyway.
I reckon the biggest risk is people who use the same (even massively strong 25 character) password on multiple sites. Some site admins have no way of seeing your passwords, but many do. How many times have you requested a password reminder only to get an email with the plain text of your password? That means they're not hashing your password, and these are the kind of sites that if hacked, will leave you open to attack on any other sites where you've used the same password.
I wish forums, ecom sites etc were more open about how they protect your password.
Personally, I grade my passwords like so:
1. Banking (Paypal, banks or any site that could leave me financially exposed)
I have completely unique passwords for this category and they are changed every year or so.
2. Ecommerce (sites that may store my address, phone number, DOB, purchasing history) etc
These are also unique but don't change so often
3. Forums
Unique(ish)
You have to find your own method I suppose. But I think the vast majority use the same password for ALL sites. They must just keep their fingers crossed.
__________________
Gone elsewhere, cheers folks!
|
|
|
13-12-2011, 10:10
|
#4
|
Trusted User
Join Date: Jun 2000
Location: Horley (Gatwick)
Posts: 27,940
Thanks: 1,346
Thanked 1,012 Times in 608 Posts
|
We have a computer at work with a sticker on the front which says "Password = no password"
I'm not sure if that means there is no password, or that the password is "no password"
|
|
|
13-12-2011, 10:17
|
#5
|
Trusted User
Join Date: Oct 2000
Posts: 7,041
Thanks: 60
Thanked 44 Times in 18 Posts
|
What industry is your work Tempest?
__________________
Gone elsewhere, cheers folks!
|
|
|
13-12-2011, 10:24
|
#6
|
Gamertag: Kiruji
Join Date: Jun 2001
Location: Telford
Posts: 3,956
Thanks: 36
Thanked 15 Times in 9 Posts
|
None of my passwords are on that list. I use a method to create an easily remembered unique password for everything I need one for - so if a site I use gets compromised, the password doesn't work on anything else anyway.
|
|
|
13-12-2011, 11:00
|
#7
|
Rurouni
Join Date: May 2001
Location: Farnborough
Posts: 6,080
Thanks: 1,613
Thanked 1,088 Times in 465 Posts
|
Quote:
Originally Posted by ffc
Hmmm, enter your password into a site called how secure is my password.....
|
Yeah that was my initial thought.
Edit: It only uses javascript, so shouldn't be sending anything back to the server.
Last edited by Wooglie; 13-12-2011 at 11:01.
|
|
|
13-12-2011, 11:58
|
#8
|
Trusted User
Join Date: May 2004
Posts: 10,628
Thanks: 100
Thanked 40 Times in 18 Posts
|
I have a system in place so that every website has a different password, but I wish there was some standardisation. So many say You can't have non alpha-numeric characters, or force you to have some. Some force you to have a number, some force you to have one cap. The amount of times I go to a site and can't remember the password because they don't confirm to a standard is way too often.
|
|
|
13-12-2011, 12:20
|
#9
|
Trusted User
Join Date: May 2001
Location: East Northants
Posts: 3,697
Thanks: 73
Thanked 92 Times in 48 Posts
|
I use Keepass - the main thing is to use a different password per site definitely.
|
|
|
13-12-2011, 12:36
|
#10
|
Breast milk addict!
Join Date: Nov 2000
Location: Up Ya Arse!
Posts: 3,502
Thanks: 4
Thanked 9 Times in 7 Posts
|
I use words from the current doc, magazine, newspaper I'm reading at the time to make up my passwords for all the sites I need to keep secure. For others like forum sites I again tend to use a sequence of words but they are in the main the same for all the forums.
Hmm, maybe I shouldn't have said the above
__________________
Regards
|
|
|
13-12-2011, 12:54
|
#11
|
stop staring at my knob
Join Date: Aug 2002
Posts: 2,284
Thanks: 86
Thanked 56 Times in 27 Posts
|
Quote:
Originally Posted by driver8
|
And after that you can check if your card number is compromised at ismycreditcardstolen.com
Quote:
Originally Posted by Tempest
We have a computer at work with a sticker on the front which says "Password = no password"
I'm not sure if that means there is no password, or that the password is "no password" 
|
Or perhaps that having password as your password is the same as no password
__________________
It appears my hypocrisy knows no bounds...
Last edited by liamail; 13-12-2011 at 13:01.
|
|
|
13-12-2011, 12:57
|
#12
|
stop staring at my knob
Join Date: Aug 2002
Posts: 2,284
Thanks: 86
Thanked 56 Times in 27 Posts
|
.
Last edited by liamail; 13-12-2011 at 12:58.
|
|
|
13-12-2011, 22:48
|
#13
|
Chemical Member
Join Date: Aug 2000
Location: Ynys Môn
Posts: 2,266
Thanks: 1
Thanked 8 Times in 6 Posts
|
I think my passwords are generally safe, letter and 8 digit number - if they are going to brute force that it's over 10,000,000 combinations at least. I would make every site totally random if nothing ever logged you out but it'd annoy me too much looking them up every time i need to log in to something.
|
|
|
13-12-2011, 23:01
|
#14
|
Trusted User
Join Date: Jun 2000
Location: Horley (Gatwick)
Posts: 27,940
Thanks: 1,346
Thanked 1,012 Times in 608 Posts
|
Quote:
Originally Posted by Dodgy
What industry is your work Tempest?
|
That particular PC is linked to a CMM checking machine.
|
|
|
14-12-2011, 07:26
|
#15
|
PSN : Torf
Join Date: Oct 2000
Location: York, Oop Narth
Posts: 2,334
Thanks: 236
Thanked 137 Times in 64 Posts
|
Yup, good call. Reminded me of this xkcd strip which changed my password outlook forever
http://xkcd.com/936/
|
|
|
14-12-2011, 08:21
|
#16
|
Trusted User
Join Date: Nov 2000
Location: Essex
Posts: 652
Thanks: 19
Thanked 2 Times in 2 Posts
|
Top 25 passwords, if you use any of these suggest you may want to change them
1. Password
2. 123456
3. 12345678
4. Qwerty
5. abc123
6. monkey
7. 1234567
8. Letmein
9. trustno1
10. dragon
11. baseball
12. 111111
13. Iloveyou
14. Master
15. Sunshine
16. Ashley
17. Bailey
18. passw0rd
19. shadow
20. 123123
21. 654321
22. Superman
23. Qazwsx
24. Michael
25. Football
|
|
|
17-12-2011, 10:55
|
#17
|
Got Hr0n?
Join Date: Mar 2001
Location: Sector 7G
Posts: 4,387
Thanks: 2
Thanked 10 Times in 4 Posts
|
one of my passwords is on that list, surprising as it is a random character generated years ago, but another one isnt on there and it is a common word!
|
|
|
17-12-2011, 11:27
|
#18
|
Suitable for vegetarians
Join Date: May 2000
Location: Strangely Northern
Posts: 3,855
Thanks: 31
Thanked 35 Times in 30 Posts
|
Quote:
Originally Posted by Torf
Yup, good call. Reminded me of this xkcd strip which changed my password outlook forever
http://xkcd.com/936/
|
Same here! All my passwords are now word combinations like this - so much easier to remember.
|
|
|
17-12-2011, 12:28
|
#19
|
Trusted User
Join Date: Jun 2000
Location: Horley (Gatwick)
Posts: 27,940
Thanks: 1,346
Thanked 1,012 Times in 608 Posts
|
I just read that Windows 8 is going to have some fancy dancy password thingy built into it. Not sure what it was as only glimpsed it, but was supposed to be good.
http://tehrantimes.com/science/93586...ween-computers
.
Last edited by Tempest; 17-12-2011 at 12:38.
|
|
|
18-12-2011, 00:28
|
#20
|
Rurouni
Join Date: May 2001
Location: Farnborough
Posts: 6,080
Thanks: 1,613
Thanked 1,088 Times in 465 Posts
|
Quote:
Originally Posted by Dave h-j
Same here! All my passwords are now word combinations like this - so much easier to remember.
|
The problem I have is that most of my banks don't allow spaces in the password
Last edited by Wooglie; 18-12-2011 at 00:28.
|
|
|
Thread Tools |
|
Display Modes |
Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is On
|
|
|
All times are GMT. The time now is 05:13.
|
|