Square Wheels Posted April 3, 2021 Share #1 Posted April 3, 2021 I just read an interesting article on cybersecurity and passwords. I can't link the article, it's password protected. Anyhow, saw this interesting chart on password strength and how long it would take to crack it. Link to comment Share on other sites More sharing options...
Ralphie ★ Posted April 3, 2021 Share #2 Posted April 3, 2021 My big question is how much do dictionary words matter? Some sources say don;t use real words, and others say the best way to make memorable passphrases is to use real words. I usually try to mangle them a little bit. 1 Link to comment Share on other sites More sharing options...
Square Wheels Posted April 3, 2021 Author Share #3 Posted April 3, 2021 I use a password keeper. I have some ridiculous passwords that could never be remembered. 1 Link to comment Share on other sites More sharing options...
maddmaxx ★ Posted April 3, 2021 Share #4 Posted April 3, 2021 It will still take almost 2 hours to crack my "password". That's assuming they can get past my "user name". 1 2 Link to comment Share on other sites More sharing options...
bikeman564™ Posted April 3, 2021 Share #5 Posted April 3, 2021 24 minutes ago, Square Wheels said: I use a password keeper. I have some ridiculous passwords that could never be remembered. tell them to us, we'll help you remember 1 Link to comment Share on other sites More sharing options...
BR46 Posted April 3, 2021 Share #6 Posted April 3, 2021 As safe as 2 Link to comment Share on other sites More sharing options...
Thaddeus Kosciuszko Posted April 3, 2021 Share #7 Posted April 3, 2021 So, if I read the chart correctly, it means a password that's three characters long can't be cracked, otherwise they would have listed that too. Asking for a friend... 1 1 1 Link to comment Share on other sites More sharing options...
2Far ★ Posted April 3, 2021 Share #8 Posted April 3, 2021 The greater the consequence, the more complex the password. I may or may not be in the 3ms category for this site. Like Ralph, I mangle some words for the longer ones. Link to comment Share on other sites More sharing options...
groupw Posted April 3, 2021 Share #9 Posted April 3, 2021 1 of my go to passwords is 84 days. It’s replacement is 7 years Link to comment Share on other sites More sharing options...
Zephyr Posted April 3, 2021 Share #10 Posted April 3, 2021 7 years for me. Link to comment Share on other sites More sharing options...
MickinMD ★ Posted April 3, 2021 Share #11 Posted April 3, 2021 I use obscure chemistry terms or short obscure phrases from books and movies that are well known to me and have an system of subbing capital letters, numbers, and special characters and end up with at least a 14 character password that's easy to remember. For example, one I won't use because it's too long and too commonly known is "Somewhere Over the Rainbow." I'd convert it to something like "S0mewhereOvertheR@!nb0w." I might also add a couple certain letters from the title of the site to the end of it. Some that has at least a couple capital letters, a couple numbers, and a couple special characters are the ones I choose. 1 Link to comment Share on other sites More sharing options...
Prophet Zacharia Posted April 3, 2021 Share #12 Posted April 3, 2021 Somewhere between 84 days and 7 years. Link to comment Share on other sites More sharing options...
Kzoo Posted April 3, 2021 Share #13 Posted April 3, 2021 Somewhere between 14 years and 670 years numeric, alpha with a cap and a special character for a total of 9 characters. Link to comment Share on other sites More sharing options...
Digital_photog ★ Posted April 3, 2021 Share #14 Posted April 3, 2021 For a short time when Ebay irritated me I changed the password to eBAY sUCKS. I didn't leave it like that too long. Would that one be secure? I feel safe telling you now that it is not my password. My Password is much better. Link to comment Share on other sites More sharing options...
Road Runner Posted April 3, 2021 Share #15 Posted April 3, 2021 I have passwords that match the difficulty level to the importance of the site. Sites where my financial assets may be obtained are protected by complex passwords and a second level of security, usually a special one time code. Link to comment Share on other sites More sharing options...
maddmaxx ★ Posted April 3, 2021 Share #16 Posted April 3, 2021 1 hour ago, Kzoo said: Somewhere between 14 years and 670 years numeric, alpha with a cap and a special character for a total of 9 characters. My actual passwords are like this. They contain a partial name of one of my pets, the year it was born, a couple of special characters and then the quarter of the year in which I created the password. Then of course because I'm no longer involved in classified development at work, I write it down in a password notebook. Link to comment Share on other sites More sharing options...
Dottleshead ★ Posted April 3, 2021 Share #17 Posted April 3, 2021 9 hours ago, Square Wheels said: I just read an interesting article on cybersecurity and passwords. I can't link the article, it's password protected. Anyhow, saw this interesting chart on password strength and how long it would take to crack it. I recently popped $150 for a 3 year subscription to password security company. You will never crack mine but if you do -- you get all of them. Link to comment Share on other sites More sharing options...
jsharr ★ Posted April 3, 2021 Share #18 Posted April 3, 2021 670 years plus 1 Link to comment Share on other sites More sharing options...
Dottleshead ★ Posted April 3, 2021 Share #19 Posted April 3, 2021 41 minutes ago, jsharr said: 670 years plus I'm onto you. I figure 669 years to go. But I could hit the winning lotto numbers. The jsharr SWC password is worth the wait. Link to comment Share on other sites More sharing options...
goldendesign Posted April 3, 2021 Share #20 Posted April 3, 2021 All of mine are in the in the 670 years plus range. All are 10+ Link to comment Share on other sites More sharing options...
LoneWolf Posted April 4, 2021 Share #21 Posted April 4, 2021 13 hours ago, Philander Seabury said: My big question is how much do dictionary words matter? Some sources say don;t use real words, and others say the best way to make memorable passphrases is to use real words. I usually try to mangle them a little bit. Well, to start with, the article is likely outdated. An eight-character password, with all its permutations (letters, numbers, capitals, special characters) can now be cracked by a system running multiple high-end graphics cards (which are incredibly skilled at this kind of computation) in under 24 hours. That's a brute-force crack, running the gamut of options. What matters most is length. For that reason, a passphrase is better than a password. Example that I use regularly: tobeornottobethatisthequestion While this is all dictionary words, the length makes it significantly more difficult. Now say I modify it further: ToBeOrNotToBeThatIsTheQuestion Harder yet. Now, let's say I use what we in the old days called, L33tSp3@k, just adding numbers. T0B30rN0tT0b3ThatIsTh3Qu3sti0n Still harder. Now, say I add symbols in: T0B30rN0tT0b3Th@t!sTh3Qu3st!0n Now it's a passphrase (so easier to remember) but composed of words, each word capitalized, converted to non-words with character substitution. Additional tips: 1. Get a password safe service, like LastPass, 1Password, or another one. Use a complex passphrase for it. Store all of your passwords there so you only have to remember one hard password. These services have cellphone apps, web browser plugins, etc. so you can use them on a tablet, smartphone, or computer. 2. On important sites (banking, financial, credit cards, medical, any billing sites or sites you've saved a credit card to, and your password safe) use two-factor authentication whenever possible, using a free smartphone app like Authy. This means you use not just a password, but a randomly generated code provided by the app to log in. This makes it extremely difficult; a password thief would have to clone your phone's SIM to replicate you. 3. Don't use the same password for every site. If you do, one site hacked means all your sites are. Any hacking group who gets the password will start testing it with your e-mail on the most common sites out there (Amazon, large banks, etc.), or if they don't, they may sell your credentials to someone who will. This is where your password vault service comes in handy; they can even randomly generate gibberish passwords for you. 4. Ensure your password service information and records are kept somewhere safe, but accessible to someone in your family you trust, so that if you should be hit by a bus or incapacitated, there is someone who can get access. Much like having a will, this will save your family from unexpected pain or hardship. 5. Password-protect your phone. It may be a hassle, but if someone were to steal your phone, they probably have half of your life just there for the taking. 6. Never provide your password or other personal information to someone who calls over the phone or e-mails claiming your accounts have been compromised. If that's true, you should be able to hang up on them, call your bank from their site's contact information, and confirm it -financial institutions and others like them will never ask for your private information over the phone. 1 Link to comment Share on other sites More sharing options...
Square Wheels Posted April 4, 2021 Author Share #22 Posted April 4, 2021 9 hours ago, LoneWolf said: 1. Get a password safe service, like LastPass, 1Password, or another one. Use a complex passphrase for it. Store all of your passwords there so you only have to remember one hard password. These services have cellphone apps, web browser plugins, etc. so you can use them on a tablet, smartphone, or computer. I'm using Keeper. It let it generate new passwords. They are silly hard. What if they get hacked? One stop shopping for all my passwords. Link to comment Share on other sites More sharing options...
LoneWolf Posted April 4, 2021 Share #23 Posted April 4, 2021 8 hours ago, Square Wheels said: I'm using Keeper. It let it generate new passwords. They are silly hard. What if they get hacked? One stop shopping for all my passwords. One can't completely guarantee anything. However, good practice is like escaping a bear. In most cases, you don't have to be the fastest, you just need to not be among the slowest. It's possible to also research your password service, find out their policy on handling security breaches, and their history. If you don't wish to use an online service, a free, Open-Source program like KeePass will do the job on your local computer, but I'd strongly recommend having a backup so you have more than one copy of your encrypted password database. I've done this in the past, but I need wider access to my passwords. I use LastPass myself, with two-factor authentication. Note also that password services generally have methods of encrypting what you save with ciphers that are difficult to break. Assuming you make a good password and use two-factor, it should be a fairly secure solution. Good companies are transparent. https://www.lastpass.com/security/what-if-lastpass-gets-hacked Link to comment Share on other sites More sharing options...
Tizeye Posted April 4, 2021 Share #24 Posted April 4, 2021 I am a firm believer in the KISS system. "Password" or if they insist upon numbers "Password123" is so simple that no one has figured it out yet. Link to comment Share on other sites More sharing options...
Road Runner Posted April 4, 2021 Share #25 Posted April 4, 2021 On 4/3/2021 at 8:08 AM, Square Wheels said: How safe is your password "How safe" is not my password. You don't get to dictate what my password should be! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now