Jump to content

How safe is your password

Square Wheels

By Square Wheels
in The Café

 Share

Recommended Posts

MickinMD KOM / QOM

MickinMD

Posted
Posted

I use obscure chemistry terms or short obscure phrases from books and movies that are well known to me and have an system of subbing capital letters, numbers, and special characters and end up with at least a 14 character password that's easy to remember.  For example, one I won't use because it's too long and too commonly known is "Somewhere Over the Rainbow."  I'd convert it to something like "S0mewhereOvertheR@!nb0w." I might also add a couple certain letters from the title of the site to the end of it.  Some that has at least a couple capital letters, a couple numbers, and a couple special characters are the ones I choose.

  • Heart 1
Link to comment
Share on other sites
maddmaxx Flahute

maddmaxx

Posted
Posted
1 hour ago, Kzoo said:

Somewhere between 14 years and 670 years numeric, alpha with a cap and a special character for a total of 9 characters.

My actual passwords are like this.  They contain a partial name of one of my pets, the year it was born, a couple of special characters and then the quarter of the year in which I created the password.

Then of course because I'm no longer involved in classified development at work, I write it down in a password notebook.

Link to comment
Share on other sites
Dottleshead Flahute

Dottleshead

Posted
Posted
9 hours ago, Square Wheels said:

I just read an interesting article on cybersecurity and passwords.  I can't link the article, it's password protected.

Anyhow, saw this interesting chart on password strength and how long it would take to crack it.

image.png

I recently popped $150 for a 3 year subscription to password security company. You will never crack mine but if you do -- you get all of them.

Link to comment
Share on other sites
LoneWolf Baroudeur

LoneWolf

Posted
Posted
13 hours ago, Philander Seabury said:

My big question is how much do dictionary words matter?  Some sources say don;t use real words, and others say the best way to make memorable passphrases is to use real words.  I usually try to mangle them a little bit.

Well, to start with, the article is likely outdated.

An eight-character password, with all its permutations (letters, numbers, capitals, special characters) can now be cracked by a system running multiple high-end graphics cards (which are incredibly skilled at this kind of computation) in under 24 hours. That's a brute-force crack, running  the gamut of options.

What matters most is length. For that reason, a passphrase is better than a password.

Example that I use regularly:

tobeornottobethatisthequestion

While this is all dictionary words, the length makes it significantly more difficult.  Now say I modify it further:

ToBeOrNotToBeThatIsTheQuestion

Harder yet.  Now, let's say I use what we in the old days called, L33tSp3@k, just adding numbers.

T0B30rN0tT0b3ThatIsTh3Qu3sti0n

Still harder. Now, say I add symbols in:

T0B30rN0tT0b3Th@t!sTh3Qu3st!0n

Now it's a passphrase (so easier to remember) but composed of words, each word capitalized, converted to non-words with character substitution.

Additional tips:

1.  Get a password safe service, like LastPass, 1Password, or another one. Use a complex passphrase for it. Store all of your passwords there so you only have to remember one hard password. These services have cellphone apps, web browser plugins, etc. so you can use them on a tablet, smartphone, or computer.

2. On important sites (banking, financial, credit cards, medical, any billing sites or sites you've saved a credit card to, and your password safe) use two-factor authentication whenever possible, using a free smartphone app like Authy. This means you use not just a password, but a randomly generated code provided by the app to log in. This makes it extremely difficult; a password thief would have to clone your phone's SIM to replicate you.

3. Don't use the same password for every site. If you do, one site hacked means all your sites are. Any hacking group who gets the password will start testing it with your e-mail on the most common sites out there (Amazon, large banks, etc.), or if they don't, they may sell your credentials to someone who will. This is where your password vault service comes in handy; they can even randomly generate gibberish passwords for you.

4. Ensure your password service information and records are kept somewhere safe, but accessible to someone in your family you trust, so that if you should be hit by a bus or incapacitated, there is someone who can get access. Much like having a will, this will save your family from unexpected pain or hardship.

5. Password-protect your phone. It may be a hassle, but if someone were to steal your phone, they probably have half of your life just there for the taking.

6. Never provide your password or other personal information to someone who calls over the phone or e-mails claiming your accounts have been compromised. If that's true, you should be able to hang up on them, call your bank from their site's contact information, and confirm it -financial institutions and others like them will never ask for your private information over the phone.

  • Heart 1
Link to comment
Share on other sites
Square Wheels Flahute

Square Wheels

Posted
  • Author
Posted
9 hours ago, LoneWolf said:

1.  Get a password safe service, like LastPass, 1Password, or another one. Use a complex passphrase for it. Store all of your passwords there so you only have to remember one hard password. These services have cellphone apps, web browser plugins, etc. so you can use them on a tablet, smartphone, or computer.

I'm using Keeper.  It let it generate new passwords.  They are silly hard.

What if they get hacked?  One stop shopping for all my passwords.

Link to comment
Share on other sites
LoneWolf Baroudeur

LoneWolf

Posted
Posted
8 hours ago, Square Wheels said:

I'm using Keeper.  It let it generate new passwords.  They are silly hard.

What if they get hacked?  One stop shopping for all my passwords.

One can't completely guarantee anything. However, good practice is like escaping a bear. In most cases, you don't have to be the fastest, you just need to not be among the slowest. It's possible to also research your password service, find out their policy on handling security breaches, and their history. If you don't wish to use an online service, a free, Open-Source program like KeePass will do the job on your local computer, but I'd strongly recommend having a backup so you have more than one copy of your encrypted password database. I've done this in the past, but I need wider access to my passwords.

I use LastPass myself, with two-factor authentication.  Note also that password services generally have methods of encrypting what you save with ciphers that are difficult to break. Assuming you make a good password and use two-factor, it should be a fairly secure solution. Good companies are transparent.

https://www.lastpass.com/security/what-if-lastpass-gets-hacked

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...