|
Passwords.. how good is yours?
With my background in computer security, I'm always looking for ways to help people realize how important some simple passwords of decent strength can be -- especially for things like bank accounts, PayPal/Amazon accounts and other critical stuff. Forums and the likes of Facebook could be just as bad (depending on information stored). At the least it can mean reputation or personal identity info release/harmed.
Length of password and how often you change it determines how strong it is. If you use the same password for 10 years, it's likely it's been broken at some point or will be soon (regardless of how strong it is -- it's always a matter of time) Anyways, if you wanted to find out how strong your password is check out here: http://www.grc.com/haystack.htm At present mine is: Online Attack Scenario: (Assuming one thousand guesses per second)4.06 hundred million trillion centuries Offline Fast Attack Scenario: (Assuming one hundred billion guesses per second)4.06 trillion centuries Massive Cracking Array Scenario: (Assuming one hundred trillion guesses per second)4.06 billion centuries |
Thanks Linus. Appreciate the help.
|
How Big is Your Haystack?
Quote:
|
Password manager/strong passwords
Great topic Linus. I want to add two things to this topic.
1) Creating a strong password. I use a cipher technique to make any password that I think I might have to type in (like the password to login to my laptop or my workstation). Take a word or phrase you will remember, then shift your keystrokes in some direction. For example, if you take applepie (which would be a horrible password) and shift it up and left you get Q00o3083. If you want to be really crafty you can change some of those numbers into symbols so Q00o#)83. Now, someone attempting to break your password has to to determine what your starting word is and what your cipher scheme is. With this, even an 8-character password becomes unguessable by sheer luck or brute force. 2) Buy a password manager. For *everything* else, I use a password manager. This is a piece of software that plugs into your browser and will remember passwords for you and will also create strong passwords for you that you need not remember. You secure it with a master password so instead of having to remember your password for your bank, and your electric company, and your phone company, etc. you remember the master password. The one I use is called 1 Password . It works on Mac, Windows, iPhone, iPad and Android. I use it on both my employer-provided Windows box and my phone and my Mac and when I buy an iPad later this year, I'll throw it on that as well. The beauty of this is that it can sync using Dropbox or over your WiFi so the password file is always up to date regardless of the device. It's strength is creating strong password. Although my cipher scheme is workable and creates passwords that are reasonably strong, 1 Password allows you to use passwords that you simply couldn't remember. Here are three that I randomly generated as an example (i.e. this isn't the password to my bank account). 1 Password will run you $39.99 for the Mac or PC version and another $5.00 for the iOS version. But very well worth it! yot4med5hib4ced Z{8h?3dqW6(:42J 4a4p6x;KtM8B>U8;@6Dy As you can see, those passwords are all but unguessable and anyone this side of a national intelligence agency (like the NSA) would have a hell of a time cracking it. Cheers Aj |
I'm certainly not computer savvy, however, we change our passwords at work about once a month and you have to get creative to come up with different ones every time. I have a trick of spelling words backwards and then additionally ALWAYS adding at least one symbol and a series of numbers. Keep the tips coming!!!!! http://dl.glitter-graphics.net/pub/5...t0gnjo0n7k.gif |
Quote:
:sparklyheart: |
And folks? NEVER, ever use "abc123", "password" or "fuckyou".
This will surely get you hacked. |
Quote:
|
Question: I once advised some friends (well, colleagues) that you could use your childhood phone number, along with a letter or two. Area code included depending on how many characters you need. They liked that because it was easy to remember what the number was, as well as what they'd decided to use as a password.
I understand the limited longevity, but in general, is there anything to say about that? |
Quote:
(eagerly awaiting replies from the tech people) :sparklyheart: |
Quote:
For example, I consider myself Buddhist but if I use a phrase or quote out of the Torah or Koran or a quote from Brian Green's "The Hidden Reality", that'd be unexpected and not something easily known about me. |
Quote:
|
Thanks Linus! Also, do not use your pets names, or your favorite food, beverage, or perfume/cologne, and so on. Rosie and I have lost our laptop due to a trojan virus. And this virus just kept reproducing causing us a lot of money, time, and tears. If you are ever up in age, and the computer is your lifeline, you will understand how I felt.
|
I use my son's nickname from when he was a toddler (which is only known to family) and a mixture of his middle school id and my college id. Don't know how sucky that is or how hard it would be to crack though. It's 13 characters.
|
I also wanted to add on here to this topic that some will publish your address list, and if you send a private email to one person, everyone who is in your address list will receive it. This is only just an ounce of what happened to Rosie and myself. I think the people were trying to humiliate us or shame us in some way. At least we know who we can trust and who is honest with us. Changing passwords and all of that was just not enough for our cheap Dell laptop from Wal-Mart. I think we spent maybe $500 for everything. So with that said, we decided that it would be best to use the library or another one. The sad part is that I didn't get the virus from looking at porn. Go figure. :|
|
Quote:
Quote:
I play a number guessing game with my students, and as soon as they figure out what 'kind' of number it is, it's all over for the person with the secret number. I think my students are wonderful, of course, but they can't guess-and-check as fast as a computer can. |
I was operating on the assumption that the childhood phone number would long ago have been taken out of operation. Maybe that comes from roaming far from home....
I see your point, though: here in New England, that number would be pretty traceable for all the people in their 40s who still "drive out to their parents'" every weekend. |
So I went through variations on the haystack site.... It seems like you really need something complicated to pump up that last number. A massive array attack, or whatever.
I had to think: who would ever care so much about my data that they'd go to such trouble? I mean, it's like identity theft. Whenever I hear that, I think, Oh, do me the favor! Steal my identity, please! |
Quote:
I know you were joking, but identity theft literally steals who you are on paper and you have little to NO control over it. Some organizations can or try to help, but once it's stolen once, it's easier for it to happen again and again. One person who took my information sold it to another and so on and so forth. Next thing you know, I've got thousands of dollars of stuff in my name in places I've never knew existed, much less visited or lived. My grandfather had over $10,000 charged to a single card less than ten minutes after the guy got his info. It makes living your life.....buying a car because your's broke down....getting a loan with a reasonable interest rate....securing good insurance....difficult. Sorry, but that wasn't funny to me. You asked who would care. Well, they DON'T care. That's the thing. You are just a set of numbers and some random information to them; not a live person who is trying to live your life. Unless, of course, the person who steals your identity is someone you know. It's much worse then, I think. |
I'm sorry that wasn't funny to you. It can be hard to predict what someone won't find funny.
|
| All times are GMT -6. The time now is 03:59 PM. |
ButchFemmePlanet.com
All information copyright of BFP 2018