Register Register

Author Topic: Strong Passwords? (And time to reset YOURS too)  (Read 12178 times)

OmniscientQ

  • Corporal
  • *
  • Posts: 60
    • MegaMek / BattleTech IRC Channel
Re: Strong Passwords? (And time to reset YOURS too)
« Reply #30 on: 30 January 2011, 16:12:00 »
I wrote them down as the series of numbers shown on the dice. They were tough at first, of course, but repetition made the most commonly-used ones easier. It wasn't too cumbersome.

KeePass is much easier to use, though now I don't know what my passwords are at all.
Q v2.0, Cluster Violet-6
End Transmission

Mattlov

  • Catalyst Demo Team
  • Lieutenant
  • *
  • Posts: 1202
  • Fnord.
Re: Strong Passwords? (And time to reset YOURS too)
« Reply #31 on: 03 February 2011, 23:53:51 »
Hell, I stayed logged in so long I don't even remember the password I had for the old forums...
"The rules technically allow all sorts of bad ideas." -Moonsword


Liam's Ghost

  • Major
  • *
  • Posts: 5468
  • Miss Chitty rejects your Clan rule.
Re: Strong Passwords? (And time to reset YOURS too)
« Reply #32 on: 04 February 2011, 18:07:39 »
In case folks aren't taking the security risk seriously, just today the email account of one of the board members has started spitting out emails that spit out malware.

Without the member's knowledge or consent I might add.

CHANGE YOUR DAMN PASSWORDS!
Good news is the lab boys say the symptoms of asbestos poisoning show an immediate latency of 44.6 years. So if you're thirty or over you're laughing. Worst case scenario you miss out on a few rounds of canasta, plus you've forwarded the cause of science by three centuries. I punch those numbers into my calculator, it makes a happy face.

(indirect accessory to the) Slayer of Monitors!

monbvol

  • Lieutenant Colonel
  • *
  • Posts: 9633
  • Flogging will continue until morale improves
Re: Strong Passwords? (And time to reset YOURS too)
« Reply #33 on: 05 February 2011, 00:48:09 »
In case folks aren't taking the security risk seriously, just today the email account of one of the board members has started spitting out emails that spit out malware.

Without the member's knowledge or consent I might add.

CHANGE YOUR DAMN PASSWORDS!

The screwed up part is as the former holder of that e-mail account I feel the need to add a few details.  First of all the password on that e-mail was not the same as my old forums password.  Second I did get a bit lax since the entire reason I created that e-mail was as a throw away junk account anyway and therefore no real loss on my part.

So even if you do have a variety of passwords change them every now and again.

SLDF_Spector

  • Sergeant
  • *
  • Posts: 162
Re: Strong Passwords? (And time to reset YOURS too)
« Reply #34 on: 05 February 2011, 00:54:07 »
The screwed up part is as the former holder of that e-mail account I feel the need to add a few details.  First of all the password on that e-mail was not the same as my old forums password.  Second I did get a bit lax since the entire reason I created that e-mail was as a throw away junk account anyway and therefore no real loss on my part.

So even if you do have a variety of passwords change them every now and again.

This is a good reason to use lastpass and the audit feature.
One day I will have a woman who's name doesn't end in jpg, bmp, or png.

garhkal

  • Major
  • *
  • Posts: 4908
Re: Strong Passwords? (And time to reset YOURS too)
« Reply #35 on: 05 February 2011, 06:38:27 »
The screwed up part is as the former holder of that e-mail account I feel the need to add a few details.  First of all the password on that e-mail was not the same as my old forums password.  Second I did get a bit lax since the entire reason I created that e-mail was as a throw away junk account anyway and therefore no real loss on my part.

So even if you do have a variety of passwords change them every now and again.

One of the guys i work with had his account hacked twice in 3 years...  He now changes his password(s) every 3 months.
It's not who you kill, but how they die!
You can't shoot what you can't see.
You can not dodge it if you don't know it's coming.

monbvol

  • Lieutenant Colonel
  • *
  • Posts: 9633
  • Flogging will continue until morale improves
Re: Strong Passwords? (And time to reset YOURS too)
« Reply #36 on: 05 February 2011, 12:23:42 »
One of the guys i work with had his account hacked twice in 3 years...  He now changes his password(s) every 3 months.

Which I'm actually pretty good about doing with my accounts that I actually care about.

garhkal

  • Major
  • *
  • Posts: 4908
Re: Strong Passwords? (And time to reset YOURS too)
« Reply #37 on: 05 February 2011, 22:51:25 »
I am somewhat lax, but then again, i am also lucky in none of mine have been hacked yet.
It's not who you kill, but how they die!
You can't shoot what you can't see.
You can not dodge it if you don't know it's coming.

Kamata Bodhisattva

  • Guest
Re: Strong Passwords? (And time to reset YOURS too)
« Reply #38 on: 16 February 2011, 08:32:21 »
I suppose I can understand the need for the stronger passwords, but I hate having it foisted on me.  In particularly I despise the mixing of letters and numbers.  It reminds me of the hated 733t53@k!  I can type a massively long passphrase that is just as strong as a mixed number and letter password, but noooo...  for some reason people have to tell me how my own passwords have to be structured.  Annoyance galore.

Sid

  • Lieutenant
  • *
  • Posts: 1342
Re: Strong Passwords? (And time to reset YOURS too)
« Reply #39 on: 16 February 2011, 09:32:17 »
I suppose I can understand the need for the stronger passwords, but I hate having it foisted on me.  In particularly I despise the mixing of letters and numbers.  It reminds me of the hated 733t53@k!  I can type a massively long passphrase that is just as strong as a mixed number and letter password, but noooo...  for some reason people have to tell me how my own passwords have to be structured.  Annoyance galore.

Disclaimer:  I'm not trying to tell you how you must structure your passwords.  Just explain how it works.

A long string of random letters will not be as strong as an equally strong mix of letters, numbers, and special characters.

Consider trying to crack a passcode of two characters, of which only 0s and 1s may be used.  Possible combinations will be 22 (or 4 total combinations) and they are:

00
01
10
11

Making the password three characters long will give us 23 combinations, or 8 total, which are:

000
001
010
011
100
101
110
111

Now if we were to try the same with 0-9... well, even just two character long passwords would have 102 combinations, or 100- I won't list them all here (It would be 00 - 99 ;) ).  That's 25 times as many combinations as before.  Likewise, making a password 3 characters long would be 103, or 1,000 different possible combinations (000-999), which is 125 times more difficult.  Note that while adding a third character to the password in the first case only doubled the amount of possibilities (from 4 to 8 ), when you're using a base set of 10 different characters, going from 2 to 3 multiplies it by the base number of characters- 10.

Adding a single number, or better yet, adding a single number and a special character (such as @,$, or #) will change the number of possible combinations a password cracker has to try to guess a password correctly from millions  to quintillions or even more.  In other words, instead of taking a couple hours to crack a password, it takes weeks or even months.

In the end, using a mix of lower and upper base characters is far more simpler than using lower and upper case letters with numbers and special characters.  Adding just numbers isn't as strong as adding just upper case letters, sure, but it still makes it significantly more difficult for a cracker to guess the password.

 
Formerly known as 'Phad'

garhkal

  • Major
  • *
  • Posts: 4908
Re: Strong Passwords? (And time to reset YOURS too)
« Reply #40 on: 17 February 2011, 06:48:37 »
I suppose I can understand the need for the stronger passwords, but I hate having it foisted on me.  In particularly I despise the mixing of letters and numbers.  It reminds me of the hated 733t53@k!  I can type a massively long passphrase that is just as strong as a mixed number and letter password, but noooo...  for some reason people have to tell me how my own passwords have to be structured.  Annoyance galore.

As someone who works in the IT field, i can say that just making your P.word just a bunch of words (that are in the dictionary) makes it a lot easier to crack than one with a mix of letters and numbers...

Up....  Sid said it better than i could.
It's not who you kill, but how they die!
You can't shoot what you can't see.
You can not dodge it if you don't know it's coming.

BirdofPrey

  • Major
  • *
  • Posts: 3591
Re: Strong Passwords? (And time to reset YOURS too)
« Reply #41 on: 20 February 2011, 16:54:20 »
The reason most people come up with weak passwords is that they can't remember the good ones, so here's a tip:  Bake memory cues into the password.
The best passwords are a mix of upper and loser case with numbers and symbols mixed in, but I remember words, so remembering gibberish or randomly capitalized letters is tough for me, so I chose a word, append a multi digit number to the end and then use the numbers as a capitalization guide.  Since the hint is part of the password they have to guess the password to get the hint, so it's not as bad as leaving a sticky note attached to your monitor (but none of you do that right?)

Neko_Bijin

  • Lieutenant
  • *
  • Posts: 1523
  • Alpha Strike naïf
Re: Strong Passwords? (And time to reset YOURS too)
« Reply #42 on: 20 February 2011, 21:16:18 »
I've already forgotten my forum password.  How do I get it emailed to myself so I can change it?
"Lord Kurita is merciful.  You will be spared the humiliation of a trial.  Instead, you are invited to dine with your sainted ancestors.  You don't follow?  Let me rephrase.  I am about to run you through with my sword.  Now you get the picture?  Good."

CrossfirePilot

  • Captain
  • *
  • Posts: 1833
Re: Strong Passwords? (And time to reset YOURS too)
« Reply #43 on: 20 February 2011, 23:15:44 »
In the unlikely event that people use the exact same passwords for their emails, facebook/twitter/social net accounts, bank accounts, and stuff like that.

and luggage!

garhkal

  • Major
  • *
  • Posts: 4908
Re: Strong Passwords? (And time to reset YOURS too)
« Reply #44 on: 23 February 2011, 05:27:46 »
so it's not as bad as leaving a sticky note attached to your monitor (but none of you do that right?)

Our last command security manager got BUSTED by the co for doing just that...
It's not who you kill, but how they die!
You can't shoot what you can't see.
You can not dodge it if you don't know it's coming.

Xtrahmxwohld

  • Catalyst Demo Team
  • Lieutenant
  • *
  • Posts: 1388
  • Utinni! A beton nya mombay m'bwa!
Re: Strong Passwords? (And time to reset YOURS too)
« Reply #45 on: 08 March 2011, 16:34:02 »
so it's not as bad as leaving a sticky note attached to your monitor (but none of you do that right?)

our users don't do that, they have a sticky note on the bottom of their keyboard.

When users resort to that, then you can't tell me that forced password changes every X months is more secure than 1 strong password that doesn't expire.
CDT Agent #319

garhkal

  • Major
  • *
  • Posts: 4908
Re: Strong Passwords? (And time to reset YOURS too)
« Reply #46 on: 09 March 2011, 06:52:22 »
Na.. i just log in using it, and leave a nasty gram for them....
It's not who you kill, but how they die!
You can't shoot what you can't see.
You can not dodge it if you don't know it's coming.

JamesPryde

  • Corporal
  • *
  • Posts: 85
  • Star Captain James Pryde
Re: Strong Passwords? (And time to reset YOURS too)
« Reply #47 on: 21 May 2011, 15:55:25 »
It's just a shame that we have to go through all this at all. This is a place of fun and interaction too bad some are just bad apples out there messing it up. It's a minor nucance for me since I need over 27 different passwords for work anyway. :'(
Star Captain James Pryde
Black Eagle Trinary

Major "Jumpin'" Jack Damien
Jack's Jesters

GRUD

  • Captain
  • *
  • Posts: 1870
  • Quinn's Quads - 'Mechs on the March!
Re: Strong Passwords? (And time to reset YOURS too)
« Reply #48 on: 23 May 2011, 03:29:05 »
Several years ago (7 or 8?) I read in some PC magazine about a way to foil keylogging programs. You open a notepad (or WordPad) file, then type every character on your keyboard. Then, you cut & paste each character to form your password. Thus, while the keylogging program may have logged that you typed EVERY character, when you cut & paste, it can't "see" you doing that!


I started a Notepad file way back when I read about it, and while I do re-use some of my passwords among different sites, I feel safe about doing it, since I've NEVER actually typed the passwords out. On the rare occasions I've had to use a public computer (like at the library), I'll do the same thing. Open a notepad file, type all the keys, then cut & paste my password.


That being said, since I've only got ONE password that consists of UC letters, LC letters, numbers and special characters, I'm thinking I might do that for the others.  #P 


What Fun that will be.  :P


Those of you with other characters on your keyboard can probably make your PWs even more complicated. Basically, I mean you folks that can type other languages in addition to English. For instance, "Øystein", from Norway, can type certain characters I can't. I only got his "Ø" like that because I cut & pasted it from his profile.  ;D From my keyboard, it would look like this "O". Anyway, here's how I typed my characters.

1234567890!@#$%^&*()-_=+[{]}\|;:'",<.>/?`~
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
To me, Repros are 100% Wrong, and there's NO  room for me to give ground on this subject. I'm not just an Immovable Object on this, I'm THE Immovable Object.

Mini Mule Avatar by Steve Ronin! (BTU)

Remember: Humor is NOT Tolerated here. Have a Nice Day!

Hey! Can't a guy get any Privacy around here!

Greyhind

  • Warrant Officer
  • *
  • Posts: 635
  • I'm Watching You
Re: Strong Passwords? (And time to reset YOURS too)
« Reply #49 on: 23 May 2011, 05:06:17 »
I would be very surprised if key-logging came close to outright hacking in terms of password stealing. I can't see many people having the guts for that sort of thing.

That said I have been known to type my password in chunks, using my cursor to select where the next character will go. This is both paranoid and not going to work - go me.