Read more.If you use one of these passwords it's time to make a change...
Read more.If you use one of these passwords it's time to make a change...
monkey, dragon and superman... hmm!
So depressing to see 'password' topping this list, yet oh so predictable too.
The issue I have with password always topping this list, is that it is used by people who don't care if that account is stolen. For example you are forced to setup an account to access something for a one off. You make up a silly email address and use password.
If anything that is just as a secure as using something else as there is no link back to you and you don't care about the account.
That doesn't cover everything, but a fair portion of password as password could be this?
If they haven't done it by now...
VodkaOriginally Posted by Ephesians
Reminds me of the old joke in Spaceballs about the key code to planet druidia's shield.
(Paraphrased for memory):
Darth Helmet - 12345 - only an idiot would have that on his luggage
President (Just returning) - Have we got the password
Darth Helmet - 12345
President - Damn same code I have on my luggage. I better get it changed.
danroyle (24-11-2011)
How's about this: }~AW`D5%h\9^y.u3yH8a`18i[s9oi!J.
Of course, the real problem with a password that complex is that most web services wont even let you use it. Insecurity is inherent to the 'cloud'.
Problem I have (and I'm assuming that other folks are the same) is that quite a lot of websites put barriers in place to stop you using strong passwords - e.g. "SayNo-2-Hackers!". It's often that I find find low limits on length, and no non-alphanumeric characters.
Listening to the SecurityNow! podcast (which I find quite good) they seem to recommend the use of these fully-automated password managers. Personally I don't like these and prefer to use something simpler (a secure password storage) that stores the password but doesn't insist on supplying it to the browser itself. Mainly because a lot of banks seem to go in for these "supply characters X, Y and Z from your password" rather than a whole password.
Actually the software I use - B-Folders - seems to have pretty good encryption, a lot of convenience features, isn't that expensive, and can sync to all my desktop/laptops and mobile phone. If you're using one of these then there really isn't an excuse - other than laziness - for having short/stupid passwords. (And no, I don't work for the folks that do B-Folders).
Actually, there's an idea - I use B-Folders, and I know about KeePass and Roboform (the latter is one of those products that fills in logins for you), but are there any other password managers out there that fellow Hexus readers rate? Maybe this information would be helpful for folks who want to increase their security.
Am sure there was some web comic, xkcd or similar where they said that we are taught to create passwords that end up being easy to (bruteforce) crack, yet difficult to remember... and recommended using phrases "ThisIsMyAwesomePassword1$" instead of random gibberish...
Still... "password" is an easy one to remember and hasn't landed me in much trouble yet
I was reading an article a while back (I think it was on Lifehacker?) where they basically said the way forward with passwords is to drop the 'word' bit and make them pass phrases. The example they gave was something like 'Johnny went to the shops to buy a pint of milk', which is apparently harder to crack than even good 8-character passwords like 'J/ie3[F4' while still being as easy to remember as commonly used passwords like the ones in this article. Seemed like a fantastic idea to me. It's just a shame that it would be almost impossible to get it implemented universally.
Indeed. I have accounts on some sites that require a password between 6 and 8 characters and don't allow you to use special characters. But of course they require you to use at least one number so it's secure - right?
IIRC one of them's an internet banking site. Their developers need to be shot, frankly.
"In a perfect world... spammers would get caught, go to jail, and share a cell with many men who have enlarged their penises, taken Viagra and are looking for a new relationship."
https://www.grc.com/haystack.htm is quite informative - especially if you read the whole page.
It amused me that apparently "password" would take a brute-force of 6.91 years, whereas the very similar "P@ssw0rd" jumps up to 2130 centuries to b-f.
THIS ?
There are currently 1 users browsing this thread. (0 members and 1 guests)