TipRadar.com - Forums and community

Full Version: Password Help
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2
With all the hacks going on, I thought this would be a good time to post this.

"Security companies and IT people constantly tells us that we should use complex and difficult passwords. This is bad advice, because you can actually make usable, easy to remember and highly secure passwords. In fact, usable passwords are often far better than complex ones.

So let's dive into the world of passwords, and look at what makes a password secure in practical terms."

Guests cannot see links. Registration or Login is required.
The problem is not the password if someone can hack into your system using a privilege escalation vulnerabilities or other holes..
True but 9 times out of 10 it is usually a pbcak. If the password is secure and the router and firewall is in place, then the fault is not theirs.
Also it's not a good idea to enforce dificult passwords. Users will start to use sticky yellow memo notes at their screens...
Password secure, but usable by anyone around that pc.:-/
Interesting, to give an example, my Wifi password is truly badass random. Anything I would be happy the the entropy of, was getting long to type manually, so once I'd decided it would be cut and paste, I used a random generator - and if somebody steals the USB key with my key, I have bigger problems than them getting on my Wifi. But maybe I was a victim of password paranoia.

Now for passwords that you will enter, there is another point, but first, a digression - on one shopping site, I needed to set a password, and resorted to the serial number of my mouse - great until the mouse packed up, and I replaced it!

You can generally divide password requirments into 3 levels of importance:
1. Business / Financial / Legal etc. - The highest security needed, and should never be shared across sites
2. Medium security
3. Throwaway - this is stuff you don't really care about, possibly things that you may put on bugmenot when you've done with them.

Sharing passwords can cause problems - in the game of Runescape, for instance, a fansite forum was hacked, and where people had used the same account name and password for both, their accounts were at risk. Sharing the same password across several accounts, means that the consequences of a compromise at one have wider implications.
I use 8 different passwords for my stuff. The good thing is that i remember all of them Naughty2
In the case of introducing password-history at my workplace, we saw users fall back to one password and add a number behind it.
Password1 this month, next month Password2 etc. There were just not many users who wanted to remeber all kinds of different passwords.
Back when I worked in accounting/data center, we changed our passwords weekly. I used to use Disney characters names as my password.
The strength of a password is a function of length, complexity, and unpredictability.

Guests cannot see links. Registration or Login is required.
or Guests cannot see links. Registration or Login is required.

Both free; both open source. cheers
Lastpass +1. For example complex small password RxD07♥&). It's hard to crack Wink.
Pages: 1 2