Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsOff topicYour password strength
freitasm

BDFL - Memuneh
79253 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

#249021 20-Apr-2019 08:54
Send private message

If you ever had doubts that reusing passwords is a costly mistake; that adding a number to the end of your previous password is stupid; if longer random-generated passwords are a burden, then read this article.

 

 




Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3 | 4 | 5 | 6
dc2daylight
87 posts

Master Geek


  #2221385 20-Apr-2019 09:17
Send private message

Great article there freitasm, thanks.

 

 

What I tell my parents is more or less:

 

 

1) Don't use a term connected to your life in any way if possible.

 

2) Ideally don't use any english dictionary words, and do combine words from more than one language or make up a new one.

 

3) Always mix upper and lower cases mid-word to your own fuzzy logic.

 

4) Always make them at least 8 'random' characters plus a pass-phrase.

 

5) Always include some symbols.

 

 

Mi5 put out a good guide to corporate password creation, which suggested less length and more entropy, the article is online. A pass-phrase is suggested in combination with random characters as I recall. This is all about compromise in the sense of being reasonable (excuse the pun), because to their logic it is far better to have a password which is easily memorable yet still reasonably secure, than a non-memorable one which may be forgotten or lost while very secure, or a very easily memorable one which is not secure at all.

 

 

*addition of "do"*



freitasm

BDFL - Memuneh
79253 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #2221386 20-Apr-2019 09:20
Send private message

I wouldn't even include a passphrase. Just get LastPass and generate 20 - 25 character random passwords. Password managers are there so you don't have to remember those things.

 

Sometimes services do stupid things too. Some limit you to eight characters passwords, or sixteen - if you are encrypting and hashing then the length shouldn't matter. As soon as I see these restrictions I know these guys are doing it wrong...




Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup

Jase2985
13457 posts

Uber Geek

ID Verified
Lifetime subscriber

  #2221387 20-Apr-2019 09:21
Send private message

i use a password manager and 12 digit randomly generated alphanumeric passwords with characters.

 

more than adequate for most things



dc2daylight
87 posts

Master Geek


  #2221390 20-Apr-2019 09:39
Send private message

I don't advocate for using a password manager because of the possibility of platform compromise, but accept that in the real world this is often necessary. Non security professionals such as myself and others always vary about this issue, and seemingly so to do people who work in security.

 

 

My other perspective is that it's not actually that hard to memorize semi-complex strings, if you use mneumonics and repetition, or even some rhyme or timing. The more you look at your password manager/napkin for a hint, and occasionally cover up a few characters, the more easily you will achieve memorisation. In saying this my total amount of regularly used passwords is a lot less than most other geeks I would say, so it's easier for me to not use a password manager in day to day use.

 

 

If you think about it - when you learnt your primary spoken language as a child, that would have appeared to be 'gobbledygook' at first, but eventually thousands of words which you may not have known the precise contextual meaning for became easily recallable knowledge, a bit like how when you learn to ride a bike at first it is hard, and then becomes muscle memory with no concentration required. The same neurological process of learning applies to keyboards and muscle memory.

Jase2985
13457 posts

Uber Geek

ID Verified
Lifetime subscriber

  #2221393 20-Apr-2019 09:47
Send private message

its hard to memorize 50+ passwords especially when they are complex and especially when you change them regularly.

 

 

k1w1k1d
1519 posts

Uber Geek


  #2221394 20-Apr-2019 09:48
Send private message

So Passw0rd won't cut it now days?

Jase2985
13457 posts

Uber Geek

ID Verified
Lifetime subscriber

  #2221395 20-Apr-2019 09:49
Send private message

k1w1k1d:

 

So Passw0rd won't cut it now days?

 

 

no you should be using P@ssw0rd now

 
 
 
 

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.
k1w1k1d
1519 posts

Uber Geek


  #2221396 20-Apr-2019 09:57
Send private message

Thanks, I will change it today.

CYaBro
4582 posts

Uber Geek

ID Verified
Trusted

  #2221399 20-Apr-2019 10:07
Send private message

dc2daylight: I don't advocate for using a password manager because of the possibility of platform compromise, but accept that in the real world this is often necessary. Non security professionals such as myself and others always vary about this issue, and seemingly so to do people who work in security. My other perspective is that it's not actually that hard to memorize semi-complex strings, if you use mneumonics and repetition, or even some rhyme or timing. The more you look at your password manager/napkin for a hint, and occasionally cover up a few characters, the more easily you will achieve memorisation. In saying this my total amount of regularly used passwords is a lot less than most other geeks I would say, so it's easier for me to not use a password manager in day to day use. If you think about it - when you learnt your primary spoken language as a child, that would have appeared to be 'gobbledygook' at first, but eventually thousands of words which you may not have known the precise contextual meaning for became easily recallable knowledge, a bit like how when you learn to ride a bike at first it is hard, and then becomes muscle memory with no concentration required. The same neurological process of learning applies to keyboards and muscle memory.

 

 

 

Have a look at MyKi.

 

It doesn't store any passwords online, they are only stored on your own systems.

 

 




Opinions are my own and not the views of my employer.

amiga500
1484 posts

Uber Geek
Inactive user


  #2221413 20-Apr-2019 10:50
Send private message

My on-line life got much less annoying once I started using a password manager!

sparkz25
750 posts

Ultimate Geek
Inactive user


  #2221419 20-Apr-2019 11:28
Send private message

This is a good test on you password strength

 

https://howsecureismypassword.net/

 

And this is good to see if you password has been pwned

 

https://haveibeenpwned.com/Passwords

 

I use these a bit for clients to show them how crap their password is and how long it will take to crack their crappy password

FineWine
2981 posts

Uber Geek

Trusted
Nurse (R)
Lifetime subscriber

  #2221444 20-Apr-2019 12:56
Send private message

amiga500: My on-line life got much less annoying once I started using a password manager!

 

+1

 

Since I started using 1Password for macOS & iOS about 4 years ago, my on-line life most certainly got a lot less annoying and more secure. Prior to that I had an A4 sheet, hidden under the desks leather blotter side flap, listing approximately 75 passwords, a lot were repeats like for forum sites. Banks, email, government, computer system admin, were all individual. What a BPITA it was. Now all I have to remember is the Master Password for 1Password for my current 123 individual, minimum 24 character, passwords and my computer system admin password both of which are 24 mixed characters. I have yet to go so far as the store my credit card, passport etc details in 1password though.




Whilst the difficult we can do immediately, the impossible takes a bit longer. However, miracles you will have to wait for.

Geektastic
17942 posts

Uber Geek

Trusted
Lifetime subscriber

  #2221445 20-Apr-2019 13:05
Send private message

I like short phrases or character names from books I've read.





Geektastic
17942 posts

Uber Geek

Trusted
Lifetime subscriber

  #2221447 20-Apr-2019 13:08
Send private message

sparkz25:

This is a good test on you password strength


https://howsecureismypassword.net/


And this is good to see if you password has been pwned


https://haveibeenpwned.com/Passwords


I use these a bit for clients to show them how crap their password is and how long it will take to crack their crappy password



Very happy that the Dashlane site you linked to another told me one of my passwords would take 607 million years to crack.

I can live with that risk....





timmmay
20575 posts

Uber Geek

Trusted
Lifetime subscriber

  #2221452 20-Apr-2019 13:18
Send private message

I use KeePass2 to randomly generate passwords. My geekzone password has 65 bits of entropy, my AWS has 100 bits plus MFA. My work password only has 21 unfortunately, but I have to type it 100 times a day so it can't be too difficult to type.

 

Geektastic: I like short phrases or character names from books I've read.

 

Anything in a dictionary is easy to crack, even if you add a few numbers on the end.

 1 | 2 | 3 | 4 | 5 | 6
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright