Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




BDFL - Memuneh
64775 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

# 249021 20-Apr-2019 08:54
4 people support this post
Send private message

If you ever had doubts that reusing passwords is a costly mistake; that adding a number to the end of your previous password is stupid; if longer random-generated passwords are a burden, then read this article.

 

 





View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3 | 4 | 5 | 6
87 posts

Master Geek


  # 2221385 20-Apr-2019 09:17
One person supports this post
Send private message

Great article there freitasm, thanks.

 

 

What I tell my parents is more or less:

 

 

1) Don't use a term connected to your life in any way if possible.

 

2) Ideally don't use any english dictionary words, and do combine words from more than one language or make up a new one.

 

3) Always mix upper and lower cases mid-word to your own fuzzy logic.

 

4) Always make them at least 8 'random' characters plus a pass-phrase.

 

5) Always include some symbols.

 

 

Mi5 put out a good guide to corporate password creation, which suggested less length and more entropy, the article is online. A pass-phrase is suggested in combination with random characters as I recall. This is all about compromise in the sense of being reasonable (excuse the pun), because to their logic it is far better to have a password which is easily memorable yet still reasonably secure, than a non-memorable one which may be forgotten or lost while very secure, or a very easily memorable one which is not secure at all.

 

 

*addition of "do"*



BDFL - Memuneh
64775 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 2221386 20-Apr-2019 09:20
2 people support this post
Send private message

I wouldn't even include a passphrase. Just get LastPass and generate 20 - 25 character random passwords. Password managers are there so you don't have to remember those things.

 

Sometimes services do stupid things too. Some limit you to eight characters passwords, or sixteen - if you are encrypting and hashing then the length shouldn't matter. As soon as I see these restrictions I know these guys are doing it wrong...





 
 
 
 


8906 posts

Uber Geek

Lifetime subscriber

  # 2221387 20-Apr-2019 09:21
Send private message

i use a password manager and 12 digit randomly generated alphanumeric passwords with characters.

 

more than adequate for most things


87 posts

Master Geek


  # 2221390 20-Apr-2019 09:39
One person supports this post
Send private message

I don't advocate for using a password manager because of the possibility of platform compromise, but accept that in the real world this is often necessary. Non security professionals such as myself and others always vary about this issue, and seemingly so to do people who work in security.

 

 

My other perspective is that it's not actually that hard to memorize semi-complex strings, if you use mneumonics and repetition, or even some rhyme or timing. The more you look at your password manager/napkin for a hint, and occasionally cover up a few characters, the more easily you will achieve memorisation. In saying this my total amount of regularly used passwords is a lot less than most other geeks I would say, so it's easier for me to not use a password manager in day to day use.

 

 

If you think about it - when you learnt your primary spoken language as a child, that would have appeared to be 'gobbledygook' at first, but eventually thousands of words which you may not have known the precise contextual meaning for became easily recallable knowledge, a bit like how when you learn to ride a bike at first it is hard, and then becomes muscle memory with no concentration required. The same neurological process of learning applies to keyboards and muscle memory.

8906 posts

Uber Geek

Lifetime subscriber

  # 2221393 20-Apr-2019 09:47
5 people support this post
Send private message

its hard to memorize 50+ passwords especially when they are complex and especially when you change them regularly.

 

 


623 posts

Ultimate Geek


  # 2221394 20-Apr-2019 09:48
Send private message

So Passw0rd won't cut it now days?


8906 posts

Uber Geek

Lifetime subscriber

  # 2221395 20-Apr-2019 09:49
7 people support this post
Send private message

k1w1k1d:

 

So Passw0rd won't cut it now days?

 

 

no you should be using P@ssw0rd now


 
 
 
 


623 posts

Ultimate Geek


  # 2221396 20-Apr-2019 09:57
3 people support this post
Send private message

Thanks, I will change it today.


3185 posts

Uber Geek

Subscriber

  # 2221399 20-Apr-2019 10:07
One person supports this post
Send private message

dc2daylight: I don't advocate for using a password manager because of the possibility of platform compromise, but accept that in the real world this is often necessary. Non security professionals such as myself and others always vary about this issue, and seemingly so to do people who work in security. My other perspective is that it's not actually that hard to memorize semi-complex strings, if you use mneumonics and repetition, or even some rhyme or timing. The more you look at your password manager/napkin for a hint, and occasionally cover up a few characters, the more easily you will achieve memorisation. In saying this my total amount of regularly used passwords is a lot less than most other geeks I would say, so it's easier for me to not use a password manager in day to day use. If you think about it - when you learnt your primary spoken language as a child, that would have appeared to be 'gobbledygook' at first, but eventually thousands of words which you may not have known the precise contextual meaning for became easily recallable knowledge, a bit like how when you learn to ride a bike at first it is hard, and then becomes muscle memory with no concentration required. The same neurological process of learning applies to keyboards and muscle memory.

 

 

 

Have a look at MyKi.

 

It doesn't store any passwords online, they are only stored on your own systems.

 

 


1402 posts

Uber Geek


  # 2221413 20-Apr-2019 10:50
2 people support this post
Send private message

My on-line life got much less annoying once I started using a password manager!


421 posts

Ultimate Geek


  # 2221419 20-Apr-2019 11:28
Send private message

This is a good test on you password strength

 

https://howsecureismypassword.net/

 

And this is good to see if you password has been pwned

 

https://haveibeenpwned.com/Passwords

 

I use these a bit for clients to show them how crap their password is and how long it will take to crack their crappy password


980 posts

Ultimate Geek

Subscriber

  # 2221444 20-Apr-2019 12:56
Send private message

amiga500: My on-line life got much less annoying once I started using a password manager!

 

+1

 

Since I started using 1Password for macOS & iOS about 4 years ago, my on-line life most certainly got a lot less annoying and more secure. Prior to that I had an A4 sheet, hidden under the desks leather blotter side flap, listing approximately 75 passwords, a lot were repeats like for forum sites. Banks, email, government, computer system admin, were all individual. What a BPITA it was. Now all I have to remember is the Master Password for 1Password for my current 123 individual, minimum 24 character, passwords and my computer system admin password both of which are 24 mixed characters. I have yet to go so far as the store my credit card, passport etc details in 1password though.





iMac 27" (late 2013), Airport Time Capsule + Airport Express, iPhone7, iPad6, iPad Mini2

 

Panasonic Blu-ray PVR DMR-BWT835 + Panasonic Viera TH-L50E6Z, Chromecast Ultra, Yamaha AVR RX-V1085


13414 posts

Uber Geek

Trusted
Lifetime subscriber

  # 2221445 20-Apr-2019 13:05
Send private message

I like short phrases or character names from books I've read.





13414 posts

Uber Geek

Trusted
Lifetime subscriber

  # 2221447 20-Apr-2019 13:08
Send private message

sparkz25:

This is a good test on you password strength


https://howsecureismypassword.net/


And this is good to see if you password has been pwned


https://haveibeenpwned.com/Passwords


I use these a bit for clients to show them how crap their password is and how long it will take to crack their crappy password



Very happy that the Dashlane site you linked to another told me one of my passwords would take 607 million years to crack.

I can live with that risk....





15329 posts

Uber Geek

Trusted
Subscriber

  # 2221452 20-Apr-2019 13:18
2 people support this post
Send private message

I use KeePass2 to randomly generate passwords. My geekzone password has 65 bits of entropy, my AWS has 100 bits plus MFA. My work password only has 21 unfortunately, but I have to type it 100 times a day so it can't be too difficult to type.

 

Geektastic: I like short phrases or character names from books I've read.

 

Anything in a dictionary is easy to crack, even if you add a few numbers on the end.


 1 | 2 | 3 | 4 | 5 | 6
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Spark launches new wireless broadband "Unplan Metro"
Posted 11-Nov-2019 08:19


Malwarebytes overhauls flagship product with new UI, faster engine and lighter footprint
Posted 6-Nov-2019 11:48


CarbonClick launches into Digital Marketplaces
Posted 6-Nov-2019 11:42


Kordia offers Microsoft Azure Peering Service
Posted 6-Nov-2019 11:41


Spark 5G live on Auckland Harbour for Emirates Team New Zealand
Posted 4-Nov-2019 17:30


BNZ and Vodafone partner to boost NZ Tech for SME
Posted 31-Oct-2019 17:14


Nokia 7.2 available in New Zealand
Posted 31-Oct-2019 16:24


2talk launches Microsoft Teams Direct Routing product
Posted 29-Oct-2019 10:35


New Breast Cancer Foundation app puts power in Kiwi women's hands
Posted 25-Oct-2019 16:13


OPPO Reno2 Series lands, alongside hybrid noise-cancelling Wireless Headphones
Posted 24-Oct-2019 15:32


Waikato Data Scientists awarded $13 million from the Government
Posted 24-Oct-2019 15:27


D-Link launches Wave 2 Unified Access Points
Posted 24-Oct-2019 15:07


LG Electronics begins distributing the G8X THINQ
Posted 24-Oct-2019 10:58


Arlo unveils its first video doorbell
Posted 21-Oct-2019 08:27


New Zealand students shortlisted for James Dyson Award
Posted 21-Oct-2019 08:18



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.