Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




BDFL - Memuneh
64249 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

# 249021 20-Apr-2019 08:54
4 people support this post
Send private message

If you ever had doubts that reusing passwords is a costly mistake; that adding a number to the end of your previous password is stupid; if longer random-generated passwords are a burden, then read this article.

 

 





View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3 | 4 | 5 | 6
87 posts

Master Geek


  # 2221385 20-Apr-2019 09:17
One person supports this post
Send private message

Great article there freitasm, thanks.

 

 

What I tell my parents is more or less:

 

 

1) Don't use a term connected to your life in any way if possible.

 

2) Ideally don't use any english dictionary words, and do combine words from more than one language or make up a new one.

 

3) Always mix upper and lower cases mid-word to your own fuzzy logic.

 

4) Always make them at least 8 'random' characters plus a pass-phrase.

 

5) Always include some symbols.

 

 

Mi5 put out a good guide to corporate password creation, which suggested less length and more entropy, the article is online. A pass-phrase is suggested in combination with random characters as I recall. This is all about compromise in the sense of being reasonable (excuse the pun), because to their logic it is far better to have a password which is easily memorable yet still reasonably secure, than a non-memorable one which may be forgotten or lost while very secure, or a very easily memorable one which is not secure at all.

 

 

*addition of "do"*



BDFL - Memuneh
64249 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 2221386 20-Apr-2019 09:20
2 people support this post
Send private message

I wouldn't even include a passphrase. Just get LastPass and generate 20 - 25 character random passwords. Password managers are there so you don't have to remember those things.

 

Sometimes services do stupid things too. Some limit you to eight characters passwords, or sixteen - if you are encrypting and hashing then the length shouldn't matter. As soon as I see these restrictions I know these guys are doing it wrong...





 
 
 
 


8769 posts

Uber Geek

Lifetime subscriber

  # 2221387 20-Apr-2019 09:21
Send private message

i use a password manager and 12 digit randomly generated alphanumeric passwords with characters.

 

more than adequate for most things


87 posts

Master Geek


  # 2221390 20-Apr-2019 09:39
One person supports this post
Send private message

I don't advocate for using a password manager because of the possibility of platform compromise, but accept that in the real world this is often necessary. Non security professionals such as myself and others always vary about this issue, and seemingly so to do people who work in security.

 

 

My other perspective is that it's not actually that hard to memorize semi-complex strings, if you use mneumonics and repetition, or even some rhyme or timing. The more you look at your password manager/napkin for a hint, and occasionally cover up a few characters, the more easily you will achieve memorisation. In saying this my total amount of regularly used passwords is a lot less than most other geeks I would say, so it's easier for me to not use a password manager in day to day use.

 

 

If you think about it - when you learnt your primary spoken language as a child, that would have appeared to be 'gobbledygook' at first, but eventually thousands of words which you may not have known the precise contextual meaning for became easily recallable knowledge, a bit like how when you learn to ride a bike at first it is hard, and then becomes muscle memory with no concentration required. The same neurological process of learning applies to keyboards and muscle memory.

8769 posts

Uber Geek

Lifetime subscriber

  # 2221393 20-Apr-2019 09:47
5 people support this post
Send private message

its hard to memorize 50+ passwords especially when they are complex and especially when you change them regularly.

 

 


592 posts

Ultimate Geek


  # 2221394 20-Apr-2019 09:48
Send private message

So Passw0rd won't cut it now days?


8769 posts

Uber Geek

Lifetime subscriber

  # 2221395 20-Apr-2019 09:49
7 people support this post
Send private message

k1w1k1d:

 

So Passw0rd won't cut it now days?

 

 

no you should be using P@ssw0rd now


 
 
 
 


592 posts

Ultimate Geek


  # 2221396 20-Apr-2019 09:57
3 people support this post
Send private message

Thanks, I will change it today.


3142 posts

Uber Geek

Subscriber

  # 2221399 20-Apr-2019 10:07
One person supports this post
Send private message

dc2daylight: I don't advocate for using a password manager because of the possibility of platform compromise, but accept that in the real world this is often necessary. Non security professionals such as myself and others always vary about this issue, and seemingly so to do people who work in security. My other perspective is that it's not actually that hard to memorize semi-complex strings, if you use mneumonics and repetition, or even some rhyme or timing. The more you look at your password manager/napkin for a hint, and occasionally cover up a few characters, the more easily you will achieve memorisation. In saying this my total amount of regularly used passwords is a lot less than most other geeks I would say, so it's easier for me to not use a password manager in day to day use. If you think about it - when you learnt your primary spoken language as a child, that would have appeared to be 'gobbledygook' at first, but eventually thousands of words which you may not have known the precise contextual meaning for became easily recallable knowledge, a bit like how when you learn to ride a bike at first it is hard, and then becomes muscle memory with no concentration required. The same neurological process of learning applies to keyboards and muscle memory.

 

 

 

Have a look at MyKi.

 

It doesn't store any passwords online, they are only stored on your own systems.

 

 


1402 posts

Uber Geek


  # 2221413 20-Apr-2019 10:50
2 people support this post
Send private message

My on-line life got much less annoying once I started using a password manager!


411 posts

Ultimate Geek


  # 2221419 20-Apr-2019 11:28
Send private message

This is a good test on you password strength

 

https://howsecureismypassword.net/

 

And this is good to see if you password has been pwned

 

https://haveibeenpwned.com/Passwords

 

I use these a bit for clients to show them how crap their password is and how long it will take to crack their crappy password


914 posts

Ultimate Geek

Subscriber

  # 2221444 20-Apr-2019 12:56
Send private message

amiga500: My on-line life got much less annoying once I started using a password manager!

 

+1

 

Since I started using 1Password for macOS & iOS about 4 years ago, my on-line life most certainly got a lot less annoying and more secure. Prior to that I had an A4 sheet, hidden under the desks leather blotter side flap, listing approximately 75 passwords, a lot were repeats like for forum sites. Banks, email, government, computer system admin, were all individual. What a BPITA it was. Now all I have to remember is the Master Password for 1Password for my current 123 individual, minimum 24 character, passwords and my computer system admin password both of which are 24 mixed characters. I have yet to go so far as the store my credit card, passport etc details in 1password though.





iMac 27" (late 2013), Airport Time Capsule + Airport Express, iPhone7, iPad6, iPad Mini2

 

Panasonic Blu-ray PVR DMR-BWT835 + Panasonic Viera TH-L50E6Z, Chromecast Ultra, Yamaha AVR RX-V1085


13086 posts

Uber Geek

Trusted
Lifetime subscriber

  # 2221445 20-Apr-2019 13:05
Send private message

I like short phrases or character names from books I've read.





13086 posts

Uber Geek

Trusted
Lifetime subscriber

  # 2221447 20-Apr-2019 13:08
Send private message

sparkz25:

This is a good test on you password strength


https://howsecureismypassword.net/


And this is good to see if you password has been pwned


https://haveibeenpwned.com/Passwords


I use these a bit for clients to show them how crap their password is and how long it will take to crack their crappy password



Very happy that the Dashlane site you linked to another told me one of my passwords would take 607 million years to crack.

I can live with that risk....





15009 posts

Uber Geek

Trusted
Subscriber

  # 2221452 20-Apr-2019 13:18
2 people support this post
Send private message

I use KeePass2 to randomly generate passwords. My geekzone password has 65 bits of entropy, my AWS has 100 bits plus MFA. My work password only has 21 unfortunately, but I have to type it 100 times a day so it can't be too difficult to type.

 

Geektastic: I like short phrases or character names from books I've read.

 

Anything in a dictionary is easy to crack, even if you add a few numbers on the end.


 1 | 2 | 3 | 4 | 5 | 6
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Intel expands 10th Gen Intel Core Mobile processor family
Posted 23-Aug-2019 10:22


Digital innovation drives new investment provider
Posted 23-Aug-2019 08:29


Catalyst Cloud becomes a Kubernetes Certified Service Provider (KCSP)
Posted 23-Aug-2019 08:21


New AI legaltech product launched in New Zealand
Posted 21-Aug-2019 17:01


Yubico launches first Lightning-compatible security key, the YubiKey 5Ci
Posted 21-Aug-2019 16:46


Disney+ streaming service confirmed launch in New Zealand
Posted 20-Aug-2019 09:29


Industry plan could create a billion dollar interactive games sector
Posted 19-Aug-2019 20:41


Personal cyber insurance a New Zealand first
Posted 19-Aug-2019 20:26


University of Waikato launches space for esports
Posted 19-Aug-2019 20:20


D-Link ANZ expands mydlink ecosystem with new mydlink Mini Wi-Fi Smart Plug
Posted 19-Aug-2019 20:14


Kiwi workers still falling victim to old cyber tricks
Posted 12-Aug-2019 20:47


Lightning Lab GovTech launches 2019 programme
Posted 12-Aug-2019 20:41


Epson launches portable laser projector
Posted 12-Aug-2019 20:27


Huawei launches new distributed HarmonyOS
Posted 12-Aug-2019 20:20


Lenovo introduces single-socket servers for edge and data-intensive workloads
Posted 9-Aug-2019 21:26



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.