|Be Careful What You Wish For...|
My password, my choice!
Georgeair: "...looking around my house this morning, it's not easily defended for long by two people in the event of real anarchy. The entryways might be slick for the latecomers though...."
Good point. I have a password manager on my iPhone that has all of my 100 or so passwords. I refer to it daily.
Most people just write them down and put them next to their computer or put em on a sticky, I would guess.
InsanityThis message has been edited. Last edited by: mcrimm,
I'm sorry if I hurt you feelings when I called you stupid - I thought you already knew - Unknown
When you have no future, you live in the past. " Sycamore Row" by John Grisham
Liberalism is a failure to find pathways to intelligence in your brain. - David Lawrence
|Cogito Ergo Sum|
At work they are going to start a 17 word pass phrase as a requirement.
|On the DL|
This has been posted before, but it is appropriate for this topic:
Today I opened a new email account, I always use the same password: "cabbage". It's easy to remember. But it seems the computer had other plans...
Please enter your new password:
Sorry, the password must be more than 8 characters.
Sorry, the password must contain 1 numerical character.
"1 boiled cabbage"
Sorry, the password cannot have blank spaces.
Sorry, the password must contain at least one upper case character.
Sorry, the password cannot use more than one upper case character consecutively.
Sorry, the password cannot contain punctuation.
Sorry, that password is already in use!
A mind is a terrible thing.
I'm being repressed!
I'm under the understanding that most 8 character passwords with upper/lower/special/numeric character are able to be brute forced in time.
I was told that you should use pass phrases with at least 17 characters because with today's technology it would take them a couple centuries to brute force it.
So one example could be: Maryhadalittlelamb
The difficulty to brute force a password grows exponentially with each additional character.
It might be insurance requirements dictated to the company.
We're required to change all of out passwords at work every 90 days.
He who fights with monsters might take care lest he thereby become a monster.
Haha. My yahoo mail account has a 20 character passphrase.
My bank account has a 9 character passphrase.
I should probably switch those.
All my gov’t accounts have long passwords with so many restrictions and I have to change them every 60 days. It sucks.
Not minority enough!
The company I worked for back in the 1990's/early 2k did government contract work, primarily for HHS. The password rules specified in their contracts gradually grew more complex, specifying length, complexity, frequency of change, and reuse (not). Based on that evolution, I'd hate to think what the specs are today.
Linux (at least back then) would kick back easy to guess passwords when root entered them for a user. One I recall was 'Nosila' plus some numbers, which Linux quickly identified as a word spelled backwards.
The main issue I have with web sites is not the complexity required, but the fact that different rules apply with the characters and length. Some still would permit 'cabbage'. Some 'special characters' are not allowed on some sites, and the ones disallowed vary from site to site. One site requires all the special stuff, but says the pw must begin with a letter. The minimum and maximum lengths vary, from 8, to some topping out at 15 or 20, and some permitting 32 (which I like). And so on.
I get that 'iH}9g>L49u.(4JWiVnLY}' is probably more secure than 'cabbage', but, OOPS, the curly and angle brackets are not permitted on this site.
Then take your business elsewhere?
A service provider of ours decided I had to change my password regularly. So I told them "Ain't playin' that game. It's nonsense. So delete our on-line account access and resume sending us paper billing."
Sites establish minimum password/pass-phrase requirements because people tend to choose very stupid passwords, like "password." People choosing stupidly-easy passwords are also why some places insist users regularly change their passwords.
Well, yes, but...
If the site enforces even a slight retry delay, and makes any effort at all to temporarily blacklist the sources of repeated failed attempts, that could be a very, very long time. As in longer than your lifetime.
This assumes that crack isn't being run against a stolen password database, in which case ev3nVeRYl0n9pa55wrods! aren't safe.
I have had passwords as short a six characters and have yet to have had an account cracked, and I've been on-line as long as there's been an Internet. Had dial-up access to logins before that.
All that being said: I suggest passwords longer than eight characters, mixed-case in non-traditional places, throwing-in the odd numeric and punctuation character, not using any whole words or anything that can in any way be guessed from who you are, what you do, who you know, where you live, your pets' names, etc.
XKCD's take on passwords:
"America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe
"Whenever somebody uses 'liberal,' when what they really mean is 'leftist,' they immediately lose my attention." -- Me
|His diet consists of black|
coffee, and sarcasm.
A password at my job requires me to change it every 90 days... I just add an exclamation point to the end every time... I think I’m up to 20 or so now...
What pisses me off are the passwords that won’t let you use one of your last 50 passwords for something dumb like a spam gmail account.. so then I change my password to something else that inevitably I forget because it’s not one of the 3-4 passwords I use... I should definitely get a password keeper but then i’ll Forget to save the passwords in that...
|Little ray |
Their computer hacking insurance probably requires it. Why would you want the government involved?
The fish is mute, expressionless. The fish doesn't think because the fish knows everything.
|His Royal Hiney|
The guy who created the government document on password requirements admitted he was wrong.
The Guy Who Invented Those Annoying Password Rules Now Regrets Wasting Your Time
Most companies still haven't changed based on the guy's realization.
I hate that on one site, I have to use special characters then on another site, no special characters allowed.
I worked for companies that required a new password every 90 days, I simply incremented the number that was part of my password.
I wouldn't log in too often on a site where they require me to change my password every so often. I think if you're stupid enough to use password123 as a password, you're asking for what you get.
"It did not really matter what we expected from life, but rather what life expected from us. We needed to stop asking about the meaning of life, and instead to think of ourselves as those who were being questioned by life – daily and hourly. Our answer must consist not in talk and meditation, but in right action and in right conduct. Life ultimately means taking the responsibility to find the right answer to its problems and to fulfill the tasks which it constantly sets for each individual." Viktor Frankl, Man's Search for Meaning, 1946.
|Powered by Social Strata|