How secure is your password?

oookaaay

makes sense with all the website requiring one nowadays

Although many wouldn't agree. All password systems need to be equipped with a 5 try limit, before locking the login.

I've been using the same passwords for almost 30 years and have never had one guessed/hacked.

I certainly don't buy the 10 minutes for even a simple six character password. Sounds like somebody has used poor test passwords for their research.

Originally posted by Clam_Up:

---

I've been using the same passwords for almost 30 years and have never had one guessed/hacked.

I certainly don't buy the 10 minutes for even a simple six character password. Sounds like somebody has used poor test passwords for their research.

---

Quote:

---

As it has been for years, the most popular password is "123456,"

---

My password has always been 13 characters mixed Cap/small letters, numbers and symbols for important stuff, and 8 mixed the same way for stuff that is trivial.

If a hacker gets my password the way I see it, they deserve it; but most hackers don't even care. I have no information anyone would want, and there are bigger fish to target if they are looking for $.

Should people use a bigger password, not necessarily, but should they use a stronger password; definitely. Unfortunately they usually can't remember complicated stuff, not even if they leave it on paper to attempt memorizing it, thus there will always be "password, 1234..., qwerty," and other simple passwords.

What should be mentioned is how many people will use a good password at their bank... then have a crappy password on their email account.
Your email account is arguably the most important one in need of a good password since most places will let you reset a password if you know the email account.

Also, I think many people use the Easy password for one time or unimportant logins and hard password for important stuff, but will frequently use the same password at many places.

And this is new news??????

Anyone not living under a rock with half a brain knows that most people are nincompoops when using passwords. Attention people................8 digits, alpha numeric at the very LEAST.

When will humanity learn and wisen up?

Originally posted by Mysttic:

---

My password has always been 13 characters mixed Cap/small letters, numbers and symbols for important stuff, and 8 mixed the same way for stuff that is trivial.

If a hacker gets my password the way I see it, they deserve it; but most hackers don't even care. I have no information anyone would want, and there are bigger fish to target if they are looking for $.

Should people use a bigger password, not necessarily, but should they use a stronger password; definitely. Unfortunately they usually can't remember complicated stuff, not even if they leave it on paper to attempt memorizing it, thus there will always be "password, 1234..., qwerty," and other simple passwords.

---

Originally posted by Mysttic:

---

My password has always been 13 characters mixed Cap/small letters, numbers and symbols for important stuff, and 8 mixed the same way for stuff that is trivial.

If a hacker gets my password the way I see it, they deserve it; but most hackers don't even care. I have no information anyone would want, and there are bigger fish to target if they are looking for $.

Should people use a bigger password, not necessarily, but should they use a stronger password; definitely. Unfortunately they usually can't remember complicated stuff, not even if they leave it on paper to attempt memorizing it, thus there will always be "password, 1234..., qwerty," and other simple passwords.

---

And yor password is the frist line of defence??.May have a "top password" but if that keylogger/trojan has not been picked up on........

Layered approach to security.

Quote:

---

As it has been for years, the most popular password is "123456,"

---

Quote:

---

So if you're so certain that no one cares about stealing your information, then why not just shorten your password and be done with it Hmmmmm?

---

I tend to make my passwords with a mnemonic. It would look like nonsense to most people, but if you know the phrase it's easy to remember.
Ilt$0nitm
I love the smell of napalm in the morning
Movie quotes, song lyrics, or other easily remembered phrases works for me.

I have several sets of passwords - one set for online banking and financial stuff that I NEVER use anywhere else. Another for online forums and stuff that if it gets hacked, nothing of value will be lost. A different one for email, and so on.

I love that man that was sweet. I love the smell of napalm in the morning, hell yea. lol.

To create a secure password that is easy for you to remember, follow these simple steps: ... Mix different character types. You can make a password much more secure by mixing different types of characters. Use some uppercase letters along with lowercase letters, numbers and even special characters such as '&' or '%'. I am definitely sure that will be help you.
-------------------------------------------------------------
accounting service
register a company UK
setting up a limited company

Originally posted by baglobal:

---

To create a secure password that is easy for you to remember, follow these simple steps: ... Mix different character types. You can make a password much more secure by mixing different types of characters. Use some uppercase letters along with lowercase letters, numbers and even special characters such as '&' or '%'. I am definitely sure that will be help you.
-------------------------------------------------------------
accounting service
register a company UK
setting up a limited company

---

You could just use KeyPass:
http://keepass.info/

I use it and my primary password (the one on the account) is over ten characters with symbols, numbers and mixed upper-and-lower case letters.

Sure, if you crack it you have all my other passwords/logins but since it generates unique passwords for each service you use it with one compromised account means almost nothing.

For years, the most common password in the Corps of Royal Engineers was "house*magnet". I taught infosec, and most of the "students" were Officers (graduate level education then two years at Sandhurst). I would highlight the requirement for easily memorable but difficult-to-guess passwords, using two common words separated by a character, and use 'house*magnet' as an example - but cautioning them to use something else. Students would diligently take notes, writing down the example.. and then using it in "real life. Later, when we engaged in "difficult data retrieval", you can guess the first pwd I would try, and more often than not succeed with. Officers.. like lighthouses in the desert... bright, but f***ing useless ;-)

What really made me laugh was that I had snitched that example from a book I'd read *years* earlier, in the mid-80's!

A historical perspective. See if you can find Hugo Cornwall's "Hackers Handbook" 4th Ed. read the preface. He talks about not overtly worrying about putting passwords in the book, as "they were bound to be changed by publication". Nope. Nor by the 2nd edition, nor the 3rd... even by the 4th Edition most of the passwords were *still* unchanged. And this was back in 1985-1990, when "hacking" was a hot subject.

LOL, that was a good cartoon, saw many today this one stood out.

Originally posted by Clam_Up:

---

I've been using the same passwords for almost 30 years and have never had one guessed/hacked.

I certainly don't buy the 10 minutes for even a simple six character password. Sounds like somebody has used poor test passwords for their research.

---

Originally posted by Unidentified:

---

Originally posted by Clam_Up:

---

I've been using the same passwords for almost 30 years and have never had one guessed/hacked.

I certainly don't buy the 10 minutes for even a simple six character password. Sounds like somebody has used poor test passwords for their research.

---

As a hacker myself, cracking a 6 digit pass will probably take a lot less then 10 minutes. Maybe 5 at max if it's simple. Using a known brute-force tool or one I made myself, I can easily crack a 6 digit pass.

Think of it like this...I can test about 103,000 password combinations per second. In a minute, that's approximately 6.1 million passes. Add in some symbols and it will take longer, but not more then a few days or so. It's also based on the experience of the hacker. I'll make short work of you 6 digit pass ;)

---

Took a class when I was an Engineer at Stanford.
It took seconds to generate 100,000 passwords. That was in the early 1990's.
So to the guy who has 30 years under his belt, maybe nobody has wanted your password in the first place. If somebody does and they have the skills you are dead meat.
Jeff

Same challenge to you, jeffrey_P.

All of this is hypothetical unless you have a FILE to work on. If you are trying to log into a system, its a different ball game.

I'm not a hacker guy. I don't want to know anybodies personal information.
Thanks for the invite.
Jeff

lol! It was a hypothetical challenge :)

If someone can grab the pwd file from a net server - or worse, ecommerce/commercial/corporate login system - then the strength of one's password is probably the least worry.

Its a bit like WEP hacking. Lots of noise, but not quite so easy in practice. The hard part is GETTING the data to crack, not cracking it.

Even @ home I only use a wireless connection, WPA2 with a laptop outdoors on occasion. Still though there is no guarantee. A J45 connection is more secure.

Even hiding the SSID, WPA2 is ..... Seems you already know, so I'm preaching to the choir;)
Carry-on guy
Jeff

:-)

i honestly wouldnt mind if my neighbours wanted to use my wireless connection as long as they are willing to pay a % of the internet costs.

i remember years ago bill gates claim to have a new setup unhackable.someone hacked it and sent $10000 worth of condoms to his house using his (bill gates)credit card.doesnt matter how smart you are or how much experience you have someones gonna be better.

@alewis im assuming someone hacking your computer would be pointless anyway.if someone or some group has a good reason to then maybe you'd get hacked.

You miss the point. "hacking" someone's PC is not the same as cracking a password.
Having a tool that can brute force passwords at anynumber-per-second is not the point; this tool is *useless* against a system that locks out after 3 attempts. It is ONLY useful against a static file. As such, read beyond the headlines...

Bill Gates has made a lot of off-the-wall comments like that.. "640k of RAM is all we will ever need."
Funny, I'm running 12 Gigs of DDR3.
Jeff

Its not off the wall. Think about it - how many login attempts does a remote system grant before account lockout? 3. So a bruteforce crack is somewhat irrelevant there. Even without account lockout, the throughput a b/f cracker can operate at is massively lower that which it is capable of; it might be able to generate 130,000/sec, but will onlybe able to throw them at the prompt at 20 per minute, TOPS?

Thats not off the wall, thats fact. Until that changes...

WEP cracking. More useful, BUT you still need to capture 5000+ packets. Very easy if there is traffic. Not quite so easy if there is not - I'm not saying its impossible, but you do need some pre-conditions. Lets say the target network has an attached client, but the client is only trasmitting keepalives; 2 per min, and the odd burst. Lets say it will take 3 hours to capture the traffic. Sure, if you have the time OR can leave the sniffer alone. But that aint gonna work outside of your own house/place of work.

WPA cracking. much the same. In both cases, PROVIDED the target network is conveniently juxtaposed to yourself, yep its game over. BUT 'provided' is NOT a given.

File cracking. "HUDSON: Its game over, man, f***** game over".

When I say read beyond the headlines, its because its a journo spin. Shock! Horror! 'PASSWORD' and 'SECRET' are the most common passwords - we are all doomed! Change yours NOW! Even "knowing" that "fact", what exactly does it gain you. Or a hacker? Nothing until you actually attempt to login to an account which DOES use an "easily guessable" password. So go on, find an account and login to it... finding one is a lot harder than the headlines suggest.


Incidentally, whether BG did state that 640K ram was all we will ever need is disputed; I'm [b[sure[/b] I remember reading an article that attributed that to him 20 odd years ago.. but there was no source attribution in the article per se. And that said, this is the guy who massively criticised IBM over the choice of the 80286 processor for the AT, calling it "braindead" - and it is.

He did state that multitasking in less than 4MB was impossible - odd, given at the time those of us with Amigas were running a true pre-emptive multitasking OS in 512KB - and some in 256K.

I owned several Amiga. two 500's, three 2000's and two 3000's. Also a A4000 which was a hollow shell of previous Amiga's.I installed an 3 party vid card into my 3000-040 but it ruined what the Amiga was all about.

When I was an engineer at SLAC, Amiga's were used to render fast time plots. No PC or Mac could fill the bill.

I am truly saddened that Jay Minor sold the Amiga to Commodore.
Jay was a friend I could call for info. He passed away in the early '90's. His wife would answer the phone giving updates of his health.

RIP Jay Minor the father of the Amiga. :(
I see we are about the same age.

Jeff

:-)

Old, bold, and still young at heart! I had an A500, then a B200 (which ended up with a 14MHz 68000, ICD FFV, GVP G-Force 68030@40MHz, Picasso II, and various SCSI cards, the first of which was a Supra WordSync. Sold on ebay to a dude in Australia, he paid 75UKP for the Mig, and 145ukp shipping!

Swapped a UW SCSI drive for an A4000 in 96, added a Picasso IV and WarpEngine040 to that. Then in 2004 stuck it in a tower. Managed to get another 4000 and stuck Cyberstorm PPC/060 and a Cybervision card, and an A1200 tower with a Blizzard 060. Sold them all in 2007 to a guy in London.

Loved the Amiga. I used to write for Commodore User International and ICPUG 'back in the day'. Jay didn't sell Amiga to C=, Amiga Inc sold to C=, but it was better than going into Tramiels hands at Atari, surely?

What pee'd me off was Tramiel *leaving* C= and then later Medhi Ali running it into the ground. We should have had AAA from 1990, and OS4 in 1992. Heck, if they had pushed it as a business machine in 1985, well, who knows eh.

But I still think the A1000 is the sexiest box around. Still have the Aug 1985 PCW with it on the front cover and the Guy Kewney (RIP) review. Fell in love with it then and there.

Yep I had a Picasso IV. It was 32 bit video card so it was unusable in an A500 or A3000. I had a plug-in for one A500 (forgot the manufacturer") but it huge! It had three or four 16 bit slots, no video slot.

The 1000 was cool but it needed to be booted from a floppy. The A or B2000 was my fave.

Cable companies used the Amiga to view channel listings. It was funny when it crashed on them. Guru meditation error XXXX.;) That's how I figured out they were using the Amiga at the time.

Sweet memories of a platform that could of killed the PC and Mac if the Amiga was in proper hands.
Have a good one
Jeff

if you can't go through it (in this case a password) go around it or over it or under it.