Yes! Your Passwords Suck! Hints On Creating Solid Passwords

[webfact]

Yes! Your Passwords suck! Hints on creating solid passwords

Every time that you cleverly come up with a seemingly complicated combination of letters, symbols and numbers for a password, you are not only up against creepy individual hackers, you are up against a myriad of easily obtainable super-computers!

Your password has to be strong enough to hold up against these computer programs that can use infinite numbers of dictionaries from multiple languages, Wikipedia and everything in the World Fact Book to run encrypted passwords in a matter of MINUTES. Passwords like yours are probably too short,too personal or just too simple or predictable.

This article will help you [more...]

Full story: http://www.nettechbl...olid-passwords/

-- nettechblog.com 2012-02-01

[thaimite]

What really sucks is that some Thai banks restrict the length, complexity and use of special characters in passwords supposiedly to increase security, but in effect reducing the security because any hacker can programme his system to not use those letters or combination of letters in his attack. The most stupid is the bank that does not allow letters to numbers to be consequive such as AB or CD to be used.

The only effect is to reduce the possible combinations that a hacker has to try.

Of coure the best security is time. That has not been hacked yet. By only allowing 1 password attempt per second and limiting the the total numbe of attampts before a lockout. No automated hacking system can get past, and any password that takes less than a second to type is too short anyway!

[WilliaminBKK]

Good advice thanks for sharing.

I heard a funny one regarding passwords:

Bank Teller : Please enter a password with 8 characters

Customer : Snow white and the seven dwarfs

[dave111223]

I really hate forced "Strong Passwords" these days...must have uppercase, lowercase, numbers, sybmols, no dictionary words, 10 characters etc... you end up with something you can never remember (unless of course you write it down somewhere kind of defeats the purpose)

[nikster]

The person who invents an alternative to passwords is going to get rich.... I hope someone does, really.

As for hacking - most devices have or should have a limit on the number of tries / time interval. Example if you enter your passcode wrong 3 times on the iPhone/iPad, it locks for a minute. That means brute force attacks take a very long time/ are impossible. Same on Gmail, etc.

Most of the time your password is not open to brute force cracking - that only happens if the password is encrypted somewhere where it can be accessed by others. Most systems do not allow that, e.g. the passwords are stored somewhere, and encrypted, but not accessible to the outside.

The main threat is malware and key loggers getting on your system and then the strength of your password doesn't matter.

@dave totally agree, the stupid IT rules for "strong" passwords make things more insecure, if anything. I guess they are there because there's still many people out there who choose their wife's first name, or another open-to-dictionary attack super simple password.

IMO anything that's not in a dictionary is as safe as it gets.

If you want to be safe from brute force attacks - use a small sentence. if "this is a good password" is your password, no brute force program in the world can hack it. It's not a word, and it's a lot of letters.

[zzaa09]

I really hate forced "Strong Passwords" these days...must have uppercase, lowercase, numbers, sybmols, no dictionary words, 10 characters etc... you end up with something you can never remember (unless of course you write it down somewhere kind of defeats the purpose)

Besides that, I could question if deeply configured "personal" passwords could be encrypted or broken......just on the case that it would be too esoteric.

These trends of false conern and safety for the individual within entities that require a password is seemingly insulting, as they truly don't care for your cyber safety.

[thaimite]

I really hate forced "Strong Passwords" these days...must have uppercase, lowercase, numbers, sybmols, no dictionary words, 10 characters etc... you end up with something you can never remember (unless of course you write it down somewhere kind of defeats the purpose)

Besides that, I could question if deeply configured "personal" passwords could be encrypted or broken......just on the case that it would be too esoteric.

In my opinion all passwords stored on a server should be encrypted using a one-way algorithm

It should not be possible to steal and then decrypt the password.

When logging in to the site your password is entered and fed through the same encryption algrithm and if the encrypted files match your in.

Note for those of you using weak passwords, I read recently that a new appproach to hacking sites is to use a common password and try numerious accounts with different usernames.

This of course is of no use when hackers want to target a specific individual, but is much harder to stop if they are just trying to gain access to any account on that site. Possible usernames (often email addresses) are easy to find, and no time delay feature is of any use in this case.

To avoid Keyloggers ( use a passsord utility (Keepass2) that stores all my passwords under a very secure password, and that also enters them automatically so I do not have to type them in to the keylogger. I also store the keypass database inside a truecrypt folder in a dropbox type folder so as I have access to it anywhere in the world. This has the added advantages that it is available to the many machines I use, and also my passwords are always in sync.

Edited February 3, 2012 by thaimite

[h90]

What really sucks is that some Thai banks restrict the length, complexity and use of special characters in passwords supposiedly to increase security, but in effect reducing the security because any hacker can programme his system to not use those letters or combination of letters in his attack. The most stupid is the bank that does not allow letters to numbers to be consequive such as AB or CD to be used.

The only effect is to reduce the possible combinations that a hacker has to try.

Of coure the best security is time. That has not been hacked yet. By only allowing 1 password attempt per second and limiting the the total numbe of attampts before a lockout. No automated hacking system can get past, and any password that takes less than a second to type is too short anyway!

My bank tells/or told that it needs big and small letters, numbers and special characters so they recommend to make the first letter big and add 1! on the end

My servers email account is so configured that after some attempts (2 or 3, don't know) or if anything strange happens it lockout in that way, that it always tells the password/login name is wrong even if it is right.

The main problem, is people telling their password...they tried that in Europe, called in the bank (with a visible outside number), didn't know anything not even names. Told they are from the Banks Data Center and asked the banks staff for their logins and passwords and the majority gave it without hesitation.

By the way if someone is not sure about their banks/paypal passwords.

Just pm them to me I check them for you

(don't do it!!)