An excellent article on passwords.

[deanmass]

Here.

[rasputin1963]

Very interesting. i once used one of those password-cracker apps to guess the password that would open the contents of an RAR archive. It never worked, though it sat there and calculated permutations of numbers and letters 'til the cows came home.

 

From this article, I see that my passwords for chosen sites are very sound. It would take a hacker, it says, 8 months to crack my code(s).

 

Who was the high-level politico who recently got hacked.... later it was reveealed that this Einstein had used the password "12345" on everything?

[UstadKhanAli]

Interesting, thanks for posting that!!! Looks like I'm in good shape.

[BushmasterM4]

What the most common password for "Country Folk" ? No cheating by googling please

[rasputin1963]

What the most common password for "Country Folk" ? No cheating by googling please

 

 

ILOVEJESUS

 

?

[UstadKhanAli]

This is interesting. An article on the 500 worst passwords. http://www.whatsmypass.com/the-top-500-worst-passwords-of-all-time

[electrochrisso]

An IT security dude was talking about passwords and explained it is all but impossible to crack very long passwords like: Hello_1234567890987654321_abcxyz_goodbye or 0000000000_helloworld_0000000000

So you can use easy to remember sequences, still a problem arises if there is a limit on the maximum number of characters that can be entered.

[daklander]

 

This is interesting. An article on the 500 worst passwords. http://www.whatsmypass.com/the-top-500-worst-passwords-of-all-time

 

A guy could use that chart to develop three word passwords that would be easy to remember.

In the number 97 slot is bitch house beer. I now have a name for my new brew.

 

rocket legend billy

blue crystal nipple

131313 winner pussies

monster ford dreams

yellow smokey monster

nicole bigdick carter (a female blues singer's name?)

willie bigtits winston (a male blues singer's name?)

[blue2blue]

I know people who create utterly guessable passwords every time. It's just nuts. It must be this huge blind spot. You tell them and they never learn. Don't use your kids, pets, favorite ball teams. And, indeed, one of those folks has had their Yahoo account hacked three times in the last couple months and turned into a malware link spewing spam machine each time.

 

 

EDIT: Dean, you're right, good article. I just changed all my passwords to thisisfun so I'm good to go for the duration.

 

Actually, I'd already started using phrase-based pw's (a little more off the beaten track, perhaps) although I often use numbers for words or parts of words -- 2 and 4, of course have homophonic prepositional counterparts, and 8 works great for the syllable -ate. So a good pw that I've never used might be pleasedontretali8.

 

BUT... the mix of numbers and letters is a drag on smart phones, where you typically have to switch keyboard mode to get to numbers. Ditto caps. So 3 or 4 actual words looks like a way to go. And it might even work well enough with something like Swype.

[JeffLearman]

 

BUT... the mix of numbers and letters is a drag on smart phones, where you typically have to switch keyboard mode to get to numbers. Ditto caps. So 3 or 4 actual words looks like a way to go. And it might even work well enough with something like Swype.

True, but a lot of sites require at least 8 characters, upper and lower case, and at least one non-alpha.

 

Furthermore, a lot of sites don't allow a lot of the possible special characters, unfortunately. One wouldn't even allow a period! (Serious site, too; a major brokerage.)

[blue2blue]

 

131313 winner pussies monster ford dreams yellow smokey monster nicole bigdick carter (a female blues singer's name?) willie bigtits winston (a male blues singer's name?)

 

Independently I came up with chester dirty nipple from that list of 500 most common pw's... a more than slight pivot...

[blue2blue]

 

True, but a lot of sites require at least 8 characters, upper and lower case, and at least one non-alpha. Furthermore, a lot of sites don't allow a lot of the possible special characters, unfortunately. One wouldn't even allow a period! (Serious site, too; a major brokerage.)

 

 

Yeah, I don't use the same pw everywhere (I have -- literally -- hundreds) but for casual stuff like newspaper comment threads and such, I tend to use one of several. But it's almost impossible to come up with a single pw that would work everywhere, because of so many pw systems requiring the complex mix of characters -- despite the fact that they offer little advantage over the sorts of mnemonically felicitous pw's discussed in the first article. But I strongly suspect that those requirements are there primarily to get people to spell their pets', kids', and favortite teams' names with caps and special characters inserted... 'cause they know how people are.

[Beck]

This kinda turns the notion of secure passwords on its head.

 

8 million leaked passwords connected to LinkedIn, dating website

 

 

http://arstechnica.com/security/2012/06/8-million-leaked-passwords-connected-to-linkedin/

[blue2blue]

From that Ars Technica article...

 

 

The smaller of the two lists contains about 1.5 million unsalted MD5 hashes. Based on the plaintext passwords that have been cracked so far, they appear to belong to users of a popular dating website, possibly eHarmony. A statistically significant percentage of users regularly pick passcodes that identify the site hosting their account. At least 420 of the passwords in the smaller list contain the strings "eharmony" or "harmony."

They never learn.

[blue2blue]

Speaking of pets...

 

Mitt Romney dogged by email hacker

 

[video=youtube;BdFOgLyk6Qs]

[toober]

 

In the number 97 slot is bitch house beer. I now have a name for my new brew.

 

 

Sounds great!

[daklander]

Independently I came up with chester dirty nipple from that list of 500 most common pw's... a more than slight pivot...

 

I just used the cells that went across rows. going down the columns would get some great ones too.

[deanmass]

The sites or places that do not allow all characters really frustrate me. I had to do a password to a privacy site recently that only allow letters and numbers. I think a GOOD password practices is ALL characters.

[UstadKhanAli]

Agreed.

[blue2blue]

The sites or places that do not allow all characters really frustrate me. I had to do a password to a privacy site recently that only allow letters and numbers. I think a GOOD password practices is ALL characters.

Yep.

 

I was just designing a new generic pw (for non-critical sites like newspapers and such) and realizing that a universally acceptable password is impossible because some sites require non-alphanumeric characters -- but others don't support them. And on many sites there's no guidance to what's allowed and what's not. So even if you have a couple of such generic pw's to cover the possibilities, it may be trial and error figuring out which one you used where.

 

And if you want the kind of near-uncrackability that's afforded by the 'three uncommon words' strategy (in the original article) in a short string (for those sites that only let you have 8 characters max [!] and such), you need a mix. A brute force attack on an 8 character, alpha+numeric pw string is not going to be something measured in years.

[BushmasterM4]

 

ILOVEJESUS ?

 

 

BR549

[deanmass]

It is crazy that as far along as we all are, there is still no " one" password policy that most places uses. Of the places I have worked, I have implemented required alpha, numerical and symbol, and given simple rules on how to not make it hard to remember. When I get to sites that have stupid policies, most of the time I just move on.

[mister natural]

So even if you have a couple of such generic pw's to cover the possibilities, it may be trial and error figuring out which one you used where.

 

^ this

 

I have 3 PWs that I use dependant on the place

 

sometimes when the cookie is lost - it's a PITA to get logged-in

 

let's all just get retina-readers for our machines

[MikeRivers]

Today's Washington Post had a commentary on an article about Linkedin passwords being hacked, and offered some suggestions for a more secure password. It was, shall I say, a bit tongue-in-cheek. Here's one suggestion appropriate for this forum:

 

"Use the first letters of the lyrics of a song that you like. For instance,

[BushmasterM4]

 

Today's Washington Post had a commentary on an article about Linkedin passwords being hacked, and offered some suggestions for a more secure password. It was, shall I say, a bit tongue-in-cheek. Here's one suggestion appropriate for this forum:   "Use the first letters of the lyrics of a song that you like. For instance,