kaytieeldr
DIS Veteran
- Joined
- Jun 11, 2005
Oh, please. Why woud anyone go to the trouble of figuring out your (or my, because i do pretty much the same thing)password, when manning's is right there in post # 14?
Pass Words and Security Questions
- Thread starter low-key
- Start date
goofyintoronto
DIS Veteran
- Joined
- Mar 29, 2011
No kidding right?!
goofyintoronto
DIS Veteran
- Joined
- Mar 29, 2011
I use the same "word" password all the time, and i just change the numbers on the end. So if my password is chocolate1....when it comes time to change my password, i will do chocolate2, then chocolate3 etc. I usually only get to 5, then i start back at 1 again. The system wont let you use the same password within a certain period...thats why i have to change the numbers only. Works like a charm.
Dan Murphy
We are family.
- Joined
- Apr 20, 2000
RedAngie
Sea Level Lady
- Joined
- Sep 10, 2015
My company lets you keep your password a bit longer, maybe 45 to 60 days. A message comes up a day or two before you need to change. Sometimes the required change happens while I'm on vacation and when I try to log on upon returning I have to make up a new password on the spot. Eeek, talk about pressure.
Then you can't use any of your previous 5 or so passwords. Thankfully the password can be entirely letters without being case sensitive. None of this Capital letter, undercase letter, number, and symbol nonsense.
GreatLakes
DIS Veteran
- Joined
- Aug 6, 2015
No one should actually know their passwords. If you can remember it then it is too easy. The same goes for the questions to reset them. Never answer them correctly. I use randomly generated character strings for the three questions and the password. I use an encrypted vault for all mine and just have the 20+ character random string for that one memorized.
All should include all possible character sets, so upper case and lower case letters, numbers, and symbols and all should be truly random at each change. Never just change one character. I generate mine with every change using a true random number generator with actual entropy, not just pseudorandom entropy.
I also use multifactor authentication for anything important and the most important password to protect is your primary email.
If I can get into your email I can ruin you life.
All should include all possible character sets, so upper case and lower case letters, numbers, and symbols and all should be truly random at each change. Never just change one character. I generate mine with every change using a true random number generator with actual entropy, not just pseudorandom entropy.
I also use multifactor authentication for anything important and the most important password to protect is your primary email.
If I can get into your email I can ruin you life.
Marchand63
DIS Veteran
- Joined
- Sep 17, 2016
Same here, a new password cannot be the same as the 6 you used before. They also can't be a variation like adding an @ for an A etc
I always know my passwords I keep them in my secured locker. Mine are usually a member of either NHL, NFL or MLB for my town. So that gives you 113 names with any variation of numbers or symbols, in front of name, behind the name of in back of the name or any combination of both.
What makes it hard too is that different sites have different naming rules. You might be using a special character in place of a certain letter or number, and another site won’t let you use that special character. Or if you do lock yourself out of a site and are forced to change that password to one never used before, you might not be able to use some things that kept the various passwords at least similar and thus easier to remember. And don’t forget a site deciding to upgrade their security and change the rules on password selection so you are forced to change it.
Breezy_Carol
Who needs doors when you can use windows
- Joined
- Jun 13, 2000
I had a per diem job in health care where I had to change my password every three months, even if I didn't work. I had to remember to proactively change it because if I didn't, I had to jump through hoops for a new one. I changed it the first of every season. Winter2018, spring2018, summer2018..... Meanwhile, I have never had to change the password to my online banking.
BlueStarryHat
South Philly Girl
- Joined
- Apr 23, 2013
I have a notebook with everything written down-usernames, passwords, and security questions. BTW, you should never answer a security question with the 'correct' answer. Put something weird and then write it down somewhere you won't misplace. I know it's easy for me to say 'won't misplace' since I have both a file cabinet and a desk drawer where my stuff like this goes.
Each website/company has its own rules about what is allowed for a password, how often they have to be changed, etc. So what may work on one website may not work someplace else. Personally, I think those online applications that offer to 'store' all of your passwords are a dreadful idea. Which sites do you think hackers will try to penetrate???? Most likely those sites where all of your passwords are being stored in one place......LOL. Far safer to write them down on a piece of paper or put in a file on your PC that is NOT online. I don't think you need to be paranoid about your passwords, but a little common sense goes a long way.
SteveH
Where's my Mai Tai?
- Joined
- Sep 8, 1999
1password and done. Keeps track of all my passwords, very secure, have in on my home/work/laptop/iphone/ipad. Allows me to set very complex passwords and I don't even try to remember them. I've been with them so long I can't even remember how many years, never had an issue.
https://1password.com/
https://1password.com/
^^^ Nothing online is totally secure. FAR better to keep your password lists someplace OFFLINE.
CapeCodTenor
Dis Veteran; Dis Dads #865
- Joined
- Oct 18, 2005
like most, I would forget my passwords for the various sites I'd hit. So I found an app "Keeper" in the app store. I can create folders and entries within those folders for the various sites I hit. I enter all my information and it'll keep my password for me. If I want, I can have it create a password for me.
Here is a good article on passwords
https://lifehacker.com/5796816/why-...ure-passwords-than-incomprehensible-gibberish
We've always argued that the most secure password is one you don't even know, and is basically incomprehensible. Security expert Thomas Baekdal argues that these incomprehensible passwords—while secure—are not as secure as a more memorable and simple phrase. In other words, this is fun is a more secure password than s$yK0d*p!r3l09ls. Here's why.
The Only Secure Password Is the One You Can’t Remember
Let’s assume you log onto a bunch of different websites; Facebook, Gmail, eBay, PayPal, probably…
Read more
Baekdal outlines that using the three most common methods of cracking passwords—brute-force, common word, and dictionary attacks—are really only useful if a password can be cracked in a reasonable amount of time. If a password can be cracked in a few minutes, it's not a terribly secure password. If it can be cracked in about a month, that's still awhile but not entirely secure. A year is where you can start feeling secure, but the best passwords take a lifetime to crack. Baekdal states that a gibberish password, like J4fS<2, will take about 219 years to crack using a brute-force attack (the fastest method). That's secure for life, but it's not terribly easy to remember. On the other hand, a phrase like "this is fun" would take about 2,537 years to crack using a brute-force attack. It's not only more secure, but also easier to remember.
This happens because of the spaces, which are special characters (you could use - or ! instead of spaces, if you wanted to). Uncommon words also increase the complexity, so if you want your password to outlive the human race you could use something like fluffy is puffy.
Baekdal's article spurred a lot of debate and plenty of questions, many of which he's answered. While you are certainly more secure if nobody—not even you—know your passwords, you still need a master password that you have to remember. If you want a password that's remarkably easy to remember, this is a great way to get one.
The Usibility of Passwords | Baekdal
https://lifehacker.com/5796816/why-...ure-passwords-than-incomprehensible-gibberish
We've always argued that the most secure password is one you don't even know, and is basically incomprehensible. Security expert Thomas Baekdal argues that these incomprehensible passwords—while secure—are not as secure as a more memorable and simple phrase. In other words, this is fun is a more secure password than s$yK0d*p!r3l09ls. Here's why.
The Only Secure Password Is the One You Can’t Remember
Let’s assume you log onto a bunch of different websites; Facebook, Gmail, eBay, PayPal, probably…
Read more
Baekdal outlines that using the three most common methods of cracking passwords—brute-force, common word, and dictionary attacks—are really only useful if a password can be cracked in a reasonable amount of time. If a password can be cracked in a few minutes, it's not a terribly secure password. If it can be cracked in about a month, that's still awhile but not entirely secure. A year is where you can start feeling secure, but the best passwords take a lifetime to crack. Baekdal states that a gibberish password, like J4fS<2, will take about 219 years to crack using a brute-force attack (the fastest method). That's secure for life, but it's not terribly easy to remember. On the other hand, a phrase like "this is fun" would take about 2,537 years to crack using a brute-force attack. It's not only more secure, but also easier to remember.
This happens because of the spaces, which are special characters (you could use - or ! instead of spaces, if you wanted to). Uncommon words also increase the complexity, so if you want your password to outlive the human race you could use something like fluffy is puffy.
Baekdal's article spurred a lot of debate and plenty of questions, many of which he's answered. While you are certainly more secure if nobody—not even you—know your passwords, you still need a master password that you have to remember. If you want a password that's remarkably easy to remember, this is a great way to get one.
The Usibility of Passwords | Baekdal
^^ The article has a lot of bla bla bla about various potential password issues and it seems his solution is to store all of your passwords in some online application?....LOL. I think I will pass on doing that. Somewhat like handing your keys to the thief.
GreatLakes
DIS Veteran
- Joined
- Aug 6, 2015
This isn't really true any longer. The secret isn't length, it is entropy which is the combination of length and character set. This password is not long enough to make up for the lack of a larger dictionary since it only uses a single case of letters. It is also not really long at all since it is only 7 "characters" long as opposed to 27 as many people would mistakenly assume. It is no longer a question of brute force or dictionary because those two attacks have been combined to use the dictionary in a way that makes each word act as a character. All the bad guys have to do is use the available set of English words (which is not very big for this purpose) and attack this 7 word (aka character) password.
Doing something as simple as adding 1 random number, 1 random character, and capitalizing one random letter in that password would make it much stronger. Something like:
thisi5saway%topRotectpassword
Doing this changes the strength of the password from approximately (500,000 ^ 7) to (94 ^ 29). I used 500,000 as the number of English words though this is just an estimate x the number of words in the first calculation and I used the number of available characters on a standard QWERTY keyboard x the length of the password in the second example.
This increased the password strength from 7.8125e+39 to 1.6622936826240935611151109800946e+57 which is a very better number. That first number may look big but when a cracking array can guess 100 trillion passwords a second it really isn't. You also have to take into account that all passwords will be cracked on average in half the maximum tries so that first number isn't going to last your or anyone's lifetime.
Last edited:
^^ And each website has their own rules about the password, including length. Usually they now require 1 number, 1 special symbol and some mixture of upper/lower case along with a min/max length. Websites also typically lock you out if you type the wrong password 3 times. So unless someone is running this algorithm offline, I don't get how any of this matters.
Share this page
GET A DISNEY VACATION QUOTE
Our Dreams Unlimited Travel Agents will assist you in booking the perfect Disney getaway, all at no extra cost to you. Get the most out of your vacation by letting us assist you with dining and park reservations, provide expert advice, answer any questions, and continuously search for discounts to ensure you get the best deal possible.
CLICK HERE
