Results 1 to 12 of 12

Thread: Passwords Tips?

  1. #1
    SANS SOUCI
    david44's Avatar
    Join Date
    Aug 2011
    Last Online
    @
    Location
    SOFA SO GOOD
    Posts
    17,624

    Passwords Tips?

    Password Spaghetti

    Until 1990 I doubt I had more than a couple of passwords/Pin numbers

    Pre net a couple of credit cards , phone card passport good to go.

    Of course today we have dozens.

    The sensitive ones often have unique required formats esp banking

    Some require 8, 10, 12 characters etc

    Some require symbols , alphanumerics etc

    There are of course password managers.

    Hackers of course love folks who use password or 1234 etc

    What do you advise please?

    Some tips here from Boston Uni

    How To Choose a Strong Password : TechWeb : Boston University.

    As in other areas of life longer seems better?

    General Guidelines:

    So, how do you have a “strong” password that is easy to remember? While it may seem tough to do this, there are a few simple tips that can make it easy.Note: the examples below illustrate just the concepts being discussed. No single technique should be used on its own, but rather should be used with other techniques. The combination of several will produce a strong password.

    • Use a mix of alphabetical and numeric characters.
    • Use a mixture of upper- and lowercase; passwords are case sensitive.
    • Use symbols if the system allows (spaces shouldn’t be used as some applications may trim them away)
    • Use a combination of letters and numbers, or a phrase like “many colors” using only the consonants, e.g., mnYc0l0rz or a misspelled phrase, e.g., 2HotPeetzas or ItzAGurl .
    • Pick something obscure:
      • an odd character in an otherwise familiar term, such as phnybon instead of funnybone;
      • a combination of two unrelated words like cementhat
      • An acronym for an easy to remember quote or phrase (see below)
      • a deliberately misspelled term, e.g., Wdn-G8 (Wooden Gate) or HersL00kn@U (Here’s looking at you).
      • Replace a letter with another letter, symbol or combination, but don’t be too obvious about it. Replacing o with 0 or a with 2 or i with 1 is something that hackers just expect. It is definitely better than nothing, but replacing 0 with () would be stronger as it makes your password longer and is not as obvious
      • An easily phonetically pronounceable nonsense word, e.g., RooB-Red or good-eits .
      • Two words separated by a non-alphabetic, non-numeric, or punctuation character, e.g., PC%Kat or dog,~1#

    Choose

    You want to choose something that is easy to remember with a minimum of 8 characters that uses as many of the techniques above as possible. One way to do this is to pick a phrase you will remember, pick all the first or last letters from each word and then substitute some letters with numbers and symbols. You can then apply capitals to some letters (perhaps the first and last, or second to last, etc.) You could also perhaps keep or add punctuation.
    Some examples:
    Phrase First Letters Password
    So long and thanks for all the fish” slatfatf 5L@tf@tF
    “Best Series Ever: Terry Goodkind’s Sword of Truth” bsetgsot B53:tg’Sot
    “You Can’t Have Everything. Where Would You Put It?” ychewwypi Uch3Wwup1?
    If you are selecting a password for a website, you may want to incorporate the first few letters of the website name into your password so that every password is different and if one gets out, you don’t have to change them all. This approach has good and bad points.
    For example, if you have a standard password like B53:tg’Sot (see above) that you like to use most places (this not recommended), you may modify it by placing the first and last letter of the website around it:
    Website Password
    www.ebay.com eB53:tg’Soty
    www.amazon.com aB53:tg’Sotn
    www.webshots.com wB53:tg’Sots
    Do Not Choose…

    • Your name in any form — first, middle, last, maiden, spelled backwards, nickname or initials.
    • Any ID number or user ID in any form, even spelled backwards.
    • Part of your userid or name.
    • Any common name, e.g., Sue, Joe.
    • Passwords of fewer than eight characters.
    • The name of a close relative, friend, or pet.
    • Your phone or office number, address, birthday, or anniversary.
    • Acronyms, geographical or product names, and technical terms.
    • Any all-numeral passwords, e.g., your license-plate number, social-security number.
    • Names from popular culture, e.g., Harry_Potter, Sleepy.
    • A single word either preceded or followed by a digit, a punctuation mark, up arrow, or space.
    • Words or phrases with all the vowels or white spaces deleted.
    • Words or phrases that do not mix upper and lower case, or do not mix letters or numbers, or do not mix letters and punctuation.
    • Any word that exactly matches a word in a dictionary, forward, reversed, or pluralized, with some or all of the letters capitalized, or with any of the following substitutions:
    • a -> 2, a -> 4, e -> 3, h -> 4, i -> 1, l -> 1, o -> 0, s -> $, s -> 5, z -> 5

    WHY!?

    If you only use words from a dictionary or a purely numeric password, a hacker only has to try a limited list of possibilities. A hacking program can try the full set in under one minute. If you use the full set of characters and the techniques above, you force a hacker to continue trying every possible combination to find yours. If we assume that the password is 8 characters long, this table shows how many times a hacker may have to before guessing your password. Most password crackers have rules that can try millions of word variants per second, so the more algorithmically complex your password, the better.
    Character Sets used in Password Calculation Possible Combinations
    Dictionary words (in english):
    (It is debatable but lets generously say ~600,000 words)
    600,000
    Numbers Only 10^8 100,000,000
    Lowercase Alpha Set only 26^8 208,827,064,576
    Full Alpha Set 52^8 53,459,728,531,456
    Full Alpha + Number Set 62^8 218,340,105,584,896
    Full Set of allowed printable characters set (10+26+26+19)^8
    1,853,020,188,851,840
    The longer your password the more secure. If we take the full set of allowed printable characters set (the last line above) and increase the password length, the possible combinations jump exponentially (odd, considering that the calculation includes exponents…)

    • 8 Characters > 645,753,531,245,761 (645 Trillion) Combinations
    • 9 Characters > 45,848,500,718,449,031 (45 Quadrillion) Combinations
    • 10 Characters > 3,255,243,551,009,881,201 (3 Quintillion) Combinations

    When we refer to character sets, they are typically numbers, upper and lowercase letters and a given set of symbols. For example:
    Characters Number of Characters
    0123456789 10
    abcdefghijklmnopqrstuvwxyz 26
    ABCDEFGHIJKLMNOPQRSTUVWXY 26
    `~!@#$%^&-_=+[{]}. 19






    “What contemptible scoundrel stole the cork from my lunch?”

  2. #2
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    89,599
    Just use a passphrase like

    This-is-a-load-of-bollocks

    And test it

    Password Strength Meter

  3. #3
    SANS SOUCI
    david44's Avatar
    Join Date
    Aug 2011
    Last Online
    @
    Location
    SOFA SO GOOD
    Posts
    17,624
    THANKS FOR THAT I GAVE IT A TRY AND I CHANGE IT REGULARLY

    Time to crack your password:182 million trillion trillion years


    Review: Fantastic, using that password makes you as secure as Fort Knox.

    GREEN OWED
    Last edited by david44; 11-11-2022 at 08:24 PM.

  4. #4
    Member
    Barty's Avatar
    Join Date
    Apr 2007
    Last Online
    Today @ 04:03 PM
    Location
    Lamlukka
    Posts
    890
    Quote Originally Posted by harrybarracuda View Post
    Just use a passphrase like

    This-is-a-load-of-bollocks

    And test it

    Password Strength Meter
    I always wonder if these password test sites are really phishing sites.

  5. #5
    Thailand Expat
    DrWilly's Avatar
    Join Date
    Dec 2021
    Last Online
    Today @ 05:37 AM
    Posts
    6,114
    Congrats, you just gave the hackers your password!

  6. #6
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    89,599
    Quote Originally Posted by Barty View Post
    I always wonder if these password test sites are really phishing sites.
    I always wonder if people don't realise you're supposed to use them to test your password structure, not your actual password.

    :facepalm:

  7. #7
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    89,599
    Also, it doesn't matter how complex your password is if your device gets hacked.

    Use two-factor authentication wherever you want to protect something important.

  8. #8
    Thailand Expat
    Troy's Avatar
    Join Date
    Feb 2011
    Last Online
    Today @ 11:29 AM
    Location
    In the EU
    Posts
    11,129
    ^ Agree, certainly for important stuff like bank accounts.

    I use long passwords rather than complex ones and the important ones use different language keyboard to the language of the password.

  9. #9
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    89,599
    Quote Originally Posted by Troy View Post
    ^ Agree, certainly for important stuff like bank accounts.

    I use long passwords rather than complex ones and the important ones use different language keyboard to the language of the password.
    Complex are better than long.

    Most password dictionaries start with letters and numbers up to a certain length.

    As soon as you bring non-alphabetical or numeric characters in it, the complexity grows exponentially.

    That's why passphrases with separators are a brilliant solution: Relatively easy for you to remember but a bastard to crack.
    Warning: Be cautious if you are a fragile pink

  10. #10
    SANS SOUCI
    david44's Avatar
    Join Date
    Aug 2011
    Last Online
    @
    Location
    SOFA SO GOOD
    Posts
    17,624
    Yes I didnt use my real one, even I am not that daft

    The tip complex rather than long helpful/

    I heard on radio writing it on a piece of paper (not in wallet/car) but in safe at home as very slim chance of a hacker rummaging under my ruggery, if they get that far I'm feck'd either way

    I do use 2 factor authentication where money involved , I am surprised banking isnt' adding biometrics like Iris and finger print scans too, is this used in any other places I use Citi and a few local banks all have 2 factor but not Iris or prints so far?

  11. #11
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    89,599
    Quote Originally Posted by david44 View Post
    I do use 2 factor authentication where money involved , I am surprised banking isnt' adding biometrics like Iris and finger print scans too, is this used in any other places I use Citi and a few local banks all have 2 factor but not Iris or prints so far?
    If someone nicks your password, you can change it.

    If someone nicks your phone, you can change the number.

    If someone nicks your fingerprint....

  12. #12
    Thailand Expat
    Troy's Avatar
    Join Date
    Feb 2011
    Last Online
    Today @ 11:29 AM
    Location
    In the EU
    Posts
    11,129
    One of my banks had laptop plus mobile plus fingerprint. I had the fingerprint part disabled as my phone kept failing to recognise me.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •