0
Gawain

How Strong are Your Passwords?

By Gawain, in The Bonfire

Recommended Posts

eeneR    3

eeneR

Mine all came up Very good with a lot of exceptionals. Not too much of a surprise though, I have to change them every 45 days and cannot repeat anywhere from 6-12 months (different systems), so I need to get creative ;)

She is not a "Dumb Blonde" - She is a "Light-Haired Detour Off The Information Superhighway."
eeneR
TF#72, FB#4130, Incauto

Share this post

Link to post
Share on other sites

piisfish    140

piisfish
I don't care how strong passwords are.. at work we almost need a password to go to the loo, but we have a list of passwords printed on the desk, as we use over 15 different passwords which need to be renewed evrey now and then...
scissors beat paper, paper beat rock, rock beat wingsuit - KarlM

Share this post

Link to post
Share on other sites

eeneR    3

eeneR
Quote

Let me get this straight. You went to a website and entered your passwords??



Who said anything about current passwords? ;) I am not that stupid. :P
She is not a "Dumb Blonde" - She is a "Light-Haired Detour Off The Information Superhighway."
eeneR
TF#72, FB#4130, Incauto

Share this post

Link to post
Share on other sites

eeneR    3

eeneR
Quote

I don't care how strong passwords are.. at work we almost need a password to go to the loo, but we have a list of passwords printed on the desk, as we use over 15 different passwords which need to be renewed evrey now and then...



That in and of itself is wrong, totally defeats the purpose of security... :S
She is not a "Dumb Blonde" - She is a "Light-Haired Detour Off The Information Superhighway."
eeneR
TF#72, FB#4130, Incauto

Share this post

Link to post
Share on other sites

happythoughts    0

happythoughts
Quote

booyah.

gotta populate brute force dictionaries somehow!!!

:S:D:D



Most people use the name of their kids and kids birthdays, or pets names.

These guys just got 45,000 entries with "Britney". :D

A lot of Unix systems will disconnect you.
Mainframe systems will lock your logon ID after 4 tries and you have to call the No-Help desk.

Most places that I work have you change passwords every 45 days. I'm not that inventive. I just use the same one and change the number on the end. That way, I can write the number on a post-it. "BRIT#3"

Share this post

Link to post
Share on other sites

normiss    851

normiss

add to that:
multiple systems with different access methods - I'm currently up to 5 e-mail accounts, 5 system access accounts, 3 TACACS server accounts - ALL with different passwords, and varying password requirements....as in 2 digits would have to change from any previous password used over the course of 24 months...and none will synchronize due to the differences in password requirments...which in effect defeats the whole purpose...because it forces us to write them down somewhere.
WTF happened to "single sign-on"?????>:(
How about some biometrics???
I HATE PASSWORDS!!!!
:D

Share this post

Link to post
Share on other sites

banesanura    1

banesanura
Ah- I hate talking about passwords. As I work for a large internet website.

(I work in the fraud division, educating the masses about the importance of security)


Passwords are really important, those scammers in Russia and Nigera are eagerly awaiting to collect and sell all your info.

Its not even passwords, if some one wants your info, they will get it.

Even if its putting a card reader at your local gas pump to make online purchases. Or internal scammers that work at credit card companies who sell your account info.

The US laws are so relaxed when it comes to your privacy. Quite frankly- they don't care. Major companies don't give a shit either. They just take care of what will keep them out of the zones of liablity.

But then again- who should pay for a human's ingorance and greed?

Should we really help those who are so greedy and lazy who respond to these check cashing scams?

Or should we leave it to darwin?
Best Girl Scout Ever.

Share this post

Link to post
Share on other sites

ryoder    1,590

ryoder
Quote


Most people use the name of their kids and kids birthdays, or pets names.

These guys just got 45,000 entries with "Britney". :D

A lot of Unix systems will disconnect you.
Mainframe systems will lock your logon ID after 4 tries and you have to call the No-Help desk.

Most places that I work have you change passwords every 45 days. I'm not that inventive. I just use the same one and change the number on the end. That way, I can write the number on a post-it. "BRIT#3"



Quote

Simply, people can no longer remember passwords good enough to reliably defend against dictionary attacks, and are much more secure if they choose a password too complicated to remember and then write it down. We're all good at securing small pieces of paper. I recommend that people write their passwords down on a small piece of paper, and keep it with their other valuable small pieces of paper: in their wallet.

-- Bruce Schneier



Ref: http://www.schneier.com/blog/archives/2005/06/write_down_your.html

And a random password generator can produce a strong password in any length desired.
"There are only three things of value: younger women, faster airplanes, and bigger crocodiles" - Arthur Jones.

Share this post

Link to post
Share on other sites

Icon134    0

Icon134
Quote

WTF happened to "single sign-on"?????>:(
How about some biometrics???
I HATE PASSWORDS!!!!
:D

I use a common access card at work that uses a pin.
I'm not sure if it's better or worse then a complex password but at least I don't have come up with a incresasingly complex original password every 6 months.
Livin' on the Edge... sleeping with my rigger's wife...

Share this post

Link to post
Share on other sites

wmw999    2,534

wmw999
I use HeMan#1, because he's the most powerful man in the universe, and I figure a password with him in it will be very strong indeed.

Wendy W.
There is nothing more dangerous than breaking a basic safety rule and getting away with it. It removes fear of the consequences and builds false confidence. (tbrown)

Share this post

Link to post
Share on other sites

DrewEckhardt    0

DrewEckhardt
Quote

and none will synchronize due to the differences in password requirments...



This friggen drives me insane.

Secure passwords have non-alphanumeric characters in them, but nobody reminds you on their login screen "alphanumeric and underbars only, at least six but less than eight characters" what's allowed and disallowed.

I need a cheat sheet that tells me how to reconstruct each acount name "lower case no space" and password "the credit card password has two digits in it and a suffix that I'll probably remember"

The "hints" to remember the password don't help either. Did I type in my entire highschool name? Abreviate the Sr? Leave it off? Was my favorite car just a brand or did it it include a type name? One company even truncated the last letter from my mother's (only moderately long) maiden name in their database, but accepted (and rejected) the whole thing on their web site.

When I worked for my last big company which required passwords to be changed, not dictionary words, and not related to any previous passwords I just left a Post-it on my monitor until I remembered it.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
0
Go To Topic Listing