Jeez, thanks for blowing that one ja ghent
*changes passwords back to pa55w0rd*

and don’t have to keep changing it every 2 months
(another thing that cheeses me off)

@blobby – You can also use the serial on your mobile phone…..

It’s probably not a good idea though, in all honestly.

Working on a website, the rules are:
Minimum:8
At least:
1 uppercase
1 lowercase
1 number
1 special character
Cannot contain 3 or more repeating characters
Cannot contain dictionary words

I foresee many written down passwords!
Common sense thinking seems to be to ramp up the minimum length to 15 or so.

1st char, 1st 2 chars, etc from words or phrase, e.g.

=WO1BeeH00k?

Whale
Oil
Beef
Hooked

[Irish accent helps]

Our local admin and ILO admin passwords are minimum 24 chars with various complexity required (so we use randomly generated ones), it gives me a headache trying to log in to systems (every server has to have a unique password to)

Cannot contain dictionary words

Had that rule for one of my passwords, but it quite happily accepted “a”, “i”, “if”, “act”,…
daft rule really, even if it has good intentions

Our local admin and ILO admin passwords are minimum 24 chars

My wifi password is > 24 characters, but I can remember it.

Use a line from a song or nursery rhyme.

e.g. “ThereWasAn0ldWomanWhoLivedInAShoe”

A very long time ago we were allowed to speak to a human for password resets. They often used to reset it to ‘pleasechange1’ or ‘over2you’. To give you an idea of how long, we have to update the password every three months and he is currently on something like 19!

Another system needs a certain combination of characters/numbers and a monthly reset, surprisingly, most people have a 3 letter password and the current month.

We have about 11 passwords and pins just for a basic employee, got one guy with his passwords photocopied out in triplicate with manager and colleagues holding a copy, every few months it all hits the fan and he locks all his accounts!

I must grab one of those password lists some time.
I’d certainly like to see how often MaryHadALittleLamb appears on there with and without the usual letter/number substitutions.
And batterystaple, … and rude words.

and rude words.

I once did a “password audit” at the company I worked for at the time, I think mostly just to see how hard it would be to crack our network passwords. Some were eye-opening; one lass in the office memorably had a password of “bondage69” for instance.

You’re not going to forget “bondage69” though are you? Humorous passphrases are very memorable, hence that and the hose/staple one 🙂

*makes note to change all my password to something really crude*

maybe it was a reference to James, 007, just before his 70th birthday 😉
or brooke bond tea being their favourite drink, and their father’s age 😉

people and their filthy minds 😉

I once did a “password audit” at the company I worked for at the time, I think mostly just to see how hard it would be to crack our network passwords. Some were eye-opening; one lass in the office memorably had a password of “bondage69” for instance.

It’s pretty appalling that the company was storing passwords in a readable format. AFAIK even Adobe hashed them!

MD5 probably. Also not fit for purpose now (at least for security). I’d guess probably a straightforward brute force dictionary attack on the file?

It’s pretty appalling that the company was storing passwords in a readable format.

Just because you can decrypt the actual passwords doesn’t mean they were stored in plain text to start with.

https://en.wikipedia.org/wiki/Rainbow_table

Bollock$2th!s

Not sure if I’ve changed it, but I got so pissed off when trying to set up a Microsoft online account when my kid had an XBox, that the password became:
pieceofshit! (with various number and capital replacements). I was so easy to remember!

It’s pretty appalling that the company was storing passwords in a readable format.

It wasn’t “readable,” it was crackable. It was on an NT4 domain, security / encryption has improved somewhat since the late 90s.

Try working in the modern healthcare environment…

At last count I needed something like 17 different passcodes and passwords plus 12 different actual physical keys to do my job. The IT department constantly remind us that writing them down is a potential security risk…

We all, without exception, write them all down.

Try working in the modern healthcare environment…

At last count I needed something like 17 different passcodes and passwords plus 12 different actual physical keys to do my job.

I was involved briefly and in a minor way with an SSO (single sign on) project in a large hospital a few years ago. The project was supposed to do away with a lot of that.

It was going very, very badly indeed when I left, a poster child for how not to do things. Sell something fundamentally not fit for purpose that the installation techs had never seen before to an organisation institutionally resistant to change and stand back.

mrblobby – Member

I’m not! That’s pretty sloppy coding. If that’s indicative of the quality of the rest of their implementation then I’d be quite worried.

Well Microsoft, Google, Apple, and Samsung can’t release bug free software, hell, even OpenBSD can’t claim zero exploits any more. So what makes you think a small startup will be able to?

And how long would it take those companies to get a fix out?

That’s what postit notes are for. All my client’s passwords are stuck on my monitor….

My gf had to do research for tv programme about online dating. That meant trying to find people who used online dating sites and asking them if they’d want to take part.

Problem with this was if you set up a profile you only ‘see’ people looking for that age/gender/orientation. So she had to set up dozens and dozens of profiles – male, female, gay, straight, young, old, north, south. Each with a unique login and password. Then numerous burner hotmail accounts for the creeps that kept asking her for blow jobs. Then repeat all those for each dating site, then keep repeating them because sites would think she was contacting too many people and lock her account. She made around a 1000 contacts to whittle down to about half a dozen people who’d actually end up being interviewed

Our office in the spare room looked like that scene where Carrie loses her marbles in Homeland

I had a dickens of a job trying to set a password for my Oyster card, it kept refusing my suggestions, until I realised that there was a rule regarding a character that wasn’t stated in the list of rules for setting up a password! 🙄
For one memorable password that requires an ever changing choice of three characters from the main password I used the make, model and registration number of an old car, as one continuous word.
Another useful source of non-dictionary words is foreign aboriginal languages, in particular North American, which is very rich in unusual words, some of which have been used as the titles of a series of films with music soundtracks.
Of course, they can be difficult to remember, although repetition will make them easier to remember.