A topic near and dear to some people's hearts.
Apologies if already covered.
[url= http://www.nbcnews.com/tech/security/forget-everything-you-know-about-passwords-says-man-who-made-n790711 ]http://www.nbcnews.com/tech/security/forget-everything-you-know-about-passwords-says-man-who-made-n790711[/url]
Link doesn't work.
[i][Mod Edit: it does now][/i]
I read about these things a few years ago..
Something like:
[b]"Xyo90+.g" [/b] is harder to remember, and easier to crack, than
[b]"car[/b]plane[b]Paris[/b]Peter" - four easily remembered, personal words all packed together.
DrP
battery horse staple cartoon in 5.. 4...
Indeed. 😀
You mean there are other passwords than 'password'?
Who knew?
*[b]correct[/b]* horse battery staple
Conversely, I find that with longer passwords I make too mistakes typing them....
For long, rarely entered, hard to defeat passwords, like on my home wifi for instance, I've started using song lyrics with simple letter substitutes.
Good luck cracking "MaryHadALittleLambItsFleeceWasWhiteAs5now" in a reasonable timeframe.
Or just get your Mac/iPhone to take care of them all for your, then you've only got to remember one 🙂
Interesting to see if the suggested passwords from Safari and 1Password etc start to change.
Is it..
MaryHadALittleLambItsFleeceWasWhiteAs5now ?
Anyway, I've been using a single plain word password for 20 years and never had it cracked.
Is it pissgibbon?
Is it..
MaryHadALittleLambItsFleeceWasWhiteAs5now ?
No, that was but a cunning subterfuge on my part 😀
Anyway, I've been using a single plain word password for 20 years and never had it cracked.
And if I could be bothered I'd dig out the password dump of this site when was cracked back in December 2008 and tell you what it was 😀
MaryHadALittleLambIt5FleeceWasWhiteAsSnow ?
Shit! Binners has mine cracked already. 😥
[i]if I could be bothered I'd dig out the password dump of this site when was cracked back in December 2008 and tell you what it was[/i]
Ah, this site - I'm still using the randomly generated one it supplied me with when I signed up. Crack away. 🙂 Might improve my popularity
Is DezB a pissgibbon?
Yes. Yes he is.
DrP
I'll have to change it now. gawd, what else can I remember..?
You mean there are other passwords than 'password'?
Pa55w0rd
Don't tell anyone else though.
Spongletrumpet
I've got numerous systems for work all with different passwords so I've ended up with a password protected spreadsheet full of passwords (currently 23 different passwords!) 🙄
Same here. All in a password protected spreadsheet.
My work make you do the word plus symbols plus numbers plus capitals thing changed every 3 months to something different - no changing just the number. - result is most folk write their passwords down and the IT helpdesk has to have a special password reset section.
want to check your medical records? wait until you can get to a free nhs computer. Open the top drawer in the desk and copy the password from the postit inside the drawer. Bingo - you are into the NHS computer system
Might as well write them on a sheet of paper. Security on a spreadsheet is unless.
If you don't want to pay for lastpass or similar then keepass is free and works across devices.
Anyway, I've been using a single plain word password for 20 years and never had it cracked.
Your LastFm account was hacked.
want to check your medical records? wait until you can get to a free nhs computer. Open the top drawer in the desk and copy the password from the postit inside the drawer. Bingo - you are into the NHS computer system
You don't use Smartcards? How primative.
[i]Your LastFm account was hacked[/i]
Was it? When was this? 2001?
LastPass is free I think
yep that is the biggest pain in the world and seems to be old info. Most folks have several passwords now and so it would get out of control if they all changed every 3 months unless they learn to do it in sync but folks expect it to just workresult is most folk write their passwords down
We used to have personal smartcards. Too many got lost, too slow to issue them so new folk couldn't get on the system for weeks so now anyone can use anyone's card - all the card does is start the puter and open the password screen - the card will be in the top drawer along with the password. 😉 I have even seen cards with the password written on them. User names are just first name dot last name. Not been a serious breach yet - but one day there will be I bet. the human factor at work again.
Weird, can't remember the last (huh) time I used Last.fm, but just tried it and it does have that password! 😆
Anyway, I've been using a single plain word password for 20 years and never had it cracked.
That's it, you've convinced me. I'm changing my 50-odd randomly generated passwords to a single word immediately.
What word are you using, just so I can make sure I don't use the same one?
Leffe - the way our systems are worked now you actually can't change passwords in sync. I used to do it so I just had the one password for the 4 different things I use - but this is no longer possible.
there is this huge gulf between the IT folk and the healthcare staff - many of whom are really not computer literate.
You don't use Smartcards? How primative.
You can't spell? How primitive.
DezB - Member
Is it..
MaryHadALittleLambItsFleeceWasWhiteAs5now ?
Nice going, you only had another 2 guesses before the account was locked out 🙂
are pissgibbons primative?
I can just about manage the caps/number/symbol randomness. The one that really boils my p**s is the 'password must be exactly x characters in length' one
[img] 
[/img]
battery horse staple cartoon in 5.. 4...
Woo! 😆
Your LastFm account was hacked.
It was. And your MySpace account.
[i]Last.fm: In March 2012, the music website Last.fm was hacked and 43 million user accounts were exposed. Whilst Last.fm knew of an incident back in 2012, the scale of the hack was not known until the data was released publicly in September 2016. The breach included 37 million unique email addresses, usernames and passwords stored as unsalted MD5 hashes.
Compromised data: Email addresses, Passwords, Usernames, Website activity
MySpace: In approximately 2008, MySpace suffered a data breach that exposed almost 360 million accounts. In May 2016 the data was offered up for sale on the "Real Deal" dark market website and included email addresses, usernames and SHA1 hashes of the first 10 characters of the password converted to lowercase and stored without a salt. The exact breach date is unknown, but analysis of the data suggests it was 8 years before being made public.
Compromised data: Email addresses, Passwords, Usernames
[/i]
I think anyone who doesn't use a password manager these days is really not doing themselves any favours. Plus 2 factor authentication where possible (especially on things like email, dropbox etc.).
'Have I been pwned?' is great for checking this kind of thing.
EDIT: which is where Cougar is getting his above info from.
[i]43 million user accounts[/i] - Lastfm
[i] 360 million accounts[/i] - MySpace
So, yes, chances are mine were there! Not cos it was a plain word password though, surely?!
[i]'Have I been pwned?' is great for checking this kind of thing.[/i]
This is not news to some of our mods 😉
So, yes, chances are mine were there! Not cos it was a plain word password though, surely?!
Well, no, though that's an entirely different problem.
The issue here is one of reuse. A simple way of hacking a secure site is to hack an insecure one and hope that people have used the same credentials elsewhere.
The email address and password pair you've used everywhere for the last 20 years is in the hands of criminals. Do you use the same one for this site? Amazon? Paypal? Your bank?
Interesting to see if the suggested passwords from Safari and 1Password etc start to change.
Had a moment earlier this week with the Mrs over this - she used Safari to generate a password, forgot to click "remember me" and instantly forgot the password. She had to click forgotten password within seconds of completing the signup process. What a future we live in!
I think anyone who doesn't use a password manager these days is really not doing themselves any favours.
Something about these don't sit right with me. Eggs in one basket.
TBH, I just have 2 factor on anything actually important. It wouldn't be the end of the world if my STW account was hacked.
Something about these don't sit right with me. Eggs in one basket.
Yeah true. As mentioned above almost everything has an email based password reset these days anyway, so if you lose your password manager then you're probably not totally screwed.
That just makes it all the more important to protect your primary email though, which is where things like 2 factor come in.
Something about these don't sit right with me. Eggs in one basket.
I have a friend who is an Infosec specialist, coming from a hacker background dating back to the 80s. He's forgotten more about computer security than I could possibly hope to learn, and I'm not silly. He advocates using a password manager. I'd humbly suggest that you should consider it too.
