A topic near and dear to some people’s hearts.

Apologies if already covered.

http://www.nbcnews.com/tech/security/forget-everything-you-know-about-passwords-says-man-who-made-n790711

Link doesn’t work.

[Mod Edit: it does now]

I read about these things a few years ago..
Something like:
“Xyo90+.g” is harder to remember, and easier to crack, than
“carplaneParisPeter” – four easily remembered, personal words all packed together.

DrP

http://www.nbcnews.com/tech/security/forget-everything-you-know-about-passwords-says-man-who-made-n790711

battery horse staple cartoon in 5.. 4…

Indeed. 😀

You mean there are other passwords than ‘password’?

Who knew?

*correct* horse battery staple

Conversely, I find that with longer passwords I make too mistakes typing them….

For long, rarely entered, hard to defeat passwords, like on my home wifi for instance, I’ve started using song lyrics with simple letter substitutes.

Good luck cracking “MaryHadALittleLambItsFleeceWasWhiteAs5now” in a reasonable timeframe.

Or just get your Mac/iPhone to take care of them all for your, then you’ve only got to remember one 🙂

Interesting to see if the suggested passwords from Safari and 1Password etc start to change.

Is it..
MaryHadALittleLambItsFleeceWasWhiteAs5now ?

Anyway, I’ve been using a single plain word password for 20 years and never had it cracked.

Is it pissgibbon?

Is it..
MaryHadALittleLambItsFleeceWasWhiteAs5now ?

No, that was but a cunning subterfuge on my part 😀

Anyway, I’ve been using a single plain word password for 20 years and never had it cracked.

And if I could be bothered I’d dig out the password dump of this site when was cracked back in December 2008 and tell you what it was 😀

MaryHadALittleLambIt5FleeceWasWhiteAsSnow ?

Shit! Binners has mine cracked already. 😥

if I could be bothered I’d dig out the password dump of this site when was cracked back in December 2008 and tell you what it was

Ah, this site – I’m still using the randomly generated one it supplied me with when I signed up. Crack away. 🙂 Might improve my popularity

Is DezB a pissgibbon?

Yes. Yes he is.

DrP

I’ll have to change it now. gawd, what else can I remember..?

You mean there are other passwords than ‘password’?

Pa55w0rd

Don’t tell anyone else though.

Spongletrumpet

I’ve got numerous systems for work all with different passwords so I’ve ended up with a password protected spreadsheet full of passwords (currently 23 different passwords!) 🙄

Same here. All in a password protected spreadsheet.

My work make you do the word plus symbols plus numbers plus capitals thing changed every 3 months to something different – no changing just the number. – result is most folk write their passwords down and the IT helpdesk has to have a special password reset section.

want to check your medical records? wait until you can get to a free nhs computer. Open the top drawer in the desk and copy the password from the postit inside the drawer. Bingo – you are into the NHS computer system

Might as well write them on a sheet of paper. Security on a spreadsheet is unless.

If you don’t want to pay for lastpass or similar then keepass is free and works across devices.

Anyway, I’ve been using a single plain word password for 20 years and never had it cracked.

Your LastFm account was hacked.

want to check your medical records? wait until you can get to a free nhs computer. Open the top drawer in the desk and copy the password from the postit inside the drawer. Bingo – you are into the NHS computer system

You don’t use Smartcards? How primative.

Your LastFm account was hacked

Was it? When was this? 2001?

LastPass is free I think

result is most folk write their passwords down

yep that is the biggest pain in the world and seems to be old info. Most folks have several passwords now and so it would get out of control if they all changed every 3 months unless they learn to do it in sync but folks expect it to just work

We used to have personal smartcards. Too many got lost, too slow to issue them so new folk couldn’t get on the system for weeks so now anyone can use anyone’s card – all the card does is start the puter and open the password screen – the card will be in the top drawer along with the password. 😉 I have even seen cards with the password written on them. User names are just first name dot last name. Not been a serious breach yet – but one day there will be I bet. the human factor at work again.

Weird, can’t remember the last (huh) time I used Last.fm, but just tried it and it does have that password! 😆

Anyway, I’ve been using a single plain word password for 20 years and never had it cracked.

That’s it, you’ve convinced me. I’m changing my 50-odd randomly generated passwords to a single word immediately.

What word are you using, just so I can make sure I don’t use the same one?

Leffe – the way our systems are worked now you actually can’t change passwords in sync. I used to do it so I just had the one password for the 4 different things I use – but this is no longer possible.

there is this huge gulf between the IT folk and the healthcare staff – many of whom are really not computer literate.

You don’t use Smartcards? How primative.

You can’t spell? How primitive.

DezB – Member
Is it..
MaryHadALittleLambItsFleeceWasWhiteAs5now ?

Nice going, you only had another 2 guesses before the account was locked out 🙂

are pissgibbons primative?

I can just about manage the caps/number/symbol randomness. The one that really boils my p**s is the ‘password must be exactly x characters in length’ one

battery horse staple cartoon in 5.. 4…

Woo! 😆

Your LastFm account was hacked.

It was. And your MySpace account.

---

Last.fm: In March 2012, the music website Last.fm was hacked and 43 million user accounts were exposed. Whilst Last.fm knew of an incident back in 2012, the scale of the hack was not known until the data was released publicly in September 2016. The breach included 37 million unique email addresses, usernames and passwords stored as unsalted MD5 hashes.

Compromised data: Email addresses, Passwords, Usernames, Website activity

---

MySpace: In approximately 2008, MySpace suffered a data breach that exposed almost 360 million accounts. In May 2016 the data was offered up for sale on the “Real Deal” dark market website and included email addresses, usernames and SHA1 hashes of the first 10 characters of the password converted to lowercase and stored without a salt. The exact breach date is unknown, but analysis of the data suggests it was 8 years before being made public.

Compromised data: Email addresses, Passwords, Usernames

I think anyone who doesn’t use a password manager these days is really not doing themselves any favours. Plus 2 factor authentication where possible (especially on things like email, dropbox etc.).

‘Have I been pwned?’ is great for checking this kind of thing.

https://haveibeenpwned.com/

EDIT: which is where Cougar is getting his above info from.