|
|
|
|
| Author |
|
|
?
Join Date: Apr 2002
Posts: 30,517
|
How long are your passwords?
I've been using several different ones over the years (changing them as needed) for several different levels of security. That said, I've typically kept them less than 10 characters or so even though they're random and not likely to be "guessed". Dang processors have gotten fast enough so it only takes less than 60 seconds to "crack" most passwords of this length I now learn
 . So, I reckon it's time for this ol' dawg to learn a new trick....LONG passwords (i.e a long sentence) seems be the way of the future out of necessity....YMMV.
|
||
06-10-2015, 09:24 PM
|
|
|
Registered
|
On a windows machine, open powershell and type: [guid]::NewGuid(). You will get something that looks like this: ba76b0c6-9f23-49c2-92ec-ce9adff7d51e
Use that - or as much as you can remember - as your password. Try to make a sentence out of it to make it easier to remember. |
||
|
06-10-2015, 10:11 PM
|
|
|
Registered User
Join Date: Sep 2012
Location: Växjö Sweden/Hannover Germany
Posts: 1,135
|
Yes, the processors are fast, but most systems only allow a certain amount of login tries before the account is locked. So that is not the way to hack into an account, they dont guess your password several million times per second and try them.
Passwords normally are saved encrypted in a DB. The fast processors are faster to decrypt the passwords. And then it does not matter how complicated the password is then. The only thing that matters is how secure the encryption is. If the encryption is cracked, then every password with that encryption is visible, no matter how complicated. And every string is just a string of characters to the machine. jnedfuhwerh23hehf28hf23 is equally hard to decrypt as a string of words with the same length who are easy to remember. |
||
|
06-10-2015, 11:03 PM
|
|
|
Registered
|
Here is the password generator that I use.
__________________
'85 Carrera Iris Blue Metallic Coupe |
||
|
06-11-2015, 12:33 AM
|
|
|
Registered
|
I use sentences that I can remember, and throw in as many non-english words as I can. I figure a sentence in English, Spanish, and German is going to be hard to guess, if it is attacked in that way.
Still, I have my passwords saved as images in a database in an encrypted folder.
__________________
. |
||
|
06-11-2015, 02:22 AM
|
|
|
I'm with Bill
Join Date: Jun 2005
Location: Scottsville Va
Posts: 24,186
|
Like mentioned before it really isn't your passwords it's the data base that stores them where the issue lies.
I don't really worry about passwords much but more the device I am using them on. There is no banking info or any app along those lines on my phone, nor is the email service that has my banking on it. I use yahoo for banking and google for my phone. I am not going to make it easy for someone to get access to my stuff but if someone is really determined to get at my credit rating of 247 and the $9.18 in my savings acct. then they are going to get it. One thing that allows me sleep well at night is my bank. I have had my checking acct hacked three times over the last ten years, and getting it resolved was very easy with a simple trip to the office with my statement and check ledger.
__________________
Electrical problems on a pick-up will do that to a guy- 1990C4S |
||
|
06-11-2015, 03:12 AM
|
|
|
|
Did you get the memo?
Join Date: Mar 2003
Location: Wichita, KS
Posts: 32,551
|
It really doesn't matter. You can have the greatest password on Earth, but then the website gets hacked and they have your data anyway. It always amuses me how IT Security weenies create password rules that virtually guarantee you will have to write them down, make you change them every 30 days, but then can't protect the data. Yes, overly convoluted password rules are a pet peeve of mine.
__________________
‘07 Mazda RX8-8 Past: 911T, 911SC, Carrera, 951s, 955, 996s, 987s, 986s, 997s, BMW 5x, C36, C63, XJR, S8, Maserati Coupe, GT500, etc |
||
|
06-11-2015, 03:34 AM
|
|
|
?
Join Date: Apr 2002
Posts: 30,517
|
Quote:
 . For the "average" user....this simple technique trumps all other approaches, isn't platform/device dependent, etc. and is KISS (simple)....YMMV.
|
||
|
06-11-2015, 03:34 AM
|
|
|
Registered User
Join Date: Sep 2012
Location: Växjö Sweden/Hannover Germany
Posts: 1,135
|
Quote:
And in future it will be harder to take a trip to that office as they are closing more and more of them. Good luck making all this online or via phone. |
||
|
06-11-2015, 03:37 AM
|
|
|
I'm with Bill
Join Date: Jun 2005
Location: Scottsville Va
Posts: 24,186
|
I should mention I use a credit union for my banking, one detail I forgot to mention
__________________
Electrical problems on a pick-up will do that to a guy- 1990C4S |
||
|
06-11-2015, 03:41 AM
|
|
|
?
Join Date: Apr 2002
Posts: 30,517
|
Quote:
. Banks/Credit Union/Service provider "detects" fraud EVERY single day here in the states....I've had my debit # "stolen" before too. Just a minor inconvenience before on my end and the bank/CU (for me too) will ALWAYS eat any loss....it's just the "cost of doing business" for them. I also spent the first half of my IT career in banking....brings back painful memories 
Last edited by KFC911; 06-11-2015 at 03:46 AM.. |
||
|
06-11-2015, 03:44 AM
|
|
|
Registered
|
Quote:
 I don't use real words, or sentences in any of my passwords other than my home PC, FWIW.
__________________
Guy '87 944 (first porsche/project car) |
||
|
06-11-2015, 05:52 AM
|
|
|
|
Registered
|
My passwords are 16-24 characters. I use LastPass to manage them - means you only need to remember one password.
__________________
Mat P 1988 911 Carrera |
||
|
06-11-2015, 06:07 AM
|
|
|
Registered
Join Date: May 2005
Location: trumpistan
Posts: 9,911
|
I forget my passwords
__________________
Enemy of the State Brandolini’s Law: It takes hours more time, research, and writing to debunk misinformation than it takes to spread it. |
||
|
06-11-2015, 06:13 AM
|
|
|
Get off my lawn!
|
I am looking for the perfect password app. With different web site that I have accounts with numerous email accounts and devices. I want a way to enter my passwords from several devices and many web sites and programs.
__________________
Glen 49 Year member of the Porsche Club of America 1985 911 Carrera; 2017 Macan 1986 El Camino with Fuel Injected 350 Crate Engine My Motto: I will never be too old to have a happy childhood! |
||
|
06-11-2015, 06:36 AM
|
|
|
Registered
|
Glen - check out LastPass. It stores an encrypted password file on each of your devices plus in their cloud. You actually launch your websites from inside LastPass itself via the browser plug in. It will auto log in for you.
__________________
Mat P 1988 911 Carrera |
||
|
06-11-2015, 06:44 AM
|
|
|
?
Join Date: Apr 2002
Posts: 30,517
|
Quote:
. Just started this thread as a suggestion guys (for the average user). Bottom line....use longer passwords than 8-10 characters. Unless it changes every single minute, then 6 digits is OK too. That's how pw's were "secured" in my former life....all ya had to do was remember your key FOB...and the dozens of systems behind it....many with unique pw(s)....back in the day
|
||
|
06-11-2015, 06:45 AM
|
|
|
Moderator
|
Quote:
Using sentence-long passwords isn't really a good answer either - the longer the password, the greater chance of misspelling it and getting locked out of the device or application. Two areas that show promise are: 1. Dual-authentication systems: for example - the typical card reader security locks are now being replaced with a card reader / keypad combination - you still have to swipe a card, but you also have to authenticate that card by entering a 4 to 8 digit code. I believe some applications like Facebook are implementing stuff like this by using your cell phone number as a secondary layer of authentication besides your password. 2. Biometrics: this has been around for a long time, but is getting a little more traction again -- I've used fingerprint access points to get into my datacenter for years - and now the same technology is at the consumer level - as found in the newer iPhones. Some folks feel it is not quite ready, but I really like the ability to unlock my iPhone using my fingerprint as authentication. It works very well for me, and since my fingers are hopefully attached to the rest of my body, it makes it very difficult for a thief to get into my phone without my knowledge. Quote:
Best cloud to store passwords in are your brain. Still the hardest thing to hack. -Z-man.
__________________
2010 Cayman S - 12-2020 - 2014 MINI Cooper S Coupe - 05-17 - 05-21 1989 944S2 - 06-01 - 01-14 Carpe Viam. <>< |
||
|
06-11-2015, 07:10 AM
|
|
|
Information Junky
Join Date: Mar 2001
Location: an island, upper left coast, USA
Posts: 73,189
|
Quote:
__________________
Everyone you meet knows something you don't. - - - and a whole bunch of crap that is wrong. Disclaimer: the above was 2¢ worth. More information is available as my professional opinion, which is provided for an exorbitant fee. 
|
||
|
06-11-2015, 07:26 AM
|
|
|
Registered
|
Quote:
Since we are in healthcare if we find a Post-It with your AD password you can be terminated. Passwords for forums such as this aren't as complex as what I use for banking and such. Again, to keep people from gaining access not script kiddies and such.
__________________
Brent The X15 was the only aircraft I flew where I was glad the engine quit. - Milt Thompson. "Don't get so caught up in your right to dissent that you forget your obligation to contribute." Mrs. James to her son Chappie. |
||
|
06-11-2015, 07:55 AM
|
|
1987 Porsche 944
2009 Ford Mustang
Carrera
1989 Porsche 944S2 3.0l 16v 4cyl
BB
