1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Largest-ever password study: We are all idiots

Discussion in 'Tech Talk - Gadgets, Gizmos and Technology' started by Mark Holtz, Jun 2, 2012.

  1. Jun 2, 2012 #1 of 93
    Mark Holtz

    Mark Holtz Day Sleeper DBSTalk Club

    Mar 23, 2002
    Sacramento, CA
    From Venturebeat:

    Largest-ever password study: We are all idiots

    Sigh.... use a password manager like KeePass or Lastpass. Check out www.howsecureismypassword.net ....
  2. Jun 2, 2012 #2 of 93

    RasputinAXP Kwisatz Haderach of Cordcuttery

    Jan 23, 2008
    I'm not. Sure, my stupid-low-security stuff sucks but for legitimate passwords? Minimum 10 digits, numbers, mixed case and special characters. Then again it may be that I'm one of Those Guys.

    edit: Wait a minute, 70 million Yahoo users??! That's not even fair. That's like saying 70 million elementary school students.
  3. Jun 2, 2012 #3 of 93

    hdtvfan0001 Well-Known Member

    Jul 28, 2004
    For those of us who have over 50+ passwords to manage between work and home...passwords are a major pain in the butt period. Unfortunately, they are a necessary evil for security.

    To the point of the article...in the real world...I have actually seen people use password as their password. :rolleyes:
  4. Jun 2, 2012 #4 of 93

    Davenlr Geek til I die

    Sep 16, 2006
    I find myself not creating accounts I would otherwise create for sites that do this. It totally pisses me off when I enter 5 passwords and the site tells me they arent good enough. I end up clicking off the page.

    Ive always wondered why bank pins are only 4 numbers, but an internet site requires 9 characters and MUST contain at least 1 number, one upper case, one lower case, and the thumb print of your first born.
  5. Jun 2, 2012 #5 of 93
    Marlin Guy

    Marlin Guy Hall Of Fame

    Apr 8, 2009
    "It would take a desktop PC About 600 years to hack your password"

  6. Jun 2, 2012 #6 of 93

    AntAltMike Hall Of Fame

    Nov 20, 2004
    Now that I've given them my passwords to evaluate, how long will it take them to find out who I am and clean out my bank account?
  7. Jun 2, 2012 #7 of 93

    Laxguy Honi Soit Qui Mal Y Pense.

    Dec 2, 2010
    I prefer "secret"... heh, heh. Or maybe "user".... :sure:

    I make a real distinction between PWs that if someone had it, it wouldn't bother me. Such as for a .yahoo or gmail account. And those where I could lose something of value. If someone logged in as me on, say DIRECTV®'s site and made changes or ordered movies, it'd be inconvenient but not a real hit.
  8. Jun 2, 2012 #8 of 93

    kevinturcotte Active Member

    Dec 19, 2006
    My WPA2 password: "It would take a desktop PC about 44 novemvigintillion years to hack your password" Whatever that means lol
  9. Jun 2, 2012 #9 of 93

    Laxguy Honi Soit Qui Mal Y Pense.

    Dec 2, 2010
    Yeah, even the Nigerian "bankers" don't require that level!:hurah:

    And, yeah, you really do need high security for a site you'll visit once or twice....:nono2:
  10. Mark Holtz

    Mark Holtz Day Sleeper DBSTalk Club

    Mar 23, 2002
    Sacramento, CA
    Wimp. I count 280 unique passwords in my collection.
  11. Laxguy

    Laxguy Honi Soit Qui Mal Y Pense.

    Dec 2, 2010
    Hah! I guess that's beyond our lifetimes!

    I did a bad thing. I entered a naughty word, that begins with "mother". Here's what it showed:

    I then entered another word one doesn't use in polite company, but it's in the Latin tongue so to speak. It would take 169 days to crack.

    This one, that they generated, Pre|>|>ed Lander, would take 52 Trillion years, but all the times seem way too long.
  12. Laxguy

    Laxguy Honi Soit Qui Mal Y Pense.

    Dec 2, 2010
    How do you keep track, and what's the security on that?
  13. billsharpe

    billsharpe Hall Of Fame

    Jan 25, 2007
    How about eight asterisks in a row? Then you can see your password as you type it in...
  14. dpeters11

    dpeters11 Hall Of Fame

    May 30, 2007
    I do highly recommend LastPass, but at least padding a password is a good start. Even if you take the base password of "Password", making it something like {{{<<<Password!>>>}}} helps.

    What irritates me is when various sites have varying requirements. Can't use that password, too long. Thy don't allow that character etc.

    Myself, I use LastPass and have it set to require my Yubikey if it's not a previously known system. One of my strongest passwords is for my primary email, since that's where "I forgot my password" emails go to.
  15. spartanstew

    spartanstew Dry as a bone DBSTalk Club

    Nov 16, 2005
    Wylie, Texas
    I use the same password when ever I can (currently use it for about 50 sites) and a secondary that I use when I can't (another 20 sites or so).

    Not the smartest thing, but it only takes me a couple of attempts on any site to figure out what my password is.

    For the record, it's mixture of letters and numbers, including some capitalization and the link above states it would take a PC 106 years to crack it, so that's good enough for me.
  16. Shades228

    Shades228 DaBears

    Mar 18, 2008
    There are some good methods out there for making different passwords for each site you can't forget.

    Most of them tell you to pick a date and then pick something from the name of the site you're on. Then you mix it up in a manner that you use consistantly for every site. This way you never have a repeat password but cannot forget them.

    Those calculators are usually based on brute force methods which are rarely used due to most systems having detection and prevention methods for that. Hash cracking is the most common and effective.
  17. dennisj00

    dennisj00 Hall Of Fame

    Sep 27, 2007
    Lake Norman, NC
    Possibly because there's a video camera involved?!!
  18. BubblePuppy

    BubblePuppy Good night dear Smoke... love you & "got your butt

    Nov 3, 2006
    From Hacker News:
  19. dpeters11

    dpeters11 Hall Of Fame

    May 30, 2007
    Supposedly the inventor was going to go with a 6 digit number, but his wife said she would only be able to remember 4. I wish it had been at least 5, 4 is too easy to just use a birthdate.
  20. James Long

    James Long Ready for Uplink! Staff Member Super Moderator DBSTalk Club

    Apr 17, 2003
    A work password: About 32 billion years.
    My work password: About 8 seconds.
    My oldest living password: About 8 seconds.
    My favorite password: About 3 days.

    I don't trust the estimate completely. For example, my name comes up as "About 6 Hours" but with a space it shows as "About 4 Years". Capitalizing the last name makes it "About 128 Days" and both the capitalizing and the space makes it "About 412 years". My birthday as 8 digits is 0.4 seconds. Spelled out "About 25 million years". The estimate would be completely different if the cracker knew anything about the person they were attacking.

Share This Page