1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Largest-ever password study: We are all idiots

Discussion in 'Tech Talk - Gadgets, Gizmos and Technology' started by Mark Holtz, Jun 2, 2012.

  1. spartanstew

    spartanstew Dry as a bone

    12,561
    61
    Nov 16, 2005
    Wylie, Texas
    In a previous job, most of the employees were field based and had laptops. The company's security required everyone to change their password every 60 days (with no repeats). 90% of the employees would write their current password on a piece of tape that they adhered to the bottom of their laptop (or right below the keyboard). Quite a security system.
     
  2. James Long

    James Long Ready for Uplink! Staff Member Super Moderator DBSTalk Club

    45,328
    915
    Apr 17, 2003
    Michiana
    While changing your password occasionally is a good idea I hate forced change systems because they do lead to written passwords or passwords saved in files on computers where cracking the PC password (or having admin rights) could expose all passwords quickly.
     
  3. Steve

    Steve Well-Known Member

    23,041
    148
    Aug 22, 2006
    Lower...
    Some interesting password advice by the guys at GRC can be found here.

     
  4. dennisj00

    dennisj00 Hall Of Fame

    9,679
    191
    Sep 27, 2007
    Lake Norman, NC
    The other thing to remember is when answering the two or three 'security' questions - 'What is your Mother's maiden name, what high school did you go to, what was your first car', answer them with wrong answers that nothing in your bio history could answer.

    Of course, you need to remember what you answered!
     
  5. swyman18

    swyman18 Legend

    307
    13
    Jan 12, 2009
    Interesting thread... It's made me check out that LastPass program which seems like gets a lot of positive reviews. But help me out here... isn't it a bad idea to basically have all your passwords stored with one cloud based service? What if their servers get hacked? I suppose there is always a risk with anything like that, it just seems like you are putting an awful lot of trust in them to store and manage your passwords for you.
     
  6. dennisj00

    dennisj00 Hall Of Fame

    9,679
    191
    Sep 27, 2007
    Lake Norman, NC
    Steve, without reading your more. . . . dog. . . . .
     
  7. spartanstew

    spartanstew Dry as a bone

    12,561
    61
    Nov 16, 2005
    Wylie, Texas
    Man, I hate those questions. So many sites have a selection of questions that I don't have a specific answer to.

    Favorite Actor (don't have one)
    Street you grew up on (grew up on about 15)
    Favorite Teacher (had many)
    Etc.
     
  8. dennisj00

    dennisj00 Hall Of Fame

    9,679
    191
    Sep 27, 2007
    Lake Norman, NC
    That's my point. Don't give the answer that anyone would connect.

    Favorite teacher, Ms. Crabapple, street you grew up on . . . easystreet . .

    Nothing that google or anybody could figure out.
     
  9. Steve

    Steve Well-Known Member

    23,041
    148
    Aug 22, 2006
    Lower...
    Yup. Because it's a character longer, it's twice as strong as the other one, according to that "howsecureismypassword" link.

    Size matters with passwords too. :p
     
  10. spartanstew

    spartanstew Dry as a bone

    12,561
    61
    Nov 16, 2005
    Wylie, Texas
    I would never remember them either.
     
  11. dpeters11

    dpeters11 Hall Of Fame

    16,252
    490
    May 30, 2007
    Cincinnati
    The beauty of their system, you don't have to trust them. Everything is encrypted, but they don't have the decryption key.

    This goes into detail. This is the text version, the audio is also available. I think the discussion starts at about the hour mark. They dive deep into the security.
    http://www.grc.com/sn/sn-256.htm

    They do support multi-factor encryption. Some requires their paid ($12 a year) service, but there are some they support for free.
     
  12. dennisj00

    dennisj00 Hall Of Fame

    9,679
    191
    Sep 27, 2007
    Lake Norman, NC
    I put these in a wierd Contact Notes in Outlook that my PC would have to be hacked to find out.
     
  13. James Long

    James Long Ready for Uplink! Staff Member Super Moderator DBSTalk Club

    45,328
    915
    Apr 17, 2003
    Michiana
    Isn't the password capital D zero g?
     
  14. Steve

    Steve Well-Known Member

    23,041
    148
    Aug 22, 2006
    Lower...
    + the 20 periods.
     
  15. swyman18

    swyman18 Legend

    307
    13
    Jan 12, 2009
    Interesting, thank you!
     
  16. dennisj00

    dennisj00 Hall Of Fame

    9,679
    191
    Sep 27, 2007
    Lake Norman, NC
    Y, I was just typing quickly verses the other one that I would have never typed correctly!
     
  17. dennisj00

    dennisj00 Hall Of Fame

    9,679
    191
    Sep 27, 2007
    Lake Norman, NC
    Actually, dog. . . . . . . . . . . . (not sure how . many I counted) is pretty secure!
     
  18. James Long

    James Long Ready for Uplink! Staff Member Super Moderator DBSTalk Club

    45,328
    915
    Apr 17, 2003
    Michiana
    I'll have to remember that trick ... and not use it here. :lol:
     
  19. Shades228

    Shades228 DaBears

    6,081
    45
    Mar 18, 2008
    Best way to create a unique password is just spell the word wrong. If you have to change passwords just add a 3 digit number to it and add 1 each time.

    Since we're talking security you can keep a list of them in an encrypted file that you only know the password to. This is similiar to having like passkey except you don't have to have internet access.

    I use http://www.truecrypt.org/ and have it create an encrypted file which I keep all my financial documents in as well. Each person in my house has one and it contains a list of all their passwords and anything else they need for personal reasons that we wouldn't want anyone to have access to. It also makes it easier to make backups into the cloud and hard medium without having to worry about adding and removing directories or having that information lost/stolen.
     
  20. wilbur_the_goose

    wilbur_the_goose Hall Of Fame

    4,476
    49
    Aug 16, 2006
    These challenge questions are required by the US Government (FFIEC) for banking websites.

    By the way, the password "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" is many times more complex to crack than "8F&@kkla"

    PS - While we're talking password security - PLEASE make sure your wireless router uses WPA2 encryption with a long key. WEP is as good as no protection at all.
     

Share This Page