1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Largest-ever password study: We are all idiots

Discussion in 'Tech Talk - Gadgets, Gizmos and Technology' started by Mark Holtz, Jun 2, 2012.

  1. Jun 2, 2012 #1 of 93
    Mark Holtz

    Mark Holtz Day Sleeper DBSTalk Club

    10,514
    88
    Mar 23, 2002
    Sacramento, CA
    From Venturebeat:

    Largest-ever password study: We are all idiots
    FULL ARTICLE HERE

    Sigh.... use a password manager like KeePass or Lastpass. Check out www.howsecureismypassword.net ....
     
  2. Jun 2, 2012 #2 of 93
    RasputinAXP

    RasputinAXP Kwisatz Haderach of Cordcuttery

    3,145
    12
    Jan 23, 2008
    I'm not. Sure, my stupid-low-security stuff sucks but for legitimate passwords? Minimum 10 digits, numbers, mixed case and special characters. Then again it may be that I'm one of Those Guys.

    edit: Wait a minute, 70 million Yahoo users??! That's not even fair. That's like saying 70 million elementary school students.
     
  3. Jun 2, 2012 #3 of 93
    hdtvfan0001

    hdtvfan0001 Well-Known Member

    32,456
    258
    Jul 28, 2004
    For those of us who have over 50+ passwords to manage between work and home...passwords are a major pain in the butt period. Unfortunately, they are a necessary evil for security.

    To the point of the article...in the real world...I have actually seen people use password as their password. :rolleyes:
     
  4. Jun 2, 2012 #4 of 93
    Davenlr

    Davenlr Geek til I die

    9,139
    28
    Sep 16, 2006
    I find myself not creating accounts I would otherwise create for sites that do this. It totally pisses me off when I enter 5 passwords and the site tells me they arent good enough. I end up clicking off the page.

    Ive always wondered why bank pins are only 4 numbers, but an internet site requires 9 characters and MUST contain at least 1 number, one upper case, one lower case, and the thumb print of your first born.
     
  5. Jun 2, 2012 #5 of 93
    Marlin Guy

    Marlin Guy Hall Of Fame

    2,129
    7
    Apr 8, 2009
    "It would take a desktop PC About 600 years to hack your password"

    Thanks.
     
  6. Jun 2, 2012 #6 of 93
    AntAltMike

    AntAltMike Hall Of Fame

    3,789
    108
    Nov 20, 2004
    College...
    Now that I've given them my passwords to evaluate, how long will it take them to find out who I am and clean out my bank account?
     
  7. Jun 2, 2012 #7 of 93
    Laxguy

    Laxguy Honi Soit Qui Mal Y Pense.

    15,364
    580
    Dec 2, 2010
    Winters,...
    I prefer "secret"... heh, heh. Or maybe "user".... :sure:

    I make a real distinction between PWs that if someone had it, it wouldn't bother me. Such as for a .yahoo or gmail account. And those where I could lose something of value. If someone logged in as me on, say DIRECTV®'s site and made changes or ordered movies, it'd be inconvenient but not a real hit.
     
  8. Jun 2, 2012 #8 of 93
    kevinturcotte

    kevinturcotte Active Member

    3,957
    1
    Dec 19, 2006
    Outside...
    My WPA2 password: "It would take a desktop PC about 44 novemvigintillion years to hack your password" Whatever that means lol
     
  9. Jun 2, 2012 #9 of 93
    Laxguy

    Laxguy Honi Soit Qui Mal Y Pense.

    15,364
    580
    Dec 2, 2010
    Winters,...
    Yeah, even the Nigerian "bankers" don't require that level!:hurah:

    And, yeah, you really do need high security for a site you'll visit once or twice....:nono2:
     
  10. Mark Holtz

    Mark Holtz Day Sleeper DBSTalk Club

    10,514
    88
    Mar 23, 2002
    Sacramento, CA
    Wimp. I count 280 unique passwords in my collection.
     
  11. Laxguy

    Laxguy Honi Soit Qui Mal Y Pense.

    15,364
    580
    Dec 2, 2010
    Winters,...
    Hah! I guess that's beyond our lifetimes!

    I did a bad thing. I entered a naughty word, that begins with "mother". Here's what it showed:

    I then entered another word one doesn't use in polite company, but it's in the Latin tongue so to speak. It would take 169 days to crack.

    This one, that they generated, Pre|>|>ed Lander, would take 52 Trillion years, but all the times seem way too long.
     
  12. Laxguy

    Laxguy Honi Soit Qui Mal Y Pense.

    15,364
    580
    Dec 2, 2010
    Winters,...
    How do you keep track, and what's the security on that?
     
  13. billsharpe

    billsharpe Hall Of Fame

    2,694
    72
    Jan 25, 2007
    Southern...
    How about eight asterisks in a row? Then you can see your password as you type it in...
     
  14. dpeters11

    dpeters11 Hall Of Fame

    16,335
    501
    May 30, 2007
    Cincinnati
    I do highly recommend LastPass, but at least padding a password is a good start. Even if you take the base password of "Password", making it something like {{{<<<Password!>>>}}} helps.

    What irritates me is when various sites have varying requirements. Can't use that password, too long. Thy don't allow that character etc.

    Myself, I use LastPass and have it set to require my Yubikey if it's not a previously known system. One of my strongest passwords is for my primary email, since that's where "I forgot my password" emails go to.
     
  15. spartanstew

    spartanstew Dry as a bone

    12,566
    61
    Nov 16, 2005
    Wylie, Texas
    I use the same password when ever I can (currently use it for about 50 sites) and a secondary that I use when I can't (another 20 sites or so).

    Not the smartest thing, but it only takes me a couple of attempts on any site to figure out what my password is.

    For the record, it's mixture of letters and numbers, including some capitalization and the link above states it would take a PC 106 years to crack it, so that's good enough for me.
     
  16. Shades228

    Shades228 DaBears

    6,081
    45
    Mar 18, 2008
    There are some good methods out there for making different passwords for each site you can't forget.

    Most of them tell you to pick a date and then pick something from the name of the site you're on. Then you mix it up in a manner that you use consistantly for every site. This way you never have a repeat password but cannot forget them.

    Those calculators are usually based on brute force methods which are rarely used due to most systems having detection and prevention methods for that. Hash cracking is the most common and effective.
     
  17. dennisj00

    dennisj00 Hall Of Fame

    9,689
    195
    Sep 27, 2007
    Lake Norman, NC
    Possibly because there's a video camera involved?!!
     
  18. BubblePuppy

    BubblePuppy Good night dear Smoke... love you & "got your butt

    5,283
    5
    Nov 3, 2006
    From Hacker News:
    http://blog.cloudflare.com/post-mortem-todays-attack-apparent-google-app
     
  19. dpeters11

    dpeters11 Hall Of Fame

    16,335
    501
    May 30, 2007
    Cincinnati
    Supposedly the inventor was going to go with a 6 digit number, but his wife said she would only be able to remember 4. I wish it had been at least 5, 4 is too easy to just use a birthdate.
     
  20. James Long

    James Long Ready for Uplink! Staff Member Super Moderator DBSTalk Club

    45,938
    1,023
    Apr 17, 2003
    Michiana
    A work password: About 32 billion years.
    My work password: About 8 seconds.
    My oldest living password: About 8 seconds.
    My favorite password: About 3 days.

    I don't trust the estimate completely. For example, my name comes up as "About 6 Hours" but with a space it shows as "About 4 Years". Capitalizing the last name makes it "About 128 Days" and both the capitalizing and the space makes it "About 412 years". My birthday as 8 digits is 0.4 seconds. Spelled out "About 25 million years". The estimate would be completely different if the cracker knew anything about the person they were attacking.
     

Share This Page