DBSTalk Forum banner
1 - 20 of 93 Posts

· New Texan
Joined
·
11,467 Posts
Discussion Starter · #1 ·
From Venturebeat:

Largest-ever password study: We are all idiots
The largest-ever study on user-selected password security shows that no matter how old you are or what language you speak, your password probably sucks.

The study, conducted by Joseph Bonneau at the University of Cambridge, analyzed the password strength of about 70 million Yahoo users. While the data was protected with hashing and Bonneau was unable to see individual account info, he was still able to measure relative strength of passwords across various demographics like age, gender, and nationality.
FULL ARTICLE HERE

Sigh.... use a password manager like KeePass or Lastpass. Check out www.howsecureismypassword.net ....
 

· Kwisatz Haderach of Cordcuttery
Joined
·
3,148 Posts
I'm not. Sure, my stupid-low-security stuff sucks but for legitimate passwords? Minimum 10 digits, numbers, mixed case and special characters. Then again it may be that I'm one of Those Guys.

edit: Wait a minute, 70 million Yahoo users??! That's not even fair. That's like saying 70 million elementary school students.
 

· Registered
Joined
·
31,115 Posts
For those of us who have over 50+ passwords to manage between work and home...passwords are a major pain in the butt period. Unfortunately, they are a necessary evil for security.

To the point of the article...in the real world...I have actually seen people use password as their password. :rolleyes:
 

· Geek til I die
Joined
·
9,822 Posts
. He also says that businesses that make people create passwords should make users pick tougher passcodes. "A stricter password selection policy might produce distributions with significantly higher resistance to guessing," Bonneau wrote.
I find myself not creating accounts I would otherwise create for sites that do this. It totally pisses me off when I enter 5 passwords and the site tells me they arent good enough. I end up clicking off the page.

Ive always wondered why bank pins are only 4 numbers, but an internet site requires 9 characters and MUST contain at least 1 number, one upper case, one lower case, and the thumb print of your first born.
 

· Honi Soit Qui Mal Y Pense.
Joined
·
15,115 Posts
hdtvfan0001 said:
For those of us who have over 50+ passwords to manage between work and home...passwords are a major pain in the butt period. Unfortunately, they are a necessary evil for security.

To the point of the article...in the real world...I have actually seen people use password as their password. :rolleyes:
I prefer "secret"... heh, heh. Or maybe "user".... :sure:

I make a real distinction between PWs that if someone had it, it wouldn't bother me. Such as for a .yahoo or gmail account. And those where I could lose something of value. If someone logged in as me on, say DIRECTV®'s site and made changes or ordered movies, it'd be inconvenient but not a real hit.
 

· Honi Soit Qui Mal Y Pense.
Joined
·
15,115 Posts
Davenlr said:
I find myself not creating accounts I would otherwise create for sites that do this. It totally pisses me off when I enter 5 passwords and the site tells me they arent good enough. I end up clicking off the page.

Ive always wondered why bank pins are only 4 numbers, but an internet site requires 9 characters and MUST contain at least 1 number, one upper case, one lower case, and the thumb print of your first born.
Yeah, even the Nigerian "bankers" don't require that level!:hurah:

And, yeah, you really do need high security for a site you'll visit once or twice....:nono2:
 

· New Texan
Joined
·
11,467 Posts
Discussion Starter · #10 ·
hdtvfan0001 said:
For those of us who have over 50+ passwords to manage between work and home...passwords are a major pain in the butt period. Unfortunately, they are a necessary evil for security.
Wimp. I count 280 unique passwords in my collection.
 

· Honi Soit Qui Mal Y Pense.
Joined
·
15,115 Posts
kevinturcotte said:
My WPA2 password: "It would take a desktop PC about 44 novemvigintillion years to hack your password" Whatever that means lol
Hah! I guess that's beyond our lifetimes!

I did a bad thing. I entered a naughty word, that begins with "mother". Here's what it showed:

Common Password: In The Top 9,800 Most Used Passwords
Your password is very commonly used. It would be cracked almost instantly.
Possibly A Word
Your password looks like it could be a dictionary word or a name. If it's a name with personal significance it might be easy to guess. If it's a dictionary word it could be cracked very quickly.
I then entered another word one doesn't use in polite company, but it's in the Latin tongue so to speak. It would take 169 days to crack.

This one, that they generated, Pre|>|>ed Lander, would take 52 Trillion years, but all the times seem way too long.
 

· Hall Of Fame
Joined
·
3,254 Posts
hdtvfan0001 said:
For those of us who have over 50+ passwords to manage between work and home...passwords are a major pain in the butt period. Unfortunately, they are a necessary evil for security.

To the point of the article...in the real world...I have actually seen people use password as their password. :rolleyes:
How about eight asterisks in a row? Then you can see your password as you type it in...
 

· Hall Of Fame
Joined
·
16,178 Posts
I do highly recommend LastPass, but at least padding a password is a good start. Even if you take the base password of "Password", making it something like {{{<<<Password!>>>}}} helps.

What irritates me is when various sites have varying requirements. Can't use that password, too long. Thy don't allow that character etc.

Myself, I use LastPass and have it set to require my Yubikey if it's not a previously known system. One of my strongest passwords is for my primary email, since that's where "I forgot my password" emails go to.
 

· Dry as a bone
Joined
·
12,321 Posts
Marlin Guy said:
"It would take a desktop PC About 600 years to hack your password"

Thanks.
I use the same password when ever I can (currently use it for about 50 sites) and a secondary that I use when I can't (another 20 sites or so).

Not the smartest thing, but it only takes me a couple of attempts on any site to figure out what my password is.

For the record, it's mixture of letters and numbers, including some capitalization and the link above states it would take a PC 106 years to crack it, so that's good enough for me.
 

· DaBears
Joined
·
5,992 Posts
There are some good methods out there for making different passwords for each site you can't forget.

Most of them tell you to pick a date and then pick something from the name of the site you're on. Then you mix it up in a manner that you use consistantly for every site. This way you never have a repeat password but cannot forget them.

Those calculators are usually based on brute force methods which are rarely used due to most systems having detection and prevention methods for that. Hash cracking is the most common and effective.
 

· Hall Of Fame
Joined
·
8,882 Posts
Davenlr said:
I find myself not creating accounts I would otherwise create for sites that do this. It totally pisses me off when I enter 5 passwords and the site tells me they arent good enough. I end up clicking off the page.

Ive always wondered why bank pins are only 4 numbers, but an internet site requires 9 characters and MUST contain at least 1 number, one upper case, one lower case, and the thumb print of your first born.
Possibly because there's a video camera involved?!!
 

· Good night dear Smoke... love you & "got your butt
Joined
·
5,262 Posts
From Hacker News:
Post Mortem: Today's Attack; Apparent Google Apps/Gmail Vulnerability; and How to Protect Yourself.
This morning a hacker was able to access a customer's account on CloudFlare and change that customer's DNS records. The attack was the result a compromise of Google's account security procedures that allowed the hacker to eventually access to my CloudFlare.com email addresses, which runs on Google Apps. While we are still working with Google to investigate the details, we wanted to highlight it here to make people aware that they too may be vulnerable to similar attacks and provide a full accounting of what happened.
http://blog.cloudflare.com/post-mortem-todays-attack-apparent-google-app
 

· Super Moderator
Joined
·
54,208 Posts
A work password: About 32 billion years.
My work password: About 8 seconds.
My oldest living password: About 8 seconds.
My favorite password: About 3 days.

I don't trust the estimate completely. For example, my name comes up as "About 6 Hours" but with a space it shows as "About 4 Years". Capitalizing the last name makes it "About 128 Days" and both the capitalizing and the space makes it "About 412 years". My birthday as 8 digits is 0.4 seconds. Spelled out "About 25 million years". The estimate would be completely different if the cracker knew anything about the person they were attacking.
 
1 - 20 of 93 Posts
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top