The Most Popular Password

[KMEM]

[i really am trying to understand here, but I get the feeling that like eliminating liquid carry-ons and taking off my shoes at an airport, this is a security measure that we all adhere to but doesn't stand up to logic.

 

Kevin Slater

 

KS-

 

I know you are a smart guy but what took you so long to understand this?

 

Best regards,

KMEM

[MsGuy]

I suspect changing your password occasionally has less to do with brute force code cracking and more to do with general security procedures. Maybe that guy seated next to you on the plane wasn't paying as much attention to the inflight movie as you thought, maybe a now discharged fellow employee picked up on it, that kind of thing.

[Guest PWIT]

I'm sure I'm being dense here, but how can they crack my password in anything but real time? If they go to my bank's website and try 123456, then 123457, etc., it either works or it doesn't, right?

 

Many sites have something like X bad attempts and you are locked out for Y minutes. If you know the time limit, you can set up a password cracker algorithm to try spread login attempts over time - so as not to keep making attempts during temporary lockout periods.

[JackTwist]

Thanks Lucky

 

Lucky, Thanks for the interesting and revealing thread. Reading the article led me to change a couple of my lame online passwords.

[+ deej]

Thanks, but I still don't get it. By that logic, I'm only safer if I switch to a more obvious password that they've already tried and eliminated, 123456 for instance. They can't tell when I change my password, so they don't know they have to start from scratch. Or what's the advantage to one untested password over another? If they've yet to try bunnyfarts why am I better off changing to poodlefisting?

 

I really am trying to understand here, but I get the feeling that like eliminating liquid carry-ons and taking off my shoes at an airport, this is a security measure that we all adhere to but doesn't stand up to logic.

 

You're assuming you are the only one who ever has or knows your password. You're not.

 

Your bank (or other online merchant) has stored your password in a database. How else would they recognize it when you provide it?

 

If they're at all reliable, that database will be replicated to multiple locations spread around the globe so that they can offer multiple-redundant service in case one of the databases goes down temporarily. It will also be backed up all over the globe.

 

Every one of those copies of your password is a security risk. How many times have you seen news stories of inDUHviduals losing a laptop with customer information or a tape going missing?

 

If you're changing your password regularly, those redundant copies and backups will have a natural timeout. Otherwise, they're a permanent vulnerability.

[kevininsa]

@Kevin-thanks for asking

@Deej-thanks for explaining... I never quite got it before either

 

And Kevin, I agree about liquids and TSA too. 3 oz of cologne, mouthwash, lotion, contact lense saline in each of 3 people's bags and you have 36 oz of ??? But I guess it's just supposed to be a deterrent... though I think if someone wants 36 oz of liquid on a plane bad enough, it's not going to matter.

[+ Lucky]

Lucky, Thanks for the interesting and revealing thread. Reading the article led me to change a couple of my lame online passwords.

 

 

You are welcome. I'll bet a few of us changed some passwords.

[Guest OCBeachbody]

What so funny is hat i remained my boss that "123456" was widely known as the most common password. In 1987, Mel Brook's cracks a joke about that in Spaceballs: THE MOVIE when they discover the Secret Code for the Air Shield was "123456", and happened to be President Scrooge's combo on his luggage too!

 

Passwords are easy to hack, depending on what you are trying to gain access.

From what I read it super easy to get especially with everyone using wireless, paper trailes we leave left and write, etc.... it's quiet a pain. I am urprise they haven't tried cryptographs, riddles, or other puzzles as passwords...lol