Password Security Tips Wrong

[+ Gar1eth]

https://www.wsj.com/articles/the-man-who-wrote-those-password-rules-has-a-new-tip-n3v-r-m1-d-1502124118

 

Gman

[Kevin Slater]

Article is behind a paywall.

 

Kevin Slater

[nycguy]

The gist of the article is:

 

"Academics who have studied passwords say using a series of four words can be harder for hackers to crack than a shorter hodgepodge of strange characters—since having a large number of letters makes things harder than a smaller number of letters, characters and numbers. In a widely circulated piece, cartoonist Randall Munroe calculated it would take 550 years to crack the password “correct horse battery staple,” all written as one word. The password Tr0ub4dor&3— a typical example of password using Mr. Burr’s old rules—could be cracked in three days, according to Mr. Munroe’s calculations, which have been verified by computer-security specialists."

 

So many sites, however, require the hodgepodge so maybe the password should be "correcthorsebatterystaple1@"?

Edited August 7, 2017 by nycguy

[+ Gar1eth]

Thank you @nycguy. I appreciate the help.

 

Article is behind a paywall.

 

Kevin Slater

 

I'm sorry. It wasn't for me. I'm not a member. But I have the app. There are articles on the app that you don't have to be a paid member to see.

 

 

Here's a similar but not as in depth article not behind a paywall.

 

https://www.google.com/amp/amp.timeinc.net/fortune/2017/05/11/password-rules/%3Fsource%3Ddam

 

One thing the WSJ article makes more of a point than the Google article is that the 4 words you run together shouldn't be related. I mean redrubberballbounces might be easy to figure out. But if you pick some random 4 word and run them together, I'm not sure I will be able to remember them any better than I do my current passwords.

 

Gman

[+ poolboy48220]

"Vatican Cameos" :-)

[rvwnsd]

Article is behind a paywall.

 

Kevin Slater

The premise of the article is the requirement to use a combination of letters, numbers, and special characters forces people to choose usernames and passwords that are easy to guess.

 

So...all you have to do, @Kevin Slater, is keep guessing and you will eventually be able to log into WSJ for free!

[nycguy]

Does anyone know if having your browser save your username and password to automatically log you in increases vulnerability to being hacked?

[Bargara Leatherboy]

I use a nemonic as my passwords,

 

For instance

 

I love hiring hot hunks

 

You use the first letter of each word

 

Add in a Capital letter somewhere abstract in the middle,

 

And some numbers

 

so the password becomes something like this.

 

ilhHh69

[gallahadesquire]

I use a nemonic as my passwords,

 

For instance

 

I love hiring hot hunks

 

You use the first letter of each word

 

Add in a Capital letter somewhere abstract in the middle,

 

And some numbers

 

so the password becomes something like this.

 

ilhHh69

 

This is more guessable than something like countryhorsessraplebattery

[rvwnsd]

supercalifragilisticexpialidocious, perhaps?

[Bargara Leatherboy]

This is more guessable than something like countryhorsessraplebattery

 

You think?

 

The only people who know I hire are the hunks themselves, and my fellow forum readers.

 

So the people trying thank my logins don't stand a chance.

 

( and just in case it was not obvious, ilhHh69 is not a password I use)

[RM]

I don' t change my passwords. If no one has hacked my e-mail password in the last 17 years, why bother changing it? I change all 20 or so passwords at work regularly, but that's because it's required.

[sincitymix]

interesting, i usually go with what im pass wording, plus the name of a pet, plus the sound an animal makes, a number, and a non alphanumeric.

so it would look like Daddiespoochieneigh1!

daddies site, name of pet, horse sound, 1, !

[gallahadesquire]

interesting, i usually go with what im pass wording, plus the name of a pet, plus the sound an animal makes, a number, and a non alphanumeric.

so it would look like Daddiespoochieneigh1!

daddies site, name of pet, horse sound, 1, !

That's a good one. I use curly brackets reversed (right first, then left); cat 's name; and a number.

The Powers That Be tell me it would take years to crack.

[instudiocity]

The gist of the article is:

 

"Academics who have studied passwords say using a series of four words can be harder for hackers to crack than a shorter hodgepodge of strange characters—since having a large number of letters makes things harder than a smaller number of letters, characters and numbers. In a widely circulated piece, cartoonist Randall Munroe calculated it would take 550 years to crack the password “correct horse battery staple,” all written as one word. The password Tr0ub4dor&3— a typical example of password using Mr. Burr’s old rules—could be cracked in three days, according to Mr. Munroe’s calculations, which have been verified by computer-security specialists."

 

So many sites, however, require the hodgepodge so maybe the password should be "correcthorsebatterystaple1@"?

So does that mean I need to stop using "password" and use maybe, "The quick brown fox jumped over the lazy dog?"

[Samfoslom]

Good tips above. I'll have to try something like TCGFH

 

Trump can go f**k himself.

[gallahadesquire]

Good tips above. I'll have to try something like TCGFH

 

Trump can go f**k himself.

 

The asterisk may not be allowed.

[Frequentflier]

Good tips above. I'll have to try something like TCGFH

 

Trump can go f**k himself.

 

I'll bet that's a very popular password.

[+ Charlie]

I use something only I would know: the name of one of the many pets I have owned during my lifetime, plus its birthdate or the date on which I acquired it. That is info that no one else could even guess..

[samhexum]

[+ MysticMenace]

I use something only I would know: the name of one of the many pets I have owned during my lifetime, plus its birthdate or the date on which I acquired it. That is info that no one else could even guess..

 

challenge accepted! lol, am kidding.

[+ nycman]

I use something only I would know: the name of one of the many pets I have owned during my lifetime, plus its birthdate or the date on which I acquired it. That is info that no one else could even guess..

Fluffy22375

[orville]

width=879pxhttps://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fi.redd.it%2Fplu77g2cnlm51.jpg&f=1&nofb=1[/img]

[Mjonis]

Thanks for the data table. Although I imagine that as GPU's/CPU's advance, the above will be cut down. Although I suppose by then we'll have to have 24 character passwords as well. LOL

[orville]

Thanks for the data table. Although I imagine that as GPU's/CPU's advance, the above will be cut down. Although I suppose by then we'll have to have 24 character passwords as well. LOL

It also helps to strengthen security and ban hackers when platforms implement 2-step verification via email or phone number.