datadiffusion Posted November 5, 2013 Posted November 5, 2013 Interesting reading following the Adobe hiccup. http://grahamcluley.com/2013/11/top-50-passwords-adobe-security-breach/ Although idiot passwords hardly surprising. No more than being asked is it ok to leave the panel code as '1234' or coming back at service time to find the code written on the keypad in indelible marker. Although not as stupid as the key on a chain for the Logic 4 I took out a few years ago. So, I've decided to take my work back underground.... to stop it falling into the wrong hands
sixwheeledbeast Posted November 6, 2013 Posted November 6, 2013 I used to have 12 or so very strong passwords I could remember. I have switched to using KeePassX and individual random strings for everything. Then if one site/login is compromised it doesn't effect other accounts The great thing with KeePassX is the file is encrypted so you can keep it with you and use it on any machine with KeePassX. It's cross platform and open source; Windows, Mac or Linux. Extra features in the Linux version too.
datadiffusion Posted November 6, 2013 Author Posted November 6, 2013 Yep I'm the same, my passwords are long, not dictionary, and have random no's and capitals plus non alpha... But far better to have an infinite no. of even more random ones. So, I've decided to take my work back underground.... to stop it falling into the wrong hands
arfur mo Posted November 6, 2013 Posted November 6, 2013 I read the article about Adobe passwords, several years ago i had one of my email account compromised , address book deleted and all in it got junk emails. Stiffened up what i thought was already a strong password, i now have an email address such as aaaaa@spoof.com as well as zzzzz@spoof.com. fictitious addresses that cause a fail delivery bounce message if a mailing bot gets to my address book, i know quicker if it happens again, usually all the addresses are in the address line, most know it is a spoof due to the first and last entry of the 'To' line. Some experts i have listen to suggest it is better to have three characters separated by a punctuation as example nHy-2f9@zb9&d81 to beat the bots, my view is if 5 attempts were made it should lock out and move to a secondary password to make it much harder for sequential bots If you think education is difficult, try being stupid!!!!
MrHappy Posted November 6, 2013 Posted November 6, 2013 its dead easy to make a secure(ish) password, the issue is having one for different sites... Think of phase eg- I hate Arfur Mo which you could then change to be I8@rfurmo, Use I8@rfurmoTSI for popular security forum or I8@rfurmoC5 for a cycle powered death trap forum. The issue would be the 1st site which does not allow the "@"... I might have good with KeePassX though, Mr Veritas God
datadiffusion Posted November 6, 2013 Author Posted November 6, 2013 Nah, couldn't login as you H...! So, I've decided to take my work back underground.... to stop it falling into the wrong hands
sixwheeledbeast Posted November 6, 2013 Posted November 6, 2013 Think of phase eg- I hate Arfur Mo which you could then change to be I8@rfurmo, Obfuscations like this tend to be less secure. This is due to the fact that certain special characters are likely to be associated with other characters. Good password cracking software knows this. However, it's much better than words and numbers, easily remembered and can be replicated over multiple sites. I might have good with KeePassX thoughDefinitely worth trying IMO, the great thing with the Linux version is Auto-Type. When logged in you can set a keyboard shortcut to type your password. It knows which site you are on and uses the correct one from the db. Another useful tip is to use whitespaces, single/double quotes or brackets surrounding your password. This way if the password is seen in plaintext people will be unlikely to notice the first and last characters. Finally one way to get passwords that are easily remembered are using previous vehicles number plates. Many people remember them, they are alphanumeric but also mean nothing to anybody else. These 7 digits can be used as a base to add special characters and/or the vehicles make/model within, in an order you could use over again.
arfur mo Posted November 6, 2013 Posted November 6, 2013 its dead easy to make a secure(ish) password, the issue is having one for different sites...Think of phase eg- I hate Arfur Mo ;)which you could then change to be I8@rfurmo,Use I8@rfurmoTSI for popular security forum or I8@rfurmoC5 for a cycle powered death trap forum.The issue would be the 1st site which does not allow the "@"...I might have good with KeePassX though,so now we all know your passwords but for others who do like me it could be 'ir8arfurmo' i know some people use a number as a seed, say birthday, they then multiply or divide by another seed to get the next numeric part of their pass code If you think education is difficult, try being stupid!!!!
Recommended Posts
Archived
This topic is now archived and is closed to further replies.