User Panel
User Panel
User Panel
|
Posted: 1/4/2021 1:20:05 PM EDT
[#1]
yes
|
|
|
|
Posted: 1/4/2021 1:20:25 PM EDT
[#2]
|
|
|
|
Posted: 1/4/2021 1:21:06 PM EDT
[#3]
CPE 1704 TKS
|
|
|
|
Posted: 1/4/2021 1:21:24 PM EDT
[#4]
So 1234567 or abcdefg are both out?
|
|
|
|
Posted: 1/4/2021 1:22:22 PM EDT
[#5]
Don’t be a tit. Use a password manager. This is a far more extensible and useable solution than a list on an encrypted drive. Use Keepass and make it portable.
|
|
|
|
Posted: 1/4/2021 1:22:30 PM EDT
[#6]
Quote HistoryQuoted: So 1234567 or abcdefg are both out? and password?
|
|
|
|
Posted: 1/4/2021 1:23:00 PM EDT
[#7]
Problem is that many of websites I access with passwords all want something a little different...some combination of capital letters, lower case letters, numbers, special characters (but sometimes only certain ones), some minimum number of characters...and I can't use the same password everywhere.
But yes, I believe the word strings are supposed to be very secure. |
|
|
|
Posted: 1/4/2021 1:23:00 PM EDT
[#8]
They told us for a long time to do this: AgrWGF#$^%3452 and this was a "strong" password.
Turned out "ilikehorsechicks" is the stronger Passphrases are a thing. Shit, Microsoft is now saying set a passphrase, turn on 2FA and never change your password again. |
|
|
|
Posted: 1/4/2021 1:23:16 PM EDT
[#9]
Longer is better. All those extra characters are really only good on shorter passwords.
|
|
|
|
Posted: 1/4/2021 1:23:21 PM EDT
[#10]
 Is why |
|
|
|
Posted: 1/4/2021 1:23:21 PM EDT
[#11]
Quote HistoryQuoted: So 1234567 or abcdefg are both out? what about 1234567abcdefg? |
|
|
|
Posted: 1/4/2021 1:23:39 PM EDT
[#12]
Quote HistoryQuoted: Problem is that many of websites I access with passwords all want something a little different...some combination of capital letters, lower case letters, numbers, special characters (but sometimes only certain ones), some minimum number of characters...and I can't use the same password everywhere. But yes, I believe the word strings are supposed to be very secure. Good, its completely fucking stupid to do that. |
|
|
|
Posted: 1/4/2021 1:23:40 PM EDT
[#13]
all my passwords are at least 256 characters...for my online banking it's 512 characters.
This is all stored on an air gapped jump drive that is stored in an old microwave at all times. |
|
|
|
Posted: 1/4/2021 1:24:07 PM EDT
[#14]
Quote HistoryQuoted: So 1234567 or abcdefg are both out? |
|
|
|
Posted: 1/4/2021 1:24:08 PM EDT
[#15]
Most password rules with symbols, etc... are dumb.... nobody can remember them, so you write them down or use a password manager (what i do).
Obligatory xkd comic.... (edit - beat!) |
|
|
|
Posted: 1/4/2021 1:24:22 PM EDT
[#16]
|
|
|
|
Posted: 1/4/2021 1:24:44 PM EDT
[#17]
Rainbow tables are a thing with no salt.
|
|
|
|
Posted: 1/4/2021 1:24:49 PM EDT
[#18]
Damn - beaten twice!
|
|
|
|
Posted: 1/4/2021 1:25:22 PM EDT
[#19]
I am not big brained but one of our IT guys said that a lot of new systems allow a space so a written sentence is a strong password.
|
|
|
|
Posted: 1/4/2021 1:26:10 PM EDT
[#20]
Short answer is mostly. Raw math wise yes, but it also has to do with how common a phrase is and if it's been broken already something like ireallydislikeclinton isn't near as strong in reality as something the same length but random with a number or special character thrown in.
If you're already using a fake manager just generate a GUID, delete 5 characters, add 4 special characters at random and call it good. |
|
|
|
Posted: 1/4/2021 1:26:18 PM EDT
[#21]
Has anybody posted the XKCD comic on this yet?
|
|
|
|
Posted: 1/4/2021 1:26:38 PM EDT
[#22]
All my passwords are correcthorsebatterystaple now.
I see that I was not the first one to remember XKCD...
|
|
|
|
Posted: 1/4/2021 1:26:44 PM EDT
[#23]
Yes. If you want to make it orders of magnitude harder, misspell one of those words.
|
|
|
|
Posted: 1/4/2021 1:26:48 PM EDT
[#24]
FuckyoudicksuckingObama44 was my password for a long time
|
|
|
|
Posted: 1/4/2021 1:28:34 PM EDT
[#25]
Quote HistoryQuoted: and password? Quote HistoryQuoted: Quoted: So 1234567 or abcdefg are both out? and password? Using Password as your password must be very good because so many people use it.
|
|
|
|
Posted: 1/4/2021 1:30:02 PM EDT
[#26]
Quoted: So it's time for password changes... I do not want to use a password manager.... I prefer to keep an updated list on an encrypted drive. That said, in doing some research it seems like instead of a combination of letters and characters—which are usually much harder to remember—if one were to use a long string of words that actually makes sense (and would be easier to remember) the password is much harder to crack based simply on the total number of characters involved. For example, on Kaspersky's password strength checker HERE I get the following results... %#Arfcom35 shows as broken by brute force attacks using the average home computer in two months. Whereas... iwillnotletthepenguinbanme would require 10,000 centuries from the average home computer. For those of you that have much more knowledge on password strength than I do (everybody)... Is my line of thinking correct? Sort of, but the strength of the second password depends on the sophistication of dictionary attacks. It's better to use unrelated words than natural language word sequences. |
|
|
|
Posted: 1/4/2021 1:30:07 PM EDT
[#27]
Substitute a few letters with numbers like 1 instead of i and add some upper case and substitute a $ for an s and you'll be more secure.
Basically length wins, but taking it from 26 characters per slot as optional to 72 also increases the strength. |
|
|
|
Posted: 1/4/2021 1:31:26 PM EDT
[#28]
I work in IT, and I always recommend passphrases or short sentences instead of the old My$ecretP@55word stuff.
I'd piss on a spark plug! It's 25 characters long, you have uppercase, lowercase, and special characters. And it's dead simple to remember. |
|
|
|
Posted: 1/4/2021 1:34:10 PM EDT
[#29]
Quote HistoryQuoted: So 1234567 or abcdefg are both out? They have been superceded by QWERTY and Pa$$w0rd. |
|
|
|
Posted: 1/4/2021 1:35:01 PM EDT
[#30]
CRM 114 OPE
|
|
|
|
Posted: 1/4/2021 1:35:37 PM EDT
[#31]
The best password is one that is long and you don't reuse. Not reusing is really the key.
Yes, someone can dictionary attack your phrase... but virtually no one is doing that. Almost all "hacks" are because you made your password maga2020 or because you sent someone a password in an email or because you reused a password one a site that has clown shoes security and was breached. |
|
|
|
Posted: 1/4/2021 1:35:54 PM EDT
[#32]
Quote HistoryQuoted: Good, its completely fucking stupid to do that. Meh, I try to change them every couple of months. And it doesn't negate the fact that you still have to remember multiple passwords that you're supposed to be changing frequently anyway. |
|
|
|
Posted: 1/4/2021 1:37:15 PM EDT
[#33]
Quote HistoryQuoted: I work in IT, and I always recommend passphrases or short sentences instead of the old My$ecretP@55word stuff. I'd piss on a spark plug! It's 25 characters long, you have uppercase, lowercase, and special characters. And it's dead simple to remember. I like this since it addressees most of my complaint above. Change "a" to "1" and it seems to cover all the bases. |
|
|
|
Posted: 1/4/2021 1:38:05 PM EDT
[#34]
Quote HistoryQuoted: Meh, I try to change them every couple of months. And it doesn't negate the fact that you still have to remember multiple passwords that you're supposed to be changing frequently anyway. Quote HistoryQuoted: Quoted: Good, its completely fucking stupid to do that. Meh, I try to change them every couple of months. And it doesn't negate the fact that you still have to remember multiple passwords that you're supposed to be changing frequently anyway. Use a password manager. Remember one strong password. Have it create and store passwords for you for each individual website. |
|
|
|
Posted: 1/4/2021 1:39:59 PM EDT
[#35]
lol, I knew at least 3 people would post "correct horse battery staple".
OP, the only thing that really matters is length. 14 characters or longer and you'll be fine. Thieves tend to be an impatient lot, they'll take the stuff they can get quickly and leave the stuff it would take weeks or months to get. Idiots requiring special characters or a mix of characters, letters and numbers are what makes this annoying. Well, at least until quantum computing is a thing, then no one's password will be safe. |
|
|
|
Posted: 1/4/2021 1:41:44 PM EDT
[#36]
I work in IT, too. And I think this whole discussion is a waste of LOTS of peoples time caused by laziness and incompetence in IT departments. Logging and Multi Factor Authentication are the answer to this. You should be able to use whatever stupid/short/simple password you want to use because the thing you authenticating to requires multiple types of authentication that are convenient for the user. And failed login attempts are logged and responded to quickly and effectively.
The people that spend their days implementing technology are the ones that should be required to implement effective security measures because they have and use the skills to do so -- presumably. |
|
|
|
Posted: 1/4/2021 1:43:22 PM EDT
[#37]
NSA doesn't use the "Average Home Computer".
|
|
|
|
Posted: 1/4/2021 1:44:28 PM EDT
[#38]
Quote HistoryQuoted: and password? Quote HistoryQuoted: Quoted: So 1234567 or abcdefg are both out? and password? Don't be a noob! P@$$W0&d8910 |
|
|
|
Posted: 1/4/2021 1:44:43 PM EDT
[#39]
If every damn thing locks your account after 3 tries what exactly does it matter?
|
|
|
|
Posted: 1/4/2021 1:46:17 PM EDT
[#40]
It's NOT the strength of Your password but the security of the site that you use it on that is the Real problem.
|
|
|
|
Posted: 1/4/2021 1:47:34 PM EDT
[#41]
Quote HistoryQuoted: Most password rules with symbols, etc... are dumb.... nobody can remember them, so you write them down or use a password manager (what i do). Obligatory xkd comic.... (edit - beat!) https://imgs.xkcd.com/comics/password_strength.png In a world where most people have shorter, randomized passwords this definitely holds true. If you know that the person uses a system like this then you can discount the non-letter characters from a crack and just use a dictionary attack which reduces the problem space. I would suggest that the best answer is "get both" and have several words with non-letters involved as well. Although your best bet at this point (IMHO) is long strings of random characters through a password manager and the use of two-factor authentication whenever possible. |
|
|
|
Posted: 1/4/2021 1:47:52 PM EDT
[#42]
I use whatever combination is on my luggage.
|
|
|
|
Posted: 1/4/2021 1:48:26 PM EDT
[#43]
Quote HistoryQuoted: Yes. If you want to make it orders of magnitude harder, misspell one of those words. This is GD, that happins without saying 
|
|
|
|
Posted: 1/4/2021 1:48:29 PM EDT
[#44]
Quote HistoryQuoted: It's NOT the strength of Your password but the security of the site that you use it on that is the Real problem. And if you are recycling passwords then that broken one can get used on your other systems. |
|
|
|
Posted: 1/4/2021 1:48:40 PM EDT
[#45]
I use ascii characters , metric and mirrored...........
|
|
|
|
Posted: 1/4/2021 1:50:23 PM EDT
[#46]
Quote HistoryQuoted: all my passwords are at least 256 characters...for my online banking it's 512 characters. This is all stored on an air gapped jump drive that is stored in an old microwave at all times. on a volcanic island that can only be accessed by helicopter? In general, longer passwords are harder to crack than shorter ones, even if the shorter ones are more complex or have more non-alphanumeric characters. I did run into a weird issue a while back. I generated a password for my credit union account and used 16 characters. The CU site accepted the password and all was good. Then I found that when I attempted to log in using the password, it would fail. Then on the retry login screen, it would work. I could literally copypasta the password and it would fail the first time then work on the retry. It baffled me, so I dug around. It turns out that the site would only allow 12 characters, and wasn't set up to warn or reject a password that was longer. So it accepted the first 12 characters of my password. The login screen would attempt to parse the whole thing and would fail, but the retry screen, for some reason, would only take the first 12 characters, even if I pasted the whole 16 character string into the field. After some digging around on their site, I found the documentation mentioning that the password could be up to 12 characters. To test, I copied only the first 12 characters of my password and it worked... so I just updated it in my password keeper. |
|
|
|
Posted: 1/4/2021 1:53:28 PM EDT
[#47]
And on the 8th day, the Lord declareth:
Thou shalt use Reset Password in order to access anything of importance. And though you might keep a log of passwords, yea, I shall maketh them to expire. And so shall thee rely on prayers and offerings to thine primary email address. Amen. -2 Internettians 5:7 |
|
|
|
Posted: 1/4/2021 1:54:06 PM EDT
[#48]
Quote HistoryQuoted: on a volcanic island that can only be accessed by helicopter? In general, longer passwords are harder to crack than shorter ones, even if the shorter ones are more complex or have more non-alphanumeric characters. I did run into a weird issue a while back. I generated a password for my credit union account and used 16 characters. The CU site accepted the password and all was good. Then I found that when I attempted to log in using the password, it would fail. Then on the retry login screen, it would work. I could literally copypasta the password and it would fail the first time then work on the retry. It baffled me, so I dug around. It turns out that the site would only allow 12 characters, and wasn't set up to warn or reject a password that was longer. So it accepted the first 12 characters of my password. The login screen would attempt to parse the whole thing and would fail, but the retry screen, for some reason, would only take the first 12 characters, even if I pasted the whole 16 character string into the field. After some digging around on their site, I found the documentation mentioning that the password could be up to 12 characters. To test, I copied only the first 12 characters of my password and it worked... so I just updated it in my password keeper. Quote HistoryQuoted: Quoted: all my passwords are at least 256 characters...for my online banking it's 512 characters. This is all stored on an air gapped jump drive that is stored in an old microwave at all times. on a volcanic island that can only be accessed by helicopter? In general, longer passwords are harder to crack than shorter ones, even if the shorter ones are more complex or have more non-alphanumeric characters. I did run into a weird issue a while back. I generated a password for my credit union account and used 16 characters. The CU site accepted the password and all was good. Then I found that when I attempted to log in using the password, it would fail. Then on the retry login screen, it would work. I could literally copypasta the password and it would fail the first time then work on the retry. It baffled me, so I dug around. It turns out that the site would only allow 12 characters, and wasn't set up to warn or reject a password that was longer. So it accepted the first 12 characters of my password. The login screen would attempt to parse the whole thing and would fail, but the retry screen, for some reason, would only take the first 12 characters, even if I pasted the whole 16 character string into the field. After some digging around on their site, I found the documentation mentioning that the password could be up to 12 characters. To test, I copied only the first 12 characters of my password and it worked... so I just updated it in my password keeper. I can't understand why a site, especially a bank would use such a terrible data validation or hash. |
|
|
|
Posted: 1/4/2021 1:55:27 PM EDT
[#49]
A lot of password fields are limited to something like 8 characters.
|
|
|
|
Posted: 1/4/2021 1:56:35 PM EDT
[#50]
Quote HistoryQuoted: I work in IT, too. And I think this whole discussion is a waste of LOTS of peoples time caused by laziness and incompetence in IT departments. Logging and Multi Factor Authentication are the answer to this. You should be able to use whatever stupid/short/simple password you want to use because the thing you authenticating to requires multiple types of authentication that are convenient for the user. And failed login attempts are logged and responded to quickly and effectively. The people that spend their days implementing technology are the ones that should be required to implement effective security measures because they have and use the skills to do so -- presumably. 2nd vote for MFA to solve the issue |
|
|
Win a FREE Membership!
Sign up for the ARFCOM weekly newsletter and be entered to win a free ARFCOM membership. One new winner* is announced every week!
You will receive an email every Friday morning featuring the latest chatter from the hottest topics, breaking news surrounding legislation, as well as exclusive deals only available to ARFCOM email subscribers.
AR15.COM is the world's largest firearm community and is a gathering place for firearm enthusiasts of all types.
From hunters and military members, to competition shooters and general firearm enthusiasts, we welcome anyone who values and respects the way of the firearm.
Subscribe to our monthly Newsletter to receive firearm news, product discounts from your favorite Industry Partners, and more.
Copyright © 1996-2024 AR15.COM LLC. All Rights Reserved.
Any use of this content without express written consent is prohibited.
AR15.Com reserves the right to overwrite or replace any affiliate, commercial, or monetizable links, posted by users, with our own.
