Page 1 of 2 12 LastLast
Results 1 to 15 of 23
  1. #1
    Gold Lounger Roderunner's Avatar
    Join Date
    Dec 2009
    Location
    Scotland.
    Posts
    3,462
    Thanks
    16
    Thanked 216 Times in 183 Posts

    Thumbs up Test your password

    O wad some Power the giftie gie us, to see oursels as ithers see us!

  2. The Following User Says Thank You to Roderunner For This Useful Post:

    Dick-Y (2011-06-11)

  3. #2
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,191
    Thanks
    48
    Thanked 985 Times in 915 Posts
    Even "password" takes nearly 7 years to crack, but because it's a dictionary word it will happen much faster - seconds probably. A very simple change will make it much less likely to be broken but still easy to remember. Add an upper case character somewhere and add the position of the upper case character to the end, e.g. "passWord5". Now you can add a character to the end, based on the number and the Shift key, e.g. "passWord5%", and you end up with an easy to remember password that would take centuries to crack.

    Importantly, do not use the same password on more than one site. Once someone steals your password they can access any site you use, and at the rate web sites are being hacked that is a real possibility. Create an easy to remember but difficult to crack password and use it as the password for your password manager. The password manager does the rest.

    cheers, Paul
    Last edited by Paul T; 2011-06-12 at 00:39.

  4. #3
    Gold Lounger Roderunner's Avatar
    Join Date
    Dec 2009
    Location
    Scotland.
    Posts
    3,462
    Thanks
    16
    Thanked 216 Times in 183 Posts
    Thanks Paul, I have all different passwords & a master to keep them all safe (ME)
    O wad some Power the giftie gie us, to see oursels as ithers see us!

  5. #4
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    Milwaukee, WI
    Posts
    737
    Thanks
    23
    Thanked 64 Times in 52 Posts
    Quote Originally Posted by Paul T View Post
    Now you can add a character to the end, based on the number and the Shift key, e.g. "passWord5%", and you end up with an easy to remember password that would take centuries to crack.

    cheers, Paul
    Unfortunatly that may no longer be true. There are both legitamate and black hat software out there that takes advantage of the power of Amazon's "cloud". This method is in its infancy. I'm sure in the next few years what we all thought was so clever and secure will be no better what we thought was very secure 10 years ago. The price of progress I guess.

    http://www.w7forums.com/researcher-u...rds-t9595.html

    http://www.securityweek.com/commerci...sswords-faster
    Chuck

  6. #5
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,585
    Thanks
    5
    Thanked 1,059 Times in 928 Posts
    Quote Originally Posted by Doc Brown View Post
    Unfortunatly that may no longer be true. There are both legitamate and black hat software out there that takes advantage of the power of Amazon's "cloud". This method is in its infancy. I'm sure in the next few years what we all thought was so clever and secure will be no better what we thought was very secure 10 years ago. The price of progress I guess.

    http://www.w7forums.com/researcher-u...rds-t9595.html

    http://www.securityweek.com/commerci...sswords-faster
    Probably why biometrics is being introduced more & more.

    Joe

  7. #6
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,191
    Thanks
    48
    Thanked 985 Times in 915 Posts
    "Assuming one hundred billion guesses per second, 19.24 years"
    That's still a long time for a short password. Your master password should always be as long as you can get away with.

    You also need to factor in the system you are trying to crack. Assuming it is an encrypted file and the cracker has a copy, if the designer has done it properly it will still take at least 1 second per attempt. That increases the time to crack by at least an order of magnitude, even in the cloud. Much easier to steal your bank password directly from the browser via a trojan.

    cheers, Paul

  8. #7
    Gold Lounger Roderunner's Avatar
    Join Date
    Dec 2009
    Location
    Scotland.
    Posts
    3,462
    Thanks
    16
    Thanked 216 Times in 183 Posts
    If I used the same password in 'WSL' & another forum for logging in only, with the same email address in both, which has a good, long, different password, how vurnerable would I be.????
    O wad some Power the giftie gie us, to see oursels as ithers see us!

  9. #8
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts
    Quote Originally Posted by Roderunner View Post
    If I used the same password in 'WSL' & another forum for logging in only, with the same email address in both, which has a good, long, different password, how vurnerable would I be.????
    If someone were to find a forum where he could log in as you, he could (1) exercise your powers on the forum (most important for administrators and moderators), (2) impersonate you in social engineering attacks in that community (e.g., requesting information or action via posts or private messages that would only be undertaken based on trust), and (3) take actions in your name that could affect your reputation in the community or potentially create legal liability.

    Writing that makes me want to upgrade some of my passwords.

  10. #9
    Gold Lounger Roderunner's Avatar
    Join Date
    Dec 2009
    Location
    Scotland.
    Posts
    3,462
    Thanks
    16
    Thanked 216 Times in 183 Posts
    Quote Originally Posted by jscher2000 View Post
    If someone were to find a forum where he could log in as you, he could (1) exercise your powers on the forum (most important for administrators and moderators), (2) impersonate you in social engineering attacks in that community (e.g., requesting information or action via posts or private messages that would only be undertaken based on trust), and (3) take actions in your name that could affect your reputation in the community or potentially create legal liability.

    Writing that makes me want to upgrade some of my passwords.
    My thought entirely. I have just upgraded mine which are so complicated I've to copy/paste to re log in.
    O wad some Power the giftie gie us, to see oursels as ithers see us!

  11. #10
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,191
    Thanks
    48
    Thanked 985 Times in 915 Posts
    Too many web sites restrict you to 12 character passwords with only alphanumerics - very poor.

    cheers, Paul

  12. #11
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    9,436
    Thanks
    372
    Thanked 1,457 Times in 1,326 Posts
    And how good will you security be when This Happens?
    May the Forces of good computing be with you!

    RG

    PowerShell & VBA Rule!

    My Systems: Desktop Specs
    Laptop Specs

  13. #12
    5 Star Lounger RussB's Avatar
    Join Date
    Dec 2009
    Location
    Grand Rapids, Michigan
    Posts
    803
    Thanks
    10
    Thanked 50 Times in 49 Posts
    Quote Originally Posted by Roderunner View Post
    Not saying this is, but what a great way to phish for passwords.
    Do you "Believe"? Do you vote? Please Read:
    LEARN something today so you can TEACH something tomorrow.
    DETAIL in your question promotes DETAIL in my answer.
    Dominus Vobiscum <))>(

  14. #13
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,191
    Thanks
    48
    Thanked 985 Times in 915 Posts
    Cynic!

    cheers, Paul

  15. #14

  16. #15
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,482
    Thanks
    176
    Thanked 152 Times in 129 Posts
    Quote Originally Posted by Paul T View Post
    Too many web sites restrict you to 12 character passwords with only alphanumerics - very poor.

    cheers, Paul
    As Roger Grimes of Infoworld advises us, security researchers have found that it is the length of a password, not its complexity, which makes it more secure. The 12-character limit bothers me more than any restrictions on using higher-order characters. Alphanumerics are fine. But the length should be 16 to 32 characters, as in a passphrase. One you can remember, but which is gibberish to most folks. All in simple letters and numbers.
    -- Bob Primak --

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •