OT How strong need my password be?

Page 1 of 2  
OT How strong need my password be?
"We do not impose any restrictions with regard to passwords, but we ask our users to be responsible and to choose sufficiently strong passwords to properly protect their account. We recommend that passwords have at least 8 characters and be composed of letters and numbers. "
This is the most lenient of password standards and yet even it *recommends* 8 characters and letters and numbers.
What do you all think is needed for passwords when no money is involved and the security of my computer is not involved??
Why do I need more than a minimum password, like abcd, and only because their form requires one, for a newspaper web site, a computer q&a site, my electric bill (What will they do, pay it for me?), driver download sites, my ink cartridge site and all the other places I spend money as long as I use Paypal and my credit card number doesn't show**??
Even for my medical information, I don't see why it needs to be protected. I have no venereal or embarrassing diseases, I'm not dying, I can't be blackmailed with it.
Yet that all make it sound like an uncrackable password is needed.
Why isn't abcd good enough?
**I don't think it shows anywhere anymore, only the last 4 digits.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Thursday, April 14, 2016 at 4:26:24 PM UTC-5, Micky wrote:

I know you're baiting me...
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 4/14/2016 5:26 PM, Micky wrote:

If you got to see my personal information you'd probably be bored by it. The only concern is if someone can make changes or somehow be malicious.
One thing I don't understand is the need to change passwords. If you've not hacked my account in the past year, I may change it to something you'd guess on the first try. Now I use the same password for everything. It has 16 capital letters. the biggest city in every New England state, the numbers of every locker combination I had in high school and ends with a comma. Takes me 25 minutes to log on, but I feel secure.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 4/14/2016 2:54 PM, Ed Pawlowski wrote:

Google "medical identity theft".

An information leak LAST WEEK leaves you vulnerable THIS WEEK -- and NEXT, etc. -- until the information that was leaked is no longer accurate. Will all of the folks who hold accounts of yours promptly notify you of that leak? Will they even KNOW about it?
Changing passwords unilaterally is one thing YOU can do without requiring any response from each of those "account providers".
And, folks who don't change passwords tend also to use the same password for everything -- for the same reason: laziness/convenience.
There are systems that will automatically change your password for you (e.g., S/key). These (one time use) also have the benefit of alerting you when someone has guessed one of the passwords -- because it will have been *used* before you get a chance to use it legitimately!
A friend runs a data center for a large multinational bank. When he's visited, he carries a little device that continuously updates the "password of the MOMENT". So, he can access the bank's servers from wherever he happens to be -- yet the password that he used to gain access is automatically invalidated at the end of that one (?) minute window. I.e., you need to possess that little gizmo in order to know what the password will be WHEN YOU CHOOSE TO LOG IN.

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

I amend this. I think IF I used a credit card at a site, it wouldn't have to show for me or someone else to charge things and have them sent to a different address, so I add the few places that have my credit card number. (For the record, I've been a good boy and I use a password at all these places.)

Exactly. I'm bored just thinking about it.

The things I listed were places where nothing important can be changed.

Good question.

LOL
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 4/14/2016 5:54 PM, Ed Pawlowski wrote:

I tried that on your account. Worked like a charm. You got to cut back on those Harbor Freight ads, though.
--
.
Christopher A. Young
learn more about Jesus
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

For a very short time I had a facebook account. I hated it, so I tried to delete it. It would not let me delete it, but did let me suspend it, which means nothing is there. A few months later I got a notice from facebook via email, telling me to change my password. WHY? That's really stupid!
And if people dont thing Facebook checks our pages, when I made that page, I accidentally typed the wrong zipcode (1 digit was wrong). I was sent a message telling me I had (a number of days) to correct it, or it would be automatically changed. That alone made me uncomfortable with FB. Why does my zipcode matter anyhow?
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 4/14/2016 10:40 PM, snipped-for-privacy@unlisted.moo wrote:

My FB account pesters me endlessly for my mobile telephone number "for security purposes". I keep not giving that info out.
- . Christopher A. Young learn more about Jesus . www.lds.org . .
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Fri, 15 Apr 2016 08:32:44 -0400, Stormin Mormon

I don't remember it asking for my zipcode, but I'm usually willing to give that out. There are a lot of people here.
My friend has a real FB account and one with a phony name. I only have the latter. When FB counts the number enrolled, I wouldn't be surprised if 20% are phony.

Darn right.

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 4/14/2016 5:26 PM, Micky wrote:

Why make it easy for the bad guys?
Maybe use KeePass or similar to store your passwords?
KeePass prolly won't keep the CIA out but if the CIA is interested in you then you got bigger problems than password management.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Easy to do what? That's my point. Easy to see my past orders from Amazon, easy to ask questions on a computer forum, easy to find out my medical records. I don't care.

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Thursday, April 14, 2016 at 8:23:37 PM UTC-4, Micky wrote:

I agree with your logic regarding websites where if they get in they really can't do anything that's harmful or destructive to you. Example of that would be some free website, say for BMW enthusiasts. Amazon or similar that has your credit card on file, they could change the ship to address, the email address, the password, and then order a lot of stuff. You previously cited your electric bill as an example. If all you can do there is pay the bill, then I'd agree. But some now have the capability to also enter requests to terminate service. While a hacker can't profit from that, some teenage hacker might think it's a funny joke.
I start to get annoyed when websites impose ridiculous pwd rules, like insisting that you not only use letters and numbers, but also that it has to have upper and lower case. I find that very annoying, because I can remember a password with a couple digits added, but remembering which letters have to be caps for the few that require that is pushing it.
And how long the pwd is, isn't a very good metric of how secure it is. For example "password" is 8 characters, but obviously a really bad choice compared to "xugj". One bad practice is to use the same pwd for all websites. Using the same one for a financial institution as you use for that BMW enthusiast website, that could be hosted in someone's bedroom, isn't a good idea. You don't need a different one for each place, but using some logic, having a few, keeping them segregated is a good idea.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Fri, 15 Apr 2016 05:35:30 -0700 (PDT), trader_4

True. That's why I'm afraid to make enemies -- which is why I don't use my full name online.
It used to be that all you needed to do to cancel service for phone or electric or gas was call up and cancel it, but too many vindictive people and pranksters cancelled other people's service, so now you have to prove who you are to do most things.

Exactly, and when it's one of those sites where no one can hurt you anyhow, it is so ridiculous. I write everything down but then I try to hide it from hackers, so it's a pain to look for one and I prefer to remember them. But then they want me to change it, and I can rarely remember the replacement.

Definitely not.

I'm sorry I didn't realize that when I started. I took what they said seriously. I suppose it's not too late to start using the same password and userid for those sites where I can't be hurt, but my compulsive nature wants to keep using different ones because t h at's the way I've been doing it.

I let Firefox remember all the userids and passwords for the ones that don't involve money, so that helps, but when I switched computers, it wasn't possible to copy everything over. So I'm glad I'd written it in a file too.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 4/15/2016 11:17 AM, Micky wrote:

u I have one that I started with and use for many things, but another is more secure and longer. I use variations as some sites require a capital letter. Some require a symbol too and it is easily done. With variations of a theme I can usually guess on the second try.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

That's a good idea.
When it says I have to use a capital, I use only one and make it the first letter. I bet most people do it that way so it adds little to my security. I DON'T CARE
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 04/15/2016 10:17 AM, Micky wrote:
[snip]

There's Firefox sync, which copies your passwords to all your computers. You're unlikely to lose them then, but it's still a good idea to have then written down too.
--
Mark Lloyd
http://notstupid.us/
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 04/15/2016 07:35 AM, trader_4 wrote:
[snip]

for uppercase/lowercase, sometimes it's appropriate (like Phoenix Arizona), otherwise I'd want to use camel case (like in JavaScript) where the first letter of a word is capitalized. You shouldn't have to use capitals at random places in a word (like hElLO tHErE). Examples:
PhoenixArizonacity grayElephantEating GrayElephantEating HendersonCountyGMO
(they just happened to be the same length). If you need digits, put a familiar wherever makes most sense to you.
[snip]
--
Mark Lloyd
http://notstupid.us/
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
| OT How strong need my password be? |
I usually use 8 random characters for passwords and change them occasionally. I don't expect to remember them. I keep them written down in various places. It's mostly things like email and my web server, which I want some security for. I use very long passwords for our WiFi and router. If someone's trying to crack those they can afford to take their time. There's a password cracker for Windows called Ophcrack that says it can crack anything up to 14 characters. I don't know why 14. I've used it before and it's worked well, at least on XP.
Your computer has no real security. I just cracked a Win7 box recently. Hiren's boot disk. It doesn't need to crack passwords. It just overwrites them with a blank. So the password could have been 30 random characters. Takes a couple of minutes. (One of my brothers was donating a computer to another brother. He gave it to me to set it up. It was password-protected! I knew my other brother wouldn't be wanting a password, so I just had Hiren wipe whatever was there.)
Here's a fun fact that you might find handy: I saw a report awhile back saying that just using 4 random words is one of the best possible passwords. For instance:
brickpurplebottleskunk
Something like that is easier to remember, and it's possible to make it even easier to remember without providing a pattern that a computer can recognize. For instance, if you fish for trout in the Swazey river in the Summer you could have something like:
troutlineswazeywater
It would make some sense to you while being random to any cracking software.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 04/14/2016 07:36 PM, Mayayana wrote:
[snip]

I've heard about this one too. It sounds like a good idea. Still some sites insist on things like uppercase AND lowercase AND digits. Maybe you could use camel case and a number that means something to you, like:
7TroutLineSwazeyWater
if you caught 7 trout there.
--
Mark Lloyd
http://notstupid.us/
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 4/14/2016 2:26 PM, Micky wrote:

It only shows the last 4 digits on the website, there is no guarantee the rest of the digits are not stored on the site and maybe available to someone determined.
--
Froz....

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Related Threads

    HomeOwnersHub.com is a website for homeowners and building and maintenance pros. It is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.