OT How strong need my password be?
"We do not impose any restrictions with regard to passwords, but we
ask our users to be responsible and to choose sufficiently strong
passwords to properly protect their account.
We recommend that passwords have at least 8 characters and be composed
of letters and numbers. "
This is the most lenient of password standards and yet even it
*recommends* 8 characters and letters and numbers.
What do you all think is needed for passwords when no money is
involved and the security of my computer is not involved??
Why do I need more than a minimum password, like abcd, and only
because their form requires one, for a newspaper web site, a computer
q&a site, my electric bill (What will they do, pay it for me?), driver
download sites, my ink cartridge site and all the other places I spend
money as long as I use Paypal and my credit card number doesn't
Even for my medical information, I don't see why it needs to be
protected. I have no venereal or embarrassing diseases, I'm not
dying, I can't be blackmailed with it.
Yet that all make it sound like an uncrackable password is needed.
Why isn't abcd good enough?
**I don't think it shows anywhere anymore, only the last 4 digits.
If you got to see my personal information you'd probably be bored by it.
The only concern is if someone can make changes or somehow be malicious.
One thing I don't understand is the need to change passwords. If you've
not hacked my account in the past year, I may change it to something
you'd guess on the first try.
Now I use the same password for everything. It has 16 capital letters.
the biggest city in every New England state, the numbers of every locker
combination I had in high school and ends with a comma. Takes me 25
minutes to log on, but I feel secure.
An information leak LAST WEEK leaves you vulnerable THIS WEEK -- and NEXT,
etc. -- until the information that was leaked is no longer accurate. Will
all of the folks who hold accounts of yours promptly notify you of that
leak? Will they even KNOW about it?
Changing passwords unilaterally is one thing YOU can do without
requiring any response from each of those "account providers".
And, folks who don't change passwords tend also to use the same
password for everything -- for the same reason: laziness/convenience.
There are systems that will automatically change your password for you
(e.g., S/key). These (one time use) also have the benefit of alerting
you when someone has guessed one of the passwords -- because it will
have been *used* before you get a chance to use it legitimately!
A friend runs a data center for a large multinational bank. When he's
visited, he carries a little device that continuously updates the
"password of the MOMENT". So, he can access the bank's servers from
wherever he happens to be -- yet the password that he used to gain
access is automatically invalidated at the end of that one (?) minute
window. I.e., you need to possess that little gizmo in order to know
what the password will be WHEN YOU CHOOSE TO LOG IN.
I amend this. I think IF I used a credit card at a site, it wouldn't
have to show for me or someone else to charge things and have them
sent to a different address, so I add the few places that have my
credit card number. (For the record, I've been a good boy and I
use a password at all these places.)
Exactly. I'm bored just thinking about it.
The things I listed were places where nothing important can be
For a very short time I had a facebook account. I hated it, so I tried
to delete it. It would not let me delete it, but did let me suspend it,
which means nothing is there. A few months later I got a notice from
facebook via email, telling me to change my password. WHY?
That's really stupid!
And if people dont thing Facebook checks our pages, when I made that
page, I accidentally typed the wrong zipcode (1 digit was wrong). I was
sent a message telling me I had (a number of days) to correct it, or it
would be automatically changed. That alone made me uncomfortable with
FB. Why does my zipcode matter anyhow?
On Fri, 15 Apr 2016 08:32:44 -0400, Stormin Mormon
I don't remember it asking for my zipcode, but I'm usually willing to
give that out. There are a lot of people here.
My friend has a real FB account and one with a phony name. I only have
the latter. When FB counts the number enrolled, I wouldn't be
surprised if 20% are phony.
Why make it easy for the bad guys?
Maybe use KeePass or similar to store your passwords?
KeePass prolly won't keep the CIA out but if the CIA is interested
in you then you got bigger problems than password management.
On Thursday, April 14, 2016 at 8:23:37 PM UTC-4, Micky wrote:
I agree with your logic regarding websites where if they get in
they really can't do anything that's harmful or destructive to you.
Example of that would be some free website, say for BMW enthusiasts.
Amazon or similar that has your credit card on file, they could change
the ship to address, the email address, the password, and then order
a lot of stuff. You previously cited your electric bill as an example.
If all you can do there is pay the bill, then I'd agree. But some now
have the capability to also enter requests to terminate service. While
a hacker can't profit from that, some teenage hacker might think it's
a funny joke.
I start to get annoyed when websites impose ridiculous pwd rules, like
insisting that you not only use letters and numbers, but also that it
has to have upper and lower case. I find that very annoying, because
I can remember a password with a couple digits added, but remembering
which letters have to be caps for the few that require that is pushing
And how long the pwd is, isn't a very good metric of how secure it is.
For example "password" is 8 characters, but obviously a really bad
choice compared to "xugj". One bad practice is to use the same pwd for
all websites. Using the same one for a financial institution as you
use for that BMW enthusiast website, that could be hosted in someone's
bedroom, isn't a good idea. You don't need a different one for each
place, but using some logic, having a few, keeping them segregated is
a good idea.
On Fri, 15 Apr 2016 05:35:30 -0700 (PDT), trader_4
True. That's why I'm afraid to make enemies -- which is why I don't
use my full name online.
It used to be that all you needed to do to cancel service for phone or
electric or gas was call up and cancel it, but too many vindictive
people and pranksters cancelled other people's service, so now you
have to prove who you are to do most things.
Exactly, and when it's one of those sites where no one can hurt you
anyhow, it is so ridiculous. I write everything down but then I try
to hide it from hackers, so it's a pain to look for one and I prefer
to remember them. But then they want me to change it, and I can
rarely remember the replacement.
I'm sorry I didn't realize that when I started. I took what they said
seriously. I suppose it's not too late to start using the same
password and userid for those sites where I can't be hurt, but my
compulsive nature wants to keep using different ones because t h at's
the way I've been doing it.
I let Firefox remember all the userids and passwords for the ones that
don't involve money, so that helps, but when I switched computers, it
wasn't possible to copy everything over. So I'm glad I'd written it
in a file too.
I have one that I started with and use for many things, but another is
more secure and longer. I use variations as some sites require a
capital letter. Some require a symbol too and it is easily done. With
variations of a theme I can usually guess on the second try.
for uppercase/lowercase, sometimes it's appropriate (like Phoenix
where the first letter of a word is capitalized. You shouldn't have to
use capitals at random places in a word (like hElLO tHErE). Examples:
(they just happened to be the same length). If you need digits, put a
familiar wherever makes most sense to you.
| OT How strong need my password be?
I usually use 8 random characters for passwords
and change them occasionally. I don't expect
to remember them. I keep them written down in
various places. It's mostly things like email
and my web server, which I want some security
I use very long passwords for our WiFi and
router. If someone's trying to crack those they can
afford to take their time.
There's a password cracker for Windows called
Ophcrack that says it can crack anything up to
14 characters. I don't know why 14. I've used it
before and it's worked well, at least on XP.
Your computer has no real security. I just
cracked a Win7 box recently. Hiren's boot disk.
It doesn't need to crack passwords. It just
overwrites them with a blank. So the password
could have been 30 random characters. Takes
a couple of minutes. (One of my brothers was
donating a computer to another brother. He gave
it to me to set it up. It was password-protected!
I knew my other brother wouldn't be wanting a
password, so I just had Hiren wipe whatever was
Here's a fun fact that you might find handy:
I saw a report awhile back saying that just using
4 random words is one of the best possible
passwords. For instance:
Something like that is easier to remember, and
it's possible to make it even easier to remember
without providing a pattern that a computer can
recognize. For instance, if you fish for trout in
the Swazey river in the Summer you could have
It would make some sense to you while being
random to any cracking software.
I've heard about this one too. It sounds like a good idea. Still some
sites insist on things like uppercase AND lowercase AND digits. Maybe
you could use camel case and a number that means something to you, like:
if you caught 7 trout there.
HomeOwnersHub.com is a website for homeowners and building and maintenance pros. It is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.