OT: Passwords

...

Thanks to Leon I now use Roboform to generate a password for every site and account ... for some reason I have in excessive of 104 passworded accounts ... damn thing breed like rabbets. ;)

Easy to change the key ones every month or so and only have to remember one ... also good protection against keyloggers.

Robatoy wrote the following:

Even from the user. Hoe do you remember all the passwords for various sites that you may have tio sign into. Get a sheet of paper tacked on the wall with all the usernames and passwords, like I do?

=3D=3D=3D=3D=3D=3D=3D=3D

There are several things that never have, nor will ever be entered into my keyboard. SIN being one of them. I also don't have the right address entered as 'Home' into any of our GPS's. I mean... how stupid is that? A key-fob with the car's make and ability to open its doors, then directions to your house from your GPS and keys to get into the house. When you lose your keys, you might as well give the perp a ride over and help him carry your shiat out to your car and wave goodbye to him. There also isn't a listing for 'Home' on my phone. The pub owner knows where I live... who else needs to know? I'm one of his bigger shareholders, he'll take good care of me.

===============================

Most of us routinely use passwords so simple, a monkey could figure them out. In fact, ?monkey? is one of our favourites.

Amichai Shulman is the chief technology officer at Imperva, which makes software for thwarting hackers. Recently, he undertook a study of 32 million passwords stolen by an unknown hacker from Rockyou!, an online service that makes widgets for social networking sites like Facebook.

The list is depressing testimony to our collective lack of creativity in the arena of personal security.

?I guess it?s just a flaw in human genetics,? Shulman told the New York Times.

Bottom line, if your password is your first name and your secret first name isn?t NEhBuT3W4l.6, better think about making a switch.

Here they are, listed 1 through 32, in order of popularity:

1. 123456

That reminds me, I have to go change the combination lock on my luggage.

jc

Every year at the SuperComputing conference (SC09 was in Portland in November), the NOC team places several displays throughout the show floor showing bandwidth and other usage statistics (particularly for the Internet2 feeds). One of the displays shows the top 200 passwords sniffed from non-secure protocols (pop3, imap, ftp, telnet); at SC09, the majority of the passwords are reasonably complex, but defeated by using a non-secure transmission protocol.

scott

Follow my GPS home and you'll find yourself inside the compound at our local police station!

Jc

Being a retired fire chief, I used the nearest fire station.

Max

I have a file on my computer that lists various passwords, in a form that's intelligible to me -- things like "my street address as a child: ####dSCs" so for example if I had grown up at 3141 North Main Street, Boise Idaho, the password would be 3141nMBi (dsCS = direction, Street, City, state). That sort of stuff is trivially easy to remember, but nearly impossible to deduce.

Once worked with a sysadmin who set the root password on his system to MHPNSW3 ("My Home Phone Number Starts With 3"). Again, trivially easy to remember, nearly impossible to deduce.

Some ISPs allow special characters. They can make an otherwise simple password a lot more complex.

How about W1LL R0ger5, or J0nn1e M00re, or D@v1d , or some other combination that "spells" the name.

Another good one is using the first letters of the words of a phrase, song first line, or poem, again using 1 for i, 0 for o, etc when possible. tebgtw (the early bird gets the worm), or h0tr (home on the range) or wg2s02ls (we get too soon old too late smart)

Easy enough for YOU to remember, but awfull hard to crack.

snipped-for-privacy@snyder.on.ca wrote in news:208il59musrj5tqe57bim3unth16ghd4qt@

Someone suggested a simple algorithm: Pick a letter and a direction. Go for a short distance then change directions. So if you pick S right, you get passwords like sdfgr45, 4RFde3 etc

Random enough to satisfy most programs, but simple to remember (unless you switch keyboard layouts lol).

Puckdropper

"Robatoy" wrote

A password like mine: HHffrT56 is much harder to figure out and will remain a secret forever.

And what's your bank account number please?

Jeff, only joking!

I recall one place I was signing up for something where they would only allow alpha characters for your password. I was mightily annoyed.

How many 'sites' (or whatever) are so critical that you need an NSA-style password?

The dozen or so that _are_ critical can be remembered, yes? I back 'em up on a text file in the thumb drive in my pocket.

The only way you get it is to kill me ...and then I don't care any more, eh?

The deal is if you require passwords that are to easy they can be hacked easily. If you require complex passwords the easiest way to get into a system is to look for the sticky note with the passwords on it. To prove that point at a investment company I was consulting at, the head of network security went around after hours and took all of the sticky notes of of the monitors. Most people could not login to the systems the next morning until they saw him.

What I learned is to use a sentence or a saying and create the password from it.

I live at 51 Main Street Boston MA -> Il@51MSBMA

or Debbie and Sue and Donna are my daughters names -> D&S&Damdn

Larry C

Then there was the guy I used to work with who used "thetreeofevilbearsbitterfruit".

On Fri, 22 Jan 2010 08:51:17 -0000, the infamous "Jeff Gorman" scrawled the following:

You're such a nice lad, Jeff, I'm only too glad to oblige:

Social Security number Bank account number Bank pin number Bank name and address

32/1127-1234567890

First Bank of Nigeria

Thank you! Please send my $27,000,000 today!

Then there was the password: MickeyMinniePlutoHueyLouieDeweyDonaldGoofySacramento

Credit where credit is due, the blonde using it _was_ simply following the rules "a password must have 8 characters and 1 capital."