Ugly Hedgehog - Photography Forum
Home Active Topics Newest Pictures Search Login Register
General Chit-Chat (non-photography talk)
Passwords - Three Random Words
Page 1 of 2 next>
Oct 7, 2021 13:37:22   #
jerryc41 Loc: Catskill Mts of NY
 
When "Ask Leo" began this topic, I didn't expect three random words to make up a secure password, but I was wrong. For one thing, one word can have a lot of letters. "Constitution@hippopotamus#chrysantheum" You can capitalize random letters and put various characters between the words. You can also misspell words or spell them backwards. This could result in many trillions of combinations and be virtually impossible to break. Leo uses a password vault and twenty random characters for each password. Using fewer characters makes it easier for someone to hack your password.

Askleo.com/137138

Reply
Oct 7, 2021 13:53:02   #
johngault007 Loc: Florida Panhandle
 
I have been using three word passphrases for close to 10 years now. As long as there is a special character separating the words (and a space is considered a special character) then the password is adequately strong enough to prevent almost all password cracking attempts. The theory behind it is very sound, because entropy doesn't lie, and in most cases, length of a password/passphrase contribute to higher entropy than a shorter randomized password.


Most people think that cracking passwords is done one character or word at a time, like in the movies. In reality the tools available to crack passwords run on trying combinations of characters (or rainbow tables/word lists) one at a time until a full match for the entire password/phrase is successfully guessed.


NIST is even providing guidance on more secure methods using easy-to-remember passphrases:
https://www.nist.gov/blogs/taking-measure/easy-ways-build-better-p5w0rd

Reply
Oct 7, 2021 13:56:49   #
pmorin Loc: Huntington Beach, Palm Springs
 
jerryc41 wrote:
When "Ask Leo" began this topic, I didn't expect three random words to make up a secure password, but I was wrong. For one thing, one word can have a lot of letters. "Constitution@hippopotamus#chrysantheum" You can capitalize random letters and put various characters between the words. You can also misspell words or spell them backwards. This could result in many trillions of combinations and be virtually impossible to break. Leo uses a password vault and twenty random characters for each password. Using fewer characters makes it easier for someone to hack your password.

Askleo.com/137138
When "Ask Leo" began this topic, I didn'... (show quote)


When I worked at the phone company we were given laptops to use in the field as a resource. We were told that pass phrases were simple yet effective in as they were near impossible to break. One day they needed to access my laptop while I was on disability leave and my supervisor got a bit miffed when he had to type in *#myBossisanasshole* . And no, I didn’t change it afterwards.

Reply
 
 
Oct 7, 2021 14:18:53   #
wjones8637 Loc: Burleson, TX
 
To meet requirements at work I used 100%ShitSystem then 101 and so on when the password changes were required. For some reason IT wasn’t pleased.

Reply
Oct 7, 2021 14:47:01   #
jerryc41 Loc: Catskill Mts of NY
 
johngault007 wrote:
I have been using three word passphrases for close to 10 years now. As long as there is a special character separating the words (and a space is considered a special character) then the password is adequately strong enough to prevent almost all password cracking attempts. The theory behind it is very sound, because entropy doesn't lie, and in most cases, length of a password/passphrase contribute to higher entropy than a shorter randomized password.


Most people think that cracking passwords is done one character or word at a time, like in the movies. In reality the tools available to crack passwords run on trying combinations of characters (or rainbow tables/word lists) one at a time until a full match for the entire password/phrase is successfully guessed.


NIST is even providing guidance on more secure methods using easy-to-remember passphrases:
https://www.nist.gov/blogs/taking-measure/easy-ways-build-better-p5w0rd
I have been using three word passphrases for close... (show quote)


You're ahead of the curve.

Reply
Oct 7, 2021 14:47:29   #
jerryc41 Loc: Catskill Mts of NY
 
wjones8637 wrote:
To meet requirements at work I used 100%ShitSystem then 101 and so on when the password changes were required. For some reason IT wasn’t pleased.


If it works, it works.

Reply
Oct 7, 2021 14:52:19   #
jerryc41 Loc: Catskill Mts of NY
 
pmorin wrote:
When I worked at the phone company we were given laptops to use in the field as a resource. We were told that pass phrases were simple yet effective in as they were near impossible to break. One day they needed to access my laptop while I was on disability leave and my supervisor got a bit miffed when he had to type in *#myBossisanasshole* . And no, I didn’t change it afterwards.


I guess he knows himself well.

I had a funny experience with passwords years ago. We got our first bank card, and as we passed the bank, I thought I'd try it out (after hours). I used the card to enter the locked lobby. I put the card into the machine, and it welcomed me. Then it asked for my PIN. I had no idea, so I went back to the car and told my wife. "Oh, just enter any numbers." I could have argued with my wife, but what would be the use? I went back inside and started entering numbers. Suddenly, I got a "Welcome to whatever bank." I had no idea what number I had entered, and I was starting on the next guess, so that was the end of that. Now I know how to break into someone's account. Just keep entering random numbers.

Reply
 
 
Oct 7, 2021 15:22:40   #
RiJoRi Loc: Sandy Ridge, NC
 
When I was working, the network demanded a new password every three months. Thought about it and realized the season changes every 3 months, so I used season+year to keep the network happy.

Jerry - having worked for an alarm company, I KNOW the worst password is "1234". It's so bad, that was the default password that came with the systems that the installation companies bought. 😲

--Rich

Reply
Oct 7, 2021 15:40:33   #
johngault007 Loc: Florida Panhandle
 
jerryc41 wrote:
You're ahead of the curve.


It's literally the line of work I'm in. So I hope so...lol

Reply
Oct 7, 2021 16:00:07   #
Longshadow Loc: Audubon, PA, United States
 
Check this out: https://www.security.org/how-secure-is-my-password/

Reply
Oct 8, 2021 08:47:09   #
noobie Loc: South Chicago
 


Gave this password security checker a try and got interesting results.

According to the site, the password-- B27%Jj9#R. - -can be cracked in 5,000 years.

The password-- This is my password -- will take 100 quadrillion years to crack.

Tried this with others and got the same result. My conclusion is that a password that is a simple, easy to remember sentence with spaces between the words is about as good as it gets.

Reply
 
 
Oct 8, 2021 09:27:48   #
andesbill
 
Our passwords aren’t hacked, they’re “given away” by the companies that are hacked who have our passwords. The other major source of “hacking”, is when we stupidly give away our id’s in a phishing expedition that we fall for.

Reply
Oct 8, 2021 09:53:05   #
johngault007 Loc: Florida Panhandle
 
andesbill wrote:
Our passwords aren’t hacked, they’re “given away” by the companies that are hacked who have our passwords.


If a company is the victim of a network intrusion, and account information is stolen, any credentials for specific users are not stored as plain text, therefore the threat actor still has to crack the passwords.


andesbill wrote:
The other major source of “hacking”, is when we stupidly give away our id’s in a phishing expedition that we fall for.


That is called "social engineering" and phishing is the vector to obtain that information.

Reply
Oct 8, 2021 10:09:59   #
andesbill
 
johngault007 wrote:
That is called "social engineering" and phishing is the vector to obtain that information.


I hadn’t heard the term social engineering before. I guess it replaces “conning” or “scamming”. Stupidity should cover it though.
I’ve had ID loss 4 times. Three through my credit card (2 of those at gas stations), 1 at a tourist center. The 4th one was online. I new I made a stupid mistake immediately, and called my bank. I was made whole each time. Replacing the cards, and redoing the auto payments was a royal pain.
The problem with secure passwords is that they are impossible to remember, and need to be made up by a password program, which can then be hacked, and so on.
BTW, I solved the gas station credit card problem. I bought a Tesla. Not a cheap solution.

Reply
Oct 8, 2021 10:19:16   #
badapple Loc: Twin Lake, Michigan
 
I use the last eight digits of pi.

Reply
Page 1 of 2 next>
If you want to reply, then register here. Registration is free and your account is created instantly, so you can post right away.
General Chit-Chat (non-photography talk)
UglyHedgehog.com - Forum
Copyright 2011-2021 Ugly Hedgehog, Inc.