jeep_daddy Loc: Prescott AZ

But then I have a hard time remembering them without writing them down. Then they become more unsafe because it's written down. Ugh!

srg

Now that is funny.

johngault007 Loc: Florida Panhandle

Yeah, it's a very wide gamut of techniques to "trick" or "convince" a victim to provide the threat actor with information. Most of the time the information that is being requested seems innocent enough, because people immediately protect their logon credentials, CC numbers, etc..... But they are very quick to play those "fill in your top whatever" games on social media <<<<<< Social Engineering. It may seem like a game, but somebody started those kinds of lists to pair up information with users....that information is sometimes mysteriously close to our security questions we have to fill out.


As far as password complexity...I mentioned it in my first response in this thread, but this blog from National Institute of Technology (NIST) explains is a somewhat more digestible form how you can make easy passwords that are complex enough to defeat pretty much all cracking (brute force, rainbow tables, bare word) attempts.

For instance, if I was to create a new password for this forum. I would associate it to cameras and use something like: (not my actual password )
information!exposure!community!photography
or
information exposure community photography
or
information#exposure!community@photography

All have the same level of entropy, they are very easy to remember, and contain a three special characters (spaces are considered special).

Here is the blog (it only took them 10 years to catch up with the rest of us in the security community): https://www.nist.gov/blogs/taking-measure/easy-ways-build-better-p5w0rd

Cheers!
Tony

bobbyjohn Loc: Dallas, TX

Today I opened a new online banking account, I always use the same password: "cabbage". It's easy to remember. But it seems the computer had other plans...

Please enter your new password:
"cabbage"

Sorry, the password must be 8 or more characters.
"boiled cabbage"

Sorry, the password must contain 1 numerical character.
"1 boiled cabbage"

Sorry, the password cannot have blank spaces.
"50bloodyboiledcabbages"

Sorry, the password must contain at least one upper case character.
"50BLOODYboiledcabbages"

Sorry, the password cannot use more than one upper case character consecutively.
"50BloodyBoiledCabbagesShovedUpYourArse,IfYouDon'tGiveMeAccessnow”

Sorry, the password cannot contain punctuation.
“ReallyPissedOff50BloodyBoiledCabbagesShovedUpYourArseIfYouDontGiveMeAccessnow”

Sorry, that password is already in use!

Xinloi6870

I use them all.

Brian in Whitby Loc: Whitby, Ontario, Canada

Why not just use 20 random characters?
The value of the three random words is that you might remember them.
If you are using a password manager, there is no need to remember them.

cdayton

Since pi is a transcendental number with infinite digits, it would be a bad choice but unhackable.

pyroManiac Loc: HIXSON,TN

If in my computer there are no credit card numbers, no bank account numbers or any other sensitive info why should I care if my password has been hacked?

neillaubenthal

Yep..length is really the only important password characteristic these days…followed by making sure you have both cases, numbers, and symbols included. 3 word passwords with a couple upper case, couple numbers, and a couple of symbols…although the numbers can be the same digit and the same symbol used twice and it makes no meaningful difference. Much easier to type actual words…and since once you get over 17 characters the only useful cracking method is brute force try every possible combination the fact that the individual words re in the dictionary doesn’t matter.

johngault007 Loc: Florida Panhandle

That's not an entirely accurate statement. I posted the link twice in this thread on how that mentality in the computer security field has changed. Entropy does not care as much about randomization, numbers, or case usage. Bare word passphrases with a single special character (including space) are very strong.

johngault007 Loc: Florida Panhandle

Because you won't always have access to a password manager, or the password database gets corrupted, zombies invade and eat hard drives? I mean, it does happen.

jerryc41 Loc: Catskill Mts of NY

One of my words is seven months safe. Of course, that would depend on the computer being used and how desperate they are to get into my library account.

Stan Wieg Loc: Fair Oaks, CA

No shortage of unique identifiers if you string a few words together.
I was recently exposed to an app called What Three Words that has a three (random) word address for every square block on earth. It worked better than a GPS coordinate for way-finding in an absolutely featureless desert in Nevada when we were navigating around Burning Man. Of course, you do have to have been there before to know the three word address, or have someone else tell it to you, but for finding your way home it is great.

petrochemist Loc: UK

Yes I've found photo forums that insist my password must be 10 characters or more contain caps, lowercase, numbers & special characters... WHY? The worst that can happen is someone mis represents me to people I've never met - the requirements for my paypal password are much simpler.

If a password is too complicated I will forget it (I access the net on multiple computers so need to enter it afresh several times)