Passwords - Good Article and Video
Aug 13, 2016 08:46:06 #
Like many people, I hate passwords and the rules that different sites have about them. I can understand the minimum length, but adding characters, numbers, and capital letters doesn't help. Some sites don't allow those special characters, so the system I use for making passwords won't work for that site. One of the most ridiculous requirements in some businesses is changing the password every few weeks or months - totally worthless effort.
On the other hand, most sites do not permit passphrases or long passwords or spaces, and they don't let you use one you've used before. I use LastPass to store my passwords, and it's 99% perfect. One problem it has is dealing with sites that have three entries to gain access.
https://www.washingtonpost.com/news/the-switch/wp/2016/08/11/theres-a-new-way-to-make-strong-passwords-and-its-way-easier/?wpisrc=nl_rainbow&wpmm=1
On the other hand, most sites do not permit passphrases or long passwords or spaces, and they don't let you use one you've used before. I use LastPass to store my passwords, and it's 99% perfect. One problem it has is dealing with sites that have three entries to gain access.
https://www.washingtonpost.com/news/the-switch/wp/2016/08/11/theres-a-new-way-to-make-strong-passwords-and-its-way-easier/?wpisrc=nl_rainbow&wpmm=1
Aug 13, 2016 09:02:27 #
Interesting article. Phrases may be the way to go. I am always forgetting my password.
Aug 13, 2016 09:27:03 #
JerryOSF
Loc: Bristol, VA
LastPass or Keepass are great. They allow using individual passwords for each site so if one is compromised the remainder are safe.
Aug 13, 2016 09:44:52 #
I use LastPass and like the ability to have access to it on multiple devices.
What I don't like is the requirement for two factor authentication - frustrating when using a cell phone to login and must retrieve a code from a text - but I guess that is the way of the future.
I received a notice from Social Security that they are now requiring you to own a cell phone so they can send you a text with your access code every time you log in. If you do not own a cell phone, you cannot access their site and must call in.
What I don't like is the requirement for two factor authentication - frustrating when using a cell phone to login and must retrieve a code from a text - but I guess that is the way of the future.
I received a notice from Social Security that they are now requiring you to own a cell phone so they can send you a text with your access code every time you log in. If you do not own a cell phone, you cannot access their site and must call in.
Aug 14, 2016 08:16:48 #
jerryc41 wrote:
Like many people, I hate passwords and the rules t... (show quote)
I hate it too and no reason for it if they had proper security on their site. They harass us with their incompetence. But that's OK. This is how I handle it. Since I am not not going to even try to memorize a thousand different passwords to please their incompetence, I let it cost them. every time I try to get into their site and have trouble, I call them and let them walk me through fixing everything. Sooner or later they will the message as the only way to get a corporations attention is to hit them in the pocketbook. It's the only language they understand; greed.
Aug 14, 2016 09:34:42 #
whitewolfowner wrote:
I hate it too and no reason for it if they had pro... (show quote)
I've always said that passwords are more for the protection of the sites requiring them.
Aug 14, 2016 10:37:10 #
jerryc41 wrote:
I've always said that passwords are more for the protection of the sites requiring them.
Not really. Their purpose is to keep outsiders from getting into your account, not their web site. But so many sites have such poor security out of sheer incompetence and then they take it out on the user. The security of the site is their responsibility, not ours as users.
Aug 14, 2016 11:47:48 #
whitewolfowner wrote:
Not really. Their purpose is to keep outsiders from getting into your account, not their web site. But so many sites have such poor security out of sheer incompetence and then they take it out on the user. The security of the site is their responsibility, not ours as users.
I understand that, but if someone gets into your account, they can blame you for not being secure with your password. "It's not our fault."
Aug 14, 2016 11:59:31 #
jerryc41 wrote:
I understand that, but if someone gets into your account, they can blame you for not being secure with your password. "It's not our fault."
They can try but they'd have to prove the invader got my password from my negligence and since their website is holding it, the only other way they could get it is if I gave it to them.
Aug 14, 2016 12:22:16 #
In constructing a password it is helpful to understand password cracking algorithms. There are many but all depend on a byte analysis. All keyboards use the ascii byte table for which there are only 256 distinct combinations. One way to frustrate a cracking algorithm is to make the password start with less than a byte, say three bits, but can you construct it. Some algorithms use a probability scheme wherein what is the most probable characters that follow, say, a J - one frustration would to never use vowels. Some cracking algorithms use pattern analysis, so length is your only defense, seemingly.
Aug 14, 2016 12:30:17 #
Similarly, "going green", that is, "going paperless" they say is for our convenience and benefit. I doubt this very much. I'll bet they save operating costs. Meanwhile, I must have more passwords to get into my accounts.
Aug 14, 2016 12:43:43 #
John_F wrote:
In constructing a password it is helpful to unders... (show quote)
Passwords and security in computers is all based on prime numbers so the algorithms are rendered practically useless. Your understanding is way off and possibly ancient to what is being done today.
Aug 14, 2016 19:28:42 #
whitewolfowner wrote:
Passwords and security in computers is all based on prime numbers so the algorithms are rendered practically useless. Your understanding is way off and possibly ancient to what is being done today.
When one makes a password for one's own purpose, such as bank accound, computer, email account, your obliged to make from keyboard keystrokes of which each is an ascii code byte. If you are a administrator of a major system, then you have more powerful tools for which prime numbers are used in some capacity. I am not schooled in that area, but remember until a new one is derived all the prime numbers are known. 1,2,3,5,7,11,13, .... etc. Does poster happen to know how many digits long is the largest today' known prime number.
Aug 15, 2016 09:20:24 #
John_F wrote:
When one makes a password for one's own purpose, s... (show quote)
It goes on forever and some of the largest computers are tying to calculate it.
Aug 15, 2016 11:37:58 #
whitewolfowner wrote:
It goes on forever and some of the largest computers are tying to calculate it.
This might be of interest.
https://en.wikipedia.org/wiki/Largest_known_prime_number
I've heard that the prime number system of data protection is in danger because of - something. Maybe it's the advent of quantum computers. It's too bad governments and corporations can't keep Russia and China out of their business. I haven't heard of a bank losing millions to hacking. (And now people will give me examples.
)
If you want to reply, then register here. Registration is free and your account is created instantly, so you can post right away.