dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
3807
share rss forum feed


antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4
Reviews:
·Time Warner Cable

Largest-ever password study: We are all idiots



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2
Well mine is "password".

WOT?


antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4
Reviews:
·Time Warner Cable

1 recommendation

said by StuartMW:

Well mine is "password".

WOT?

Wheel of Time, Web of Trust, etc.?


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

1 recommendation

WOT

quote:
How to say what with a British accent.

(And no I'm not British. I just like the way they say Wot.)
--
Don't feed trolls--it only makes them grow!


jaykaykay
4 Ever Young
Premium,MVM
join:2000-04-13
USA
kudos:24
Reviews:
·Cox HSI
·Speakeasy

1 recommendation

said by StuartMW:

WOT

quote:
How to say what with a British accent.

Eh,WOT?

dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8
Reviews:
·Verizon FiOS

1 recommendation

reply to antdude

Bonneau suggests that people chose a randomly selected number at least nine digits long because it will be easy enough to remember like a phone number and still provide a an above-average level of security.

The author seems to be ignoring the fact that his solution does not scale well.

I can likely remember one more 9-digit number (given that I no longer have to remember phone numbers: I outsourced that job to my phone).

I am pretty certain I cannot remember a couple of dozen more 9-digit numbers...


vaxvms
ferroequine fan
Premium
join:2005-03-01
Wormtown
kudos:3
Reviews:
·Charter
reply to antdude
"Most people simply keep the same password associated with an account for years, significantly increasing the likelihood of the account being hacked."

Why does not changing a password increase the likelihood of being hacked?
--
Of course I can keep secrets. It's the people I tell them to that can't keep them.


Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..
said by vaxvms:

"Most people simply keep the same password associated with an account for years, significantly increasing the likelihood of the account being hacked."

Why does not changing a password increase the likelihood of being hacked?

I think it means that a hacker, with the patience of ten elephants, can spend years leisurely whacking at the password forest surrounding a particular account and will eventually "connect". That, or the passage of time will cause your password to eventually float to the top ten (or top one hundred) "idiot" passwords on some published list, and thereby become a likely seed for all those cracking engines out there. (The crackers do read such articles and take them to heart, too).
--
"Is life so dear, or peace so sweet, as to be purchased at the price of chains and slavery? Forbid it, Almighty God!" -- P.Henry, 1775


tomazyk

join:2006-12-04
said by Blackbird:

I think it means that a hacker, with the patience of ten elephants, can spend years leisurely whacking at the password forest surrounding a particular account and will eventually "connect". That, or the passage of time will cause your password to eventually float to the top ten (or top one hundred) "idiot" passwords on some published list, and thereby become a likely seed for all those cracking engines out there. (The crackers do read such articles and take them to heart, too).

Hahaha. You've made me laugh


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

2 recommendations

reply to Blackbird
Ok, I'm convinced. Just changed mine to "password2"
--
Don't feed trolls--it only makes them grow!

TheMG
Premium
join:2007-09-04
Canada
kudos:3
Reviews:
·NorthWest Tel

1 recommendation

reply to antdude

Bonneau suggests that people chose a randomly selected number at least nine digits long because it will be easy enough to remember like a phone number and still provide a an above-average level of security.

"Easy enough to remember"... it takes me WEEKS to memorize a single phone number. I'm not even kidding.


OldGrayWolf

join:2007-10-06

1 edit

1 recommendation

reply to antdude
What an expert of a study, LOL. A 9 digit password? You've got to be kidding me.

I guess they haven't heard of "rainbow tables". LOL

TheMG
Premium
join:2007-09-04
Canada
kudos:3
Reviews:
·NorthWest Tel
9 digit password is probably fine for web applications where there is a very limited number of logon attempts allowed (for instance, if the service allows only 3 attempts per hour, it would take a ridiculously long time).

For everything else, a 9-digit numeric password fails miserably, as it would be pretty trivial to brute-force.


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2
said by TheMG:

For everything else, a 9-digit numeric password fails miserably, as it would be pretty trivial to brute-force.

Especially if the hacker knew your location. In the US telephone numbers are 10-digits and the first six are easily determined if you know the state/town. That only leaves 4 digits. Trivial indeed!
--
Don't feed trolls--it only makes them grow!

The Snowman
Premium
join:2007-05-20
kudos:4

2 edits
reply to antdude
Will try this again.....was not feeling so well earlier when I posted:

_____________

......how many use the name of the city where they reside and the Zip Code ?

TheMG
Premium
join:2007-09-04
Canada
kudos:3
Reviews:
·NorthWest Tel
said by The Snowman:

......how many use the name of the city where they reside and the Zip Code ?

Not me. My passwords typically consist of 4 to 6 relatively random words, a 3-digit number, and one or two symbols.


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to antdude
'When I was made redundant from my previous job, I set all the locally passworded IT stuff on our network to "icanttellyou"... when HQ continually asked, I would say "The password? I can't tell you...."

Oh the never ending childish merriment! That coupled with the technet BSOD screensaver was my parting gift! '

»community.spiceworks.com/topic/3···password

Roll yer own...

»www.makeuseof.com/tech-fun/tag/password/
--
Gladiator Security Forum
»www.gladiator-antivirus.com/


jadinolf
I love you Fred
Premium
join:2005-07-09
Ojai, CA
kudos:8
reply to antdude
One of my passwords is my Air Force Serial number.

Try and crack that puppy.
--
Printed on 100% recycled bytes


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
Used mine for USMC also..plus rifle or 45 serial number. Kind of sticks with ya over the years.


jabarnut
Light Years Away
Premium,MVM
join:2005-01-22
Galaxy M31
kudos:2

4 recommendations

reply to antdude
I've tried using some fancy strong passwords in the past, but it seems no matter what I typed, they always came out like this:


So now I just use those to begin with...it's real easy to remember.


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2
reply to Name Game
said by Name Game:

... when HQ continually asked, I would say "The password? I can't tell you...."

Or MomsTheWord
--
Don't feed trolls--it only makes them grow!


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

1 recommendation

reply to jabarnut
Like that Reminds me of this one
»www.makeuseof.com/tech-fun/chang···ncorect/

When first joining this DSLR Security Forum..each name that I tried to join seemed to be taken...out of frustration decided it was all just a name game...that worked.
--
Gladiator Security Forum
»www.gladiator-antivirus.com/


jadinolf
I love you Fred
Premium
join:2005-07-09
Ojai, CA
kudos:8
Reviews:
·DSL EXTREME

1 recommendation

reply to jabarnut
said by jabarnut:

I've tried using some fancy strong passwords in the past, but it seems no matter what I typed, they always came out like this:
[att=1]
So now I just use those to begin with...it's real easy to remember.

Hmmmmmmmmmmm We use the same password.
--
Printed on 100% recycled bytes


jabarnut
Light Years Away
Premium,MVM
join:2005-01-22
Galaxy M31
kudos:2
reply to antdude
said by jadinolf:

One of my passwords is my Air Force Serial number.

Try and crack that puppy.

said by Name Game:

Used mine for USMC also..plus rifle or 45 serial number. Kind of sticks with ya over the years.

All you guys have to do is join Facebook. They and everyone else will have your passwords in no time.
--
I had a life once.....now I have a Computer and a Modem.

PrivacyExprt

join:2010-09-29
Longwood, FL
reply to antdude
I guess I am not an idiot. My 'average' password looks like;

WXem3PGvs4ACqc9

if i want to get serious, it looks more like;

~iq7!E2na$Qwj@OYpz%R8

It is stored inside of a database encrypted with 8192-Bit encryption, or something close, and the encryption changed weekly, and the passwords are changed every 3-6 weeks. That database is stored on a triple-encrypted drive that requires my warm finger to turn on (biometrics), with an internet dead mans switch that cuts off outside access every hour if don't hit a button.

Nobody is breaking any of that..


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to jabarnut
Someone wrote they forgot the password to the file they keep all their other passwords enclosed.


Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..
said by Name Game:

Someone wrote they forgot the password to the file they keep all their other passwords enclosed.

Which is why experts write their master password on a Post-It, stuck to the frame of the monitor.
--
"Is life so dear, or peace so sweet, as to be purchased at the price of chains and slavery? Forbid it, Almighty God!" -- P.Henry, 1775


vaxvms
ferroequine fan
Premium
join:2005-03-01
Wormtown
kudos:3
Reviews:
·Charter

1 recommendation

said by Blackbird:

said by Name Game:

Someone wrote they forgot the password to the file they keep all their other passwords enclosed.

Which is why experts write their master password on a Post-It, stuck to the frame of the monitor.

Experts aren't that dumb. Experts put the post-it under the keyboard. No one ever looks there.
--
Of course I can keep secrets. It's the people I tell them to that can't keep them.

dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8
Reviews:
·Verizon FiOS

2 recommendations

Joking aside, I find little insecurity in that sort of approach for most of my personal (non-work) passwords. If you're in my house, specifically if you have access to my filing cabinet, then your ability to read the 'passwords' folder is the least of my problems. You already know my bank account details by that point...

(Banking passwords are a little more secure, the paper just gives memory hints.)

The important thing is that a sheet of paper is 100% secure against online attacks.


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to antdude
Click for full size
I actually never consider anything I do with a puter or on the net so private or important that it had to be protected. Really nothing to hide. Passwords to me are just a pain...Have had a real life for a long time now and not going to miss anything that I never owned in the first place.

Want to buy a "new" smart Phone ?