dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
3044

Sparrow
Crystal Sky
Premium Member
join:2002-12-03
Sachakhand

3 recommendations

Sparrow

Premium Member

The perfect gift for the holidays!

Click for full size
... and be sure to tell the recipient to leave it near their PC for easy access!

(No offense to you, Mele!)

StuartMW
Premium Member
join:2000-08-06

2 recommendations

StuartMW

Premium Member

Accompanied by one of these


Nanaki (banned)
aka novaflare. pull punches? Na
join:2002-01-24
Akron, OH

Nanaki (banned) to Sparrow

Member

to Sparrow
just enter 6 to 8 spaces for your password and be done with it lol

Some sites do accept passes with all spaces google requires a real letter number etc at beginning and end but will take for example 1 then7 spaces and 1

I did a 1 then 16 space and another 1 and got this

Password strength: Good
Use at least 8 characters. Don't use a password from another site, or something too obvious like your pet's name.

I wonder how strong is a nearly all spaces password? It is so odd ball it might be stupid strong lol

Kilroy
MVM
join:2002-11-21
Saint Paul, MN

1 recommendation

Kilroy to Sparrow

MVM

to Sparrow
My wife showed this to me when she was going through the catalog. If it works for you great, but it doesn't generate random passwords, but I suppose you could get a Ultra High Security Password and write it down. I'd rather use LastPass and not have to deal with entering passwords like :,_&Ilzyz+UNJoct=x>

jadinolf
I love you Fred
Premium Member
join:2005-07-09
Ojai, CA

2 recommendations

jadinolf to Sparrow

Premium Member

to Sparrow
Heck, I use the same password for everything:

*******************

NOYB
St. John 3.16
Premium Member
join:2005-12-15
Forest Grove, OR

NOYB to Sparrow

Premium Member

to Sparrow

Written down passphases can actually be very secure if the person knows how to go about it.

Create a strong password but write it down in an obscured fashion that will require more guess than the account allows before locking out.

While the actual passphrase needs to protect against offline brute force attack. What is written down only has to protect against online attack. Which for any decently secured account should lock out after only a few failed attempts.

Dustyn
Premium Member
join:2003-02-26
Ontario, CAN
·Carry Telecom
·TekSavvy Cable
Asus GT-AX11000
Technicolor TC4400

2 recommendations

Dustyn to Sparrow

Premium Member

to Sparrow
Now to add the PERFECT accessory for this gift!
disappearing ink

NOYB
St. John 3.16
Premium Member
join:2005-12-15
Forest Grove, OR

2 edits

NOYB to Sparrow

Premium Member

to Sparrow
A good Christmas gift is one that keeps someone safe.

»images.search.yahoo.com/ ··· k+Stands

»search.yahoo.com/search; ··· 703&fp=1

But if they don't have a pair, don't put it off until Christmas. They make a great gift all year around. This is not a place for being cheap, taking shortcuts, or makeshift do it yourself solutions.

Kilroy
MVM
join:2002-11-21
Saint Paul, MN

Kilroy to NOYB

MVM

to NOYB
said by NOYB:

What is written down only has to protect against online attack. Which for any decently secured account should lock out after only a few failed attempts.

You seem to not understand how password attacks are performed today. There is no reason to attempt an online attack. Attacks are offline against the password database. Your password has to be of sufficient strength to not be worth the effort required by the attacker, normally the top 10%.
dave
Premium Member
join:2000-05-04
not in ohio

7 recommendations

dave to Sparrow

Premium Member

to Sparrow
I suppose your point is the ridiculing of the idea of writing down passwords, but it is a perfectly decent approach. Practically all of my risk is from computer-borne attacks, with more-or-less none at all from someone being in the house.

Or, to put it another way, if they're in the house and can touch the paper on which my passwords are written, then they also have access to all the other paperwork which would allow them to execute a pretty comprehensive identity theft. At that point online passwords are the least of my concern.

NOYB
St. John 3.16
Premium Member
join:2005-12-15
Forest Grove, OR

1 edit

NOYB to Kilroy

Premium Member

to Kilroy

I quite well understand the offline attack. That is why at the very beginning of the second sentence I said "create a strong password".

Then went on to state that the actual password needs to protect against off-line attacks, but what is written down only needs to protect against on-line attacks.

Perhaps you were in too big of a hurry to flame and discredit to read the entire statement.
NOYB

NOYB to dave

Premium Member

to dave

What was that line in "The Love Bug". "The old ways are still the best."
TheMG
Premium Member
join:2007-09-04
Canada
MikroTik RB450G
Cisco DPC3008
Cisco SPA112

TheMG to Sparrow

Premium Member

to Sparrow
I actually do keep several of my less-used passwords written down on a sheet of paper within reach of the computer. Impossible to remember everything, and I never trusted password managers.

Anyways, when passwords are written down it becomes an issue of physical security, which for me is pretty much a non-issue. The chances of someone breaking into my apartment and stealing my sheet of passwords is extremely slim. Who breaks into someone's residence looking around for a sheet of passwords? They're gonna go after the electronics and audio equipment, not a piece of paper. And no, I don't keep it taped under the keyboard or the monitor.

Also, the sheet only contains partial passwords, and some of them have obscure hints as to what they are for. So even if someone does get their hands on it, it's going to take some guessing and trial-and-error before they can make use of the information.

NOYB
St. John 3.16
Premium Member
join:2005-12-15
Forest Grove, OR

NOYB

Premium Member

said by TheMG:

the sheet only contains partial passwords, and some of them have obscure hints as to what they are for. So even if someone does get their hands on it, it's going to take some guessing and trial-and-error before they can make use of the information.


And since the use of stolen written down passwords is an online attack the account should be locked out in short order before thief guesses correct and gets in.

Password obfuscation techniques can also be applied to password managers. After all password managers are basically an electronic piece of paper full of account credentials.

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

Snowy to dave

Premium Member

to dave
Click for full size
Too much info
said by dave:

I suppose your point is the ridiculing of the idea of writing down passwords, but it is a perfectly decent approach.

That's true, writing down passwords is not such a bad idea.

Getting back to the threads subject...

The image clearly shows someone making a one stop single point of failure by including site name, URL, user name & password.

That's nuts.
I can understand writing down the password but including all the other (unnecessary) data is creating a risk that doesn't need to exist.

Including SII (site identity info) might be helpful with associating the password with the correct user name.
Including a user name would help someone remember which site the password was associated with.
But really, do people forget where they log in, what their user name is & their password?

It's too much info in one place.
said by dave:

Or, to put it another way, if they're in the house and can touch the paper on which my passwords are written, then they also have access to all the other paperwork which would allow them to execute a pretty comprehensive identity theft. At that point online passwords are the least of my concern.

A password list can be safe regardless of its environment.
Taking more time, effort & keystrokes to force a password list into becoming an unnecessary security risk is worthy of ridicule, IMO.
Nanaki (banned)
aka novaflare. pull punches? Na
join:2002-01-24
Akron, OH

Nanaki (banned)

Member

Am i the only one who wants to try that pass etc LOL

Kilroy
MVM
join:2002-11-21
Saint Paul, MN

Kilroy

MVM

Gotta love that it is the classic example of a poor password, ie starts with a capital letter, contains words from the dictionary, and number at the end. If you told them it needed a symbol it would have an ! at the end.
dave
Premium Member
join:2000-05-04
not in ohio

dave

Premium Member

god forbid that someone be able to break into your epicurious account !

Chubbzie
join:2014-02-11
Greenville, NC
Hitron CDA3
(Software) OpenBSD + pf

Chubbzie to Nanaki

Member

to Nanaki
said by Nanaki:

Am i the only one who wants to try that pass etc LOL

Nah, they're all invalid credentials...
Nanaki (banned)
aka novaflare. pull punches? Na
join:2002-01-24
Akron, OH

Nanaki (banned)

Member

LOL you tried

NOYB
St. John 3.16
Premium Member
join:2005-12-15
Forest Grove, OR

NOYB to Kilroy

Premium Member

to Kilroy

I have a password like this that Last Pass Security checker rates at 100%.

A 2 letter dictionary word with first letter capitalized.
Followed by a 4 letter dictionary word with first letter capitalized.
Followed by one special character.
Followed by one digit.

Similar to this:
BeLate@8
Nanaki (banned)
aka novaflare. pull punches? Na
join:2002-01-24
Akron, OH

Nanaki (banned)

Member

google sees 1 (15 spaces) 1 as good. Oddly enough it is so odd ball it might be a damn strong password lol.

NOYB
St. John 3.16
Premium Member
join:2005-12-15
Forest Grove, OR

NOYB

Premium Member


Try this.

MyDice@7

LastPass Secruty Check / Chalenge rates it 100%.

How can they justify rating any 8 character password at 100%?

Kilroy
MVM
join:2002-11-21
Saint Paul, MN

Kilroy

MVM

Because it contains all four character sets (upper case, lower case, numbers, symbols) with 6,704,780,954,517,120 possible combinations. Like any password meter it doesn't take into consideration that this password would fall quickly to a masked dictionary attack and only considers a brute force attack. A better question is why "Et53U54fAnUQ" only gets a 93% score with 3,279,156,381,453,603,096,810 possible combinations?
Nanaki (banned)
aka novaflare. pull punches? Na
join:2002-01-24
Akron, OH

Nanaki (banned)

Member

It lacks a !@#$%^&* )or(

Any of those would likely bump it to 100% as well as adding even more possible combos allot more infact.

Kilroy
MVM
join:2002-11-21
Saint Paul, MN

Kilroy

MVM

Yes, but for a brute force attack is is about double the strength of the eight character password with all four character sets. While it would be wonderful to have all four character sets we know many sites won't accept them.
Nanaki (banned)
aka novaflare. pull punches? Na
join:2002-01-24
Akron, OH

Nanaki (banned)

Member

true. In fact i would say most wont. A single space could jack up most all brute force attacks quite nicely. yet most sites will not allow it to be used.

Im sure some one some where has wrote a brute force password cracker that does try spaces or can.

NOYB
St. John 3.16
Premium Member
join:2005-12-15
Forest Grove, OR

NOYB

Premium Member


I'm sure a brute force attacker would know the sites allowable password characters and limit their attack character set accordingly.
NOYB

NOYB to Kilroy

Premium Member

to Kilroy

Yet "BeLate@8" being the same length, character set, and format is rated much lower.
Nanaki (banned)
aka novaflare. pull punches? Na
join:2002-01-24
Akron, OH

Nanaki (banned) to NOYB

Member

to NOYB
Right but i think most would ignore the entire idea of spaces in a password. Most do not think of even trying it when creating their password. What it really does is add some security by obscurity. Once such a thing becomes common practice it would loose that aspect.

Same way we see a rise in maware for other operating systems now. ou never heard of much in the way of in the wild exploits etc for linux or apple. You seen some widely used servers that were also on windows get hit cross platform. Such as apache did. Servers will always be targeted regardless of os platform they use. A server is always going to be and always has been the low hanging fruit. But os level attacks were few and very far between on linux. Now that android is out there and more people are using linux on pcs or various reasons linux is getting looked at as a target.

Same happens with passwords. If every site starts allowing all 4 char sets and the use of spaces in passwords and users start to make use of them these char sets and space will end up being the target of brute force and dictionary attacks much more. As it stands now i doubt there are more than a hand full of brute fore crackers that can even try spaces.