SparrowCrystal Sky Premium Member join:2002-12-03 Sachakhand
3 recommendations |
Sparrow
Premium Member
2014-Oct-24 3:04 pm
The perfect gift for the holidays!... and be sure to tell the recipient to leave it near their PC for easy access! (No offense to you, Mele!) |
|
2 recommendations |
StuartMW
Premium Member
2014-Oct-24 3:12 pm
Accompanied by one of these
|
|
|
Nanaki (banned)aka novaflare. pull punches? Na join:2002-01-24 Akron, OH |
to Sparrow
just enter 6 to 8 spaces for your password and be done with it lol
Some sites do accept passes with all spaces google requires a real letter number etc at beginning and end but will take for example 1 then7 spaces and 1
I did a 1 then 16 space and another 1 and got this
Password strength: Good Use at least 8 characters. Don't use a password from another site, or something too obvious like your pet's name.
I wonder how strong is a nearly all spaces password? It is so odd ball it might be stupid strong lol |
|
Kilroy MVM join:2002-11-21 Saint Paul, MN
1 recommendation |
to Sparrow
My wife showed this to me when she was going through the catalog. If it works for you great, but it doesn't generate random passwords, but I suppose you could get a Ultra High Security Password and write it down. I'd rather use LastPass and not have to deal with entering passwords like :,_&Ilzyz+UNJoct=x> |
|
jadinolfI love you Fred Premium Member join:2005-07-09 Ojai, CA
2 recommendations |
to Sparrow
Heck, I use the same password for everything:
******************* |
|
NOYBSt. John 3.16 Premium Member join:2005-12-15 Forest Grove, OR |
to Sparrow
Written down passphases can actually be very secure if the person knows how to go about it.
Create a strong password but write it down in an obscured fashion that will require more guess than the account allows before locking out.
While the actual passphrase needs to protect against offline brute force attack. What is written down only has to protect against online attack. Which for any decently secured account should lock out after only a few failed attempts.
|
|
Dustyn Premium Member join:2003-02-26 Ontario, CAN ·Carry Telecom ·TekSavvy Cable Asus GT-AX11000 Technicolor TC4400
2 recommendations |
to Sparrow
Now to add the PERFECT accessory for this gift! disappearing ink |
|
NOYBSt. John 3.16 Premium Member join:2005-12-15 Forest Grove, OR 2 edits |
to Sparrow
A good Christmas gift is one that keeps someone safe. » images.search.yahoo.com/ ··· k+Stands» search.yahoo.com/search; ··· 703&fp=1But if they don't have a pair, don't put it off until Christmas. They make a great gift all year around. This is not a place for being cheap, taking shortcuts, or makeshift do it yourself solutions. |
|
Kilroy MVM join:2002-11-21 Saint Paul, MN |
to NOYB
said by NOYB: What is written down only has to protect against online attack. Which for any decently secured account should lock out after only a few failed attempts. You seem to not understand how password attacks are performed today. There is no reason to attempt an online attack. Attacks are offline against the password database. Your password has to be of sufficient strength to not be worth the effort required by the attacker, normally the top 10%. |
|
dave Premium Member join:2000-05-04 not in ohio
7 recommendations |
to Sparrow
I suppose your point is the ridiculing of the idea of writing down passwords, but it is a perfectly decent approach. Practically all of my risk is from computer-borne attacks, with more-or-less none at all from someone being in the house.
Or, to put it another way, if they're in the house and can touch the paper on which my passwords are written, then they also have access to all the other paperwork which would allow them to execute a pretty comprehensive identity theft. At that point online passwords are the least of my concern. |
|
NOYBSt. John 3.16 Premium Member join:2005-12-15 Forest Grove, OR 1 edit |
to Kilroy
I quite well understand the offline attack. That is why at the very beginning of the second sentence I said "create a strong password".
Then went on to state that the actual password needs to protect against off-line attacks, but what is written down only needs to protect against on-line attacks.
Perhaps you were in too big of a hurry to flame and discredit to read the entire statement.
|
|
NOYB |
NOYB to dave
Premium Member
2014-Oct-25 3:24 pm
to dave
What was that line in "The Love Bug". "The old ways are still the best."
|
|
TheMG Premium Member join:2007-09-04 Canada MikroTik RB450G Cisco DPC3008 Cisco SPA112
|
to Sparrow
I actually do keep several of my less-used passwords written down on a sheet of paper within reach of the computer. Impossible to remember everything, and I never trusted password managers.
Anyways, when passwords are written down it becomes an issue of physical security, which for me is pretty much a non-issue. The chances of someone breaking into my apartment and stealing my sheet of passwords is extremely slim. Who breaks into someone's residence looking around for a sheet of passwords? They're gonna go after the electronics and audio equipment, not a piece of paper. And no, I don't keep it taped under the keyboard or the monitor.
Also, the sheet only contains partial passwords, and some of them have obscure hints as to what they are for. So even if someone does get their hands on it, it's going to take some guessing and trial-and-error before they can make use of the information. |
|
NOYBSt. John 3.16 Premium Member join:2005-12-15 Forest Grove, OR |
NOYB
Premium Member
2014-Oct-26 10:33 pm
said by TheMG:the sheet only contains partial passwords, and some of them have obscure hints as to what they are for. So even if someone does get their hands on it, it's going to take some guessing and trial-and-error before they can make use of the information. And since the use of stolen written down passwords is an online attack the account should be locked out in short order before thief guesses correct and gets in. Password obfuscation techniques can also be applied to password managers. After all password managers are basically an electronic piece of paper full of account credentials. |
|
SnowyLock him up!!! Premium Member join:2003-04-05 Kailua, HI |
Snowy to dave
Premium Member
2014-Oct-27 1:45 am
to dave
Too much info |
said by dave:I suppose your point is the ridiculing of the idea of writing down passwords, but it is a perfectly decent approach. That's true, writing down passwords is not such a bad idea. Getting back to the threads subject... The image clearly shows someone making a one stop single point of failure by including site name, URL, user name & password. That's nuts. I can understand writing down the password but including all the other (unnecessary) data is creating a risk that doesn't need to exist. Including SII (site identity info) might be helpful with associating the password with the correct user name. Including a user name would help someone remember which site the password was associated with. But really, do people forget where they log in, what their user name is & their password? It's too much info in one place. said by dave:Or, to put it another way, if they're in the house and can touch the paper on which my passwords are written, then they also have access to all the other paperwork which would allow them to execute a pretty comprehensive identity theft. At that point online passwords are the least of my concern. A password list can be safe regardless of its environment. Taking more time, effort & keystrokes to force a password list into becoming an unnecessary security risk is worthy of ridicule, IMO. |
|
Nanaki (banned)aka novaflare. pull punches? Na join:2002-01-24 Akron, OH |
Nanaki (banned)
Member
2014-Oct-27 10:56 am
Am i the only one who wants to try that pass etc LOL |
|
Kilroy MVM join:2002-11-21 Saint Paul, MN |
Kilroy
MVM
2014-Oct-27 11:50 am
Gotta love that it is the classic example of a poor password, ie starts with a capital letter, contains words from the dictionary, and number at the end. If you told them it needed a symbol it would have an ! at the end. |
|
dave Premium Member join:2000-05-04 not in ohio |
dave
Premium Member
2014-Oct-27 12:39 pm
god forbid that someone be able to break into your epicurious account ! |
|
Hitron CDA3 (Software) OpenBSD + pf
|
to Nanaki
said by Nanaki:Am i the only one who wants to try that pass etc LOL Nah, they're all invalid credentials... |
|
Nanaki (banned)aka novaflare. pull punches? Na join:2002-01-24 Akron, OH |
Nanaki (banned)
Member
2014-Oct-27 2:14 pm
LOL you tried |
|
NOYBSt. John 3.16 Premium Member join:2005-12-15 Forest Grove, OR |
to Kilroy
I have a password like this that Last Pass Security checker rates at 100%.
A 2 letter dictionary word with first letter capitalized. Followed by a 4 letter dictionary word with first letter capitalized. Followed by one special character. Followed by one digit.
Similar to this: BeLate@8
|
|
Nanaki (banned)aka novaflare. pull punches? Na join:2002-01-24 Akron, OH |
Nanaki (banned)
Member
2014-Oct-27 5:38 pm
google sees 1 (15 spaces) 1 as good. Oddly enough it is so odd ball it might be a damn strong password lol. |
|
NOYBSt. John 3.16 Premium Member join:2005-12-15 Forest Grove, OR |
NOYB
Premium Member
2014-Oct-27 6:06 pm
Try this.
MyDice@7
LastPass Secruty Check / Chalenge rates it 100%.
How can they justify rating any 8 character password at 100%?
|
|
Kilroy MVM join:2002-11-21 Saint Paul, MN |
Kilroy
MVM
2014-Oct-28 10:21 am
Because it contains all four character sets (upper case, lower case, numbers, symbols) with 6,704,780,954,517,120 possible combinations. Like any password meter it doesn't take into consideration that this password would fall quickly to a masked dictionary attack and only considers a brute force attack. A better question is why "Et53U54fAnUQ" only gets a 93% score with 3,279,156,381,453,603,096,810 possible combinations? |
|
Nanaki (banned)aka novaflare. pull punches? Na join:2002-01-24 Akron, OH |
Nanaki (banned)
Member
2014-Oct-28 10:48 am
It lacks a !@#$%^&* )or(
Any of those would likely bump it to 100% as well as adding even more possible combos allot more infact. |
|
Kilroy MVM join:2002-11-21 Saint Paul, MN |
Kilroy
MVM
2014-Oct-28 11:36 am
Yes, but for a brute force attack is is about double the strength of the eight character password with all four character sets. While it would be wonderful to have all four character sets we know many sites won't accept them. |
|
Nanaki (banned)aka novaflare. pull punches? Na join:2002-01-24 Akron, OH |
Nanaki (banned)
Member
2014-Oct-28 11:40 am
true. In fact i would say most wont. A single space could jack up most all brute force attacks quite nicely. yet most sites will not allow it to be used.
Im sure some one some where has wrote a brute force password cracker that does try spaces or can. |
|
NOYBSt. John 3.16 Premium Member join:2005-12-15 Forest Grove, OR |
NOYB
Premium Member
2014-Oct-28 1:34 pm
I'm sure a brute force attacker would know the sites allowable password characters and limit their attack character set accordingly.
|
|
NOYB |
to Kilroy
Yet "BeLate@8" being the same length, character set, and format is rated much lower.
|
|
Nanaki (banned)aka novaflare. pull punches? Na join:2002-01-24 Akron, OH |
Nanaki (banned) to NOYB
Member
2014-Oct-28 1:50 pm
to NOYB
Right but i think most would ignore the entire idea of spaces in a password. Most do not think of even trying it when creating their password. What it really does is add some security by obscurity. Once such a thing becomes common practice it would loose that aspect.
Same way we see a rise in maware for other operating systems now. ou never heard of much in the way of in the wild exploits etc for linux or apple. You seen some widely used servers that were also on windows get hit cross platform. Such as apache did. Servers will always be targeted regardless of os platform they use. A server is always going to be and always has been the low hanging fruit. But os level attacks were few and very far between on linux. Now that android is out there and more people are using linux on pcs or various reasons linux is getting looked at as a target.
Same happens with passwords. If every site starts allowing all 4 char sets and the use of spaces in passwords and users start to make use of them these char sets and space will end up being the target of brute force and dictionary attacks much more. As it stands now i doubt there are more than a hand full of brute fore crackers that can even try spaces. |
|