Equipped To Survive Equipped To Survive® Presents
The Survival Forum
Where do you want to go on ETS?

Page 3 of 10 < 1 2 3 4 5 ... 9 10 >
Topic Options
#268980 - 04/11/14 06:37 AM Re: Might be time to change your passwords [Re: Mark_R]
ireckon Offline
Pooh-Bah

Registered: 04/01/10
Posts: 1629
Loc: Northern California
No matter the password strength, I check my bank accounts online once or twice a day. 24 hours will not pass before I can respond to foul play. I think that's better than having a super strong password and checking bank accounts only once a week.

By the way, I do need a system that allows me to memorize, even though I will also keep a password vault program. Every now and then I'll find myself somewhere with nothing but an Internet connection on a random computer. I need my password to be in my brain at that moment. Thus, I need to memorize at least the important passwords.
_________________________
If you're reading this, it's too late.

Top
#268981 - 04/11/14 01:30 PM Re: Might be time to change your passwords [Re: ireckon]
haertig Offline
Pooh-Bah

Registered: 03/13/05
Posts: 2322
Loc: Colorado
Originally Posted By: ireckon
Every now and then I'll find myself somewhere with nothing but an Internet connection on a random computer. I need my password to be in my brain at that moment. Thus, I need to memorize at least the important passwords.

Typing your important passwords into a "random computer" might be something you want to re-think.

Top
#268983 - 04/11/14 02:43 PM Re: Might be time to change your passwords [Re: haertig]
ireckon Offline
Pooh-Bah

Registered: 04/01/10
Posts: 1629
Loc: Northern California
I would use a random computer for an emergency. Imagine something like a foreign country where the only/best means of communication is the Internet.

Anyway, I am "the guy" in the family who must know passwords, not only my passwords. For example, over the past ten years at least ten times, I've received a call from a house security company who was about to send the cops over to one of my relatives' house. I knew the password every time and prevented the cops from showing up. (I knew they were not intrusions.) I have been the only one who ever remembered the passwords because of my system for recalling. And, by the way, around me, the cops have the right to bust into the home if they get a call from a security company. That can easily end all bad.

So, about knowing passwords, I'm talking about the entire universe of passwords (including house security, padlocks, safes, etc) that I like to keep in my brain for quick recall. The security vault software is a backup.
_________________________
If you're reading this, it's too late.

Top
#268984 - 04/11/14 03:10 PM Re: Might be time to change your passwords [Re: Denis]
ireckon Offline
Pooh-Bah

Registered: 04/01/10
Posts: 1629
Loc: Northern California
Originally Posted By: Denis
Password strength:



This is an outstanding cartoon that I saw awhile ago. Since I have not heard anybody refute this method, I will be implementing this.
_________________________
If you're reading this, it's too late.

Top
#268985 - 04/11/14 04:04 PM Re: Might be time to change your passwords [Re: Mark_R]
chaosmagnet Offline
Sheriff
Carpal Tunnel

Registered: 12/03/09
Posts: 3867
Loc: USA
I love XKCD but I do not entirely agree with the "correcthorsebatterystaple" password creation methodology.

For straight-up unsophisticated brute-force attacks, where every possible password is tried starting at "a" and ending at "zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz" -- the esteemed Mr. Munroe is correct.

Most password attacks are far more sophisticated, using dictionaries, precomputed hash tables, and so on. A dictionary attack against "correcthorsebatterystaple" would succeed far more quickly than a brute force attack.

Top
#268987 - 04/11/14 04:39 PM Re: Might be time to change your passwords [Re: Mark_R]
ireckon Offline
Pooh-Bah

Registered: 04/01/10
Posts: 1629
Loc: Northern California
A dictionary attack to get "correcthorsebatterystaple" would consider about 200,000^4 combinations of words. How long would that take? It would actually be more combinations than that because the hack doesn't know how many words to consider (e.g., 1 word or 9 words?)

By the way, I don't think it's possible to do a pure dictionary attack on "!correcthorsebatterystaple" (one random symbol in there).
_________________________
If you're reading this, it's too late.

Top
#268990 - 04/11/14 05:14 PM Re: Might be time to change your passwords [Re: ireckon]
Arney Offline
Pooh-Bah

Registered: 09/15/05
Posts: 2485
Loc: California
Originally Posted By: ireckon
By the way, I don't think it's possible to do a pure dictionary attack on "!correcthorsebatterystaple" (one random symbol in there).

With the cost of hardware getting cheaper all the time, I wouldn't be surprised if an individual COULD create a hash table in RAM that contains a password like "!correcthorsebatterystaple". I'm curious if cloud computing providers like Amazon look for activity like this by their own users? A hacker doesn't even need to buy their own hardware--just rent time on someone else's shiny, high power data center.

Of course, we're talking about the scenario where someone has unlimited ability to try and get a correct password, like stealing the password file or password hash table for some site and running an attack against that file. But if someone can access THAT file, that system already is already in deep trouble.

It's like not someone can try a million passwords by trying to log into your back account through the login webpage. I can only try to log into my work PC three times before it locks me out for 6 hours or until I call an admin and they deactivate the lockout. In that kind of environment, you don't need military grade passwords.

It's old school (practically ancient, in Internet time) but I'm still a big fan of the diceware method, which basically gives you "correcthorsebatterystaple" type passwords. I almost always have at least one number in it, so a simple low security password would have the format word + number + word. Depending on how strong I want the password to be, I will also use diceware to randomly insert/replace a letter with a special character as well as add more words.

A much better system than random gobbledygook passwords, as long as you remember that the strength comes from the length, not the apparent "randomness" of the letters and numbers.

Top
#268991 - 04/11/14 05:18 PM Re: Might be time to change your passwords [Re: ireckon]
haertig Offline
Pooh-Bah

Registered: 03/13/05
Posts: 2322
Loc: Colorado
All passwords are a compromise between convenience and security.

My previous WiFi password was (cut-n-pasted directly from my archives of old passwords):

Code:
Cy3h6u\/FmC3\F$$lsz2IpOxWIkhR5ye\!B,k7,!q0$lPtc1aQ2t6QfbiE8-J&d

I finally ended up replacing that with a simpler one, because nobody could ever type it correctly to attach to my WiFi network. Including me. After about four tries, everybody gave up except for the masochists. It got to be too much of a pain-in-the-butt when I was configuring devices like my Roku video streamer, which don't allow for copy/paste from an attached thumbdrive containing the password. There's quite a bit of "is that an ell or an eye or an oh or a one?" in there, depending on the font I used to print it out. It was, however, quite effective at squelching most folks desire to even attempt to connect to my WiFi!

In this case, I think I had a very "secure" password, but certainly not a "convenient" one. It was overkill for the task at hand, especially seeing as how my WiFi signal doesn't even make it out to my property line.

Top
#268992 - 04/11/14 05:28 PM Re: Might be time to change your passwords [Re: Mark_R]
ireckon Offline
Pooh-Bah

Registered: 04/01/10
Posts: 1629
Loc: Northern California
I have a similar password for my Wifi. I think Comcast started doing this so there is zero chance a random person is stealing bandwidth. lol
_________________________
If you're reading this, it's too late.

Top
#268993 - 04/11/14 05:42 PM Re: Might be time to change your passwords [Re: ireckon]
Arney Offline
Pooh-Bah

Registered: 09/15/05
Posts: 2485
Loc: California
Originally Posted By: ireckon
I think Comcast started doing this so there is zero chance a random person is stealing bandwidth. lol

Speaking of "stealing bandwidth," I briefly skimmed an article a while back and never was able to go back and read it more carefully, but I was surprised to learn that at least one major Internet provider (and I can't remember which one) allows any customer to use any other customer's home wifi by logging in with their own customer login info. Has anyone else heard of this? I wonder if these customers even realize that they are potentially sharing their wireless access point with complete strangers?

Apparently the public bandwidth is separate and will supposedly never degrade your own bandwidth or allow someone from outside to access your private network, but still, I was pretty shocked to hear about this. I have AT&T and I remember feeling relieved, so I don't think it was AT&T that has this "service".

Top
Page 3 of 10 < 1 2 3 4 5 ... 9 10 >



Moderator:  Alan_Romania, Blast, chaosmagnet, cliff 
October
Su M Tu W Th F Sa
1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31
Who's Online
0 registered (), 1198 Guests and 73 Spiders online.
Key: Admin, Global Mod, Mod
Newest Members
axotugoc, eprep, Aaron_Guinn, israfaceVity, Explorer9
5372 Registered Users
Newest Posts
Using Grape & Cyprus to Filter Water
by dougwalkabout
Today at 02:43 AM
What did you do today to prepare?
by Eugene
10/23/25 09:49 PM
'Fess Up -- Where are you hanging out online?
by dougwalkabout
10/14/25 03:34 AM
MRE Deal
by chaosmagnet
10/07/25 04:09 PM
Newest Images
Tiny knife / wrench
Handmade knives
2"x2" Glass Signal Mirror, Retroreflective Mesh
Trade School Tool Kit
My Pocket Kit
Glossary
Test

WARNING & DISCLAIMER: SELECT AND USE OUTDOORS AND SURVIVAL EQUIPMENT, SUPPLIES AND TECHNIQUES AT YOUR OWN RISK. Information posted on this forum is not reviewed for accuracy and may not be reliable, use at your own risk. Please review the full WARNING & DISCLAIMER about information on this site.