| 
| 
| 
| #268980 - 04/11/14 06:37 AM  Re: Might be time to change your passwords
[Re: Mark_R] |  
|   Pooh-Bah
 
   Registered:  04/01/10
 Posts: 1629
 Loc:  Northern California
 | 
No matter the password strength, I check my bank accounts online once or twice a day.  24 hours will not pass before I can respond to foul play.  I think that's better than having a super strong password and checking bank accounts only once a week.  
 By the way, I do need a system that allows me to memorize, even though I will also keep a password vault program.  Every now and then I'll find myself somewhere with nothing but an Internet connection on a random computer.  I need my password to be in my brain at that moment.  Thus, I need to memorize at least the important passwords.
 
_________________________If you're reading this, it's too late.
 |  
| Top |  |  |  |  
| 
| 
| #268981 - 04/11/14 01:30 PM  Re: Might be time to change your passwords
[Re: ireckon] |  
|   Pooh-Bah
 
   Registered:  03/13/05
 Posts: 2322
 Loc:  Colorado
 | 
Every now and then I'll find myself somewhere with nothing but an Internet connection on a random computer.  I need my password to be in my brain at that moment.  Thus, I need to memorize at least the important passwords. Typing your important passwords into a "random computer" might be something you want to re-think. |  
| Top |  |  |  |  
| 
| 
| #268983 - 04/11/14 02:43 PM  Re: Might be time to change your passwords
[Re: haertig] |  
|   Pooh-Bah
 
   Registered:  04/01/10
 Posts: 1629
 Loc:  Northern California
 | 
I would use a random computer for an emergency. Imagine something like a foreign country where the only/best means of communication is the Internet.
 Anyway, I am "the guy" in the family who must know passwords, not only my passwords. For example, over the past ten years at least ten times, I've received a call from a house security company who was about to send the cops over to one of my relatives' house.  I knew the password every time and prevented the cops from showing up.  (I knew they were not intrusions.) I have been the only one who ever remembered the passwords because of my system for recalling.  And, by the way, around me, the cops have the right to bust into the home if they get a call from a security company. That can easily end all bad.
 
 So, about knowing passwords, I'm talking about the entire universe of passwords (including house security, padlocks, safes, etc) that I like to keep in my brain for quick recall. The security vault software is a backup.
 
_________________________If you're reading this, it's too late.
 |  
| Top |  |  |  |  
| 
| 
| #268984 - 04/11/14 03:10 PM  Re: Might be time to change your passwords
[Re: Denis] |  
|   Pooh-Bah
 
   Registered:  04/01/10
 Posts: 1629
 Loc:  Northern California
 | 
Password strength:  This is an outstanding cartoon that I saw awhile ago. Since I have not heard anybody refute this method, I will be implementing this.
_________________________If you're reading this, it's too late.
 |  
| Top |  |  |  |  
| 
| 
| #268987 - 04/11/14 04:39 PM  Re: Might be time to change your passwords
[Re: Mark_R] |  
|   Pooh-Bah
 
   Registered:  04/01/10
 Posts: 1629
 Loc:  Northern California
 | 
A dictionary attack to get "correcthorsebatterystaple" would consider about 200,000^4 combinations of words.  How long would that take?  It would actually be more combinations than that because the hack doesn't know how many words to consider (e.g., 1 word or 9 words?)
 By the way, I don't think it's possible to do a pure dictionary attack on "!correcthorsebatterystaple" (one random symbol in there).
 
 
_________________________If you're reading this, it's too late.
 |  
| Top |  |  |  |  
| 
| 
| #268990 - 04/11/14 05:14 PM  Re: Might be time to change your passwords
[Re: ireckon] |  
|   Pooh-Bah
 
 Registered:  09/15/05
 Posts: 2485
 Loc:  California
 | 
By the way, I don't think it's possible to do a pure dictionary attack on "!correcthorsebatterystaple" (one random symbol in there). With the cost of hardware getting cheaper all the time, I wouldn't be surprised if an individual COULD create a hash table in RAM that contains a password like "!correcthorsebatterystaple". I'm curious if cloud computing providers like Amazon look for activity like this by their own users? A hacker doesn't even need to buy their own hardware--just rent time on someone else's shiny, high power data center. Of course, we're talking about the scenario where someone has unlimited ability to try and get a correct password, like stealing the password file or password hash table for some site and running an attack against that file. But if someone can access THAT file, that system already is already in deep trouble.  It's like not someone can try a million passwords by trying to log into your back account through the login webpage. I can only try to log into my work PC three times before it locks me out for 6 hours or until I call an admin and they deactivate the lockout. In that kind of environment, you don't need military grade passwords. It's old school (practically ancient, in Internet time) but I'm still a big fan of the diceware method, which basically gives you "correcthorsebatterystaple" type passwords. I almost always have at least one number in it, so a simple low security password would have the format word + number + word. Depending on how strong I want the password to be, I will also use diceware to randomly insert/replace a letter with a special character as well as add more words.  A much better system than random gobbledygook passwords, as long as you remember that the strength comes from the length, not the apparent "randomness" of the letters and numbers. |  
| Top |  |  |  |  
| 
| 
| #268991 - 04/11/14 05:18 PM  Re: Might be time to change your passwords
[Re: ireckon] |  
|   Pooh-Bah
 
   Registered:  03/13/05
 Posts: 2322
 Loc:  Colorado
 | 
All passwords are a compromise between convenience and security. My previous WiFi password was (cut-n-pasted directly from my archives of old passwords): Cy3h6u\/FmC3\F$$lsz2IpOxWIkhR5ye\!B,k7,!q0$lPtc1aQ2t6QfbiE8-J&dI finally ended up replacing that with a simpler one, because nobody could ever type it correctly to attach to my WiFi network.  Including me.  After about four tries, everybody gave up except for the masochists.  It got to be too much of a pain-in-the-butt when I was configuring devices like my Roku video streamer, which don't allow for copy/paste from an attached thumbdrive containing the password.  There's quite a bit of "is that an ell or an eye or an oh or a one?" in there, depending on the font I used to print it out.  It was, however, quite effective at squelching most folks desire to even attempt to connect to my WiFi! In this case, I think I had a very "secure" password, but certainly not a "convenient" one.  It was overkill for the task at hand, especially seeing as how my WiFi signal doesn't even make it out to my property line. |  
| Top |  |  |  |  
| 
| 
| #268992 - 04/11/14 05:28 PM  Re: Might be time to change your passwords
[Re: Mark_R] |  
|   Pooh-Bah
 
   Registered:  04/01/10
 Posts: 1629
 Loc:  Northern California
 | 
I have a similar password for my Wifi.  I think Comcast started doing this so there is zero chance a random person is stealing bandwidth.  lol 
_________________________If you're reading this, it's too late.
 |  
| Top |  |  |  |  
| 
| 
| #268993 - 04/11/14 05:42 PM  Re: Might be time to change your passwords
[Re: ireckon] |  
|   Pooh-Bah
 
 Registered:  09/15/05
 Posts: 2485
 Loc:  California
 | 
I think Comcast started doing this so there is zero chance a random person is stealing bandwidth.  lol Speaking of "stealing bandwidth," I briefly skimmed an article a while back and never was able to go back and read it more carefully, but I was surprised to learn that at least one major Internet provider (and I can't remember which one) allows any customer to use any other customer's home wifi by logging in with their own customer login info. Has anyone else heard of this? I wonder if these customers even realize that they are potentially sharing their wireless access point with complete strangers? Apparently the public bandwidth is separate and will supposedly never degrade your own bandwidth or allow someone from outside to access your private network, but still, I was pretty shocked to hear about this. I have AT&T and I remember feeling relieved, so I don't think it was AT&T that has this "service". |  
| Top |  |  |  |  
 
 
 
 | 
| 
 
 
|  |  |  | 1 | 2 | 3 | 4 |  
| 5 | 6 | 7 | 8 | 9 | 10 | 11 |  
| 12 | 13 | 14 | 15 | 16 | 17 | 18 |  
| 19 | 20 | 21 | 22 | 23 | 24 | 25 |  
| 26 | 27 | 28 | 29 | 30 | 31 |  | 
 |  
| 
	
 
| 0 registered (), 
660 
Guests and
73 
Spiders online. |  
| 
	Key:
	Admin,
	Global Mod,
	Mod
 | 
 |  |