With my background in computer security, I'm always looking for ways to help people realize how important some simple passwords of decent strength can be -- especially for things like bank accounts, PayPal/Amazon accounts and other critical stuff. Forums and the likes of Facebook could be just as bad (depending on information stored). At the least it can mean reputation or personal identity info release/harmed.

Length of password and how often you change it determines how strong it is. If you use the same password for 10 years, it's likely it's been broken at some point or will be soon (regardless of how strong it is -- it's always a matter of time)

Anyways, if you wanted to find out how strong your password is check out here:

http://www.grc.com/haystack.htm

At present mine is:

Online Attack Scenario:
(Assuming one thousand guesses per second)4.06 hundred million trillion centuries Offline Fast Attack Scenario:
(Assuming one hundred billion guesses per second)4.06 trillion centuries Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second)4.06 billion centuries

Thanks Linus. Appreciate the help.

Time Required to Exhaustively Search this Password's Space:
Online Attack Scenario: (Assuming one thousand guesses per second)
1.38 thousand trillion trillion centuries

Offline Fast Attack Scenario: (Assuming one hundred billion guesses per second)
13.76 million trillion centuries

Massive Cracking Array Scenario: (Assuming one hundred trillion guesses per second)
13.76 thousand trillion centuries

Big boy. :|

Great topic Linus. I want to add two things to this topic.

1) Creating a strong password. I use a cipher technique to make any password that I think I might have to type in (like the password to login to my laptop or my workstation). Take a word or phrase you will remember, then shift your keystrokes in some direction. For example, if you take applepie (which would be a horrible password) and shift it up and left you get
Q00o3083. If you want to be really crafty you can change some of those numbers into symbols so Q00o#)83. Now, someone attempting to break your password has to to determine what your starting word is and what your cipher scheme is. With this, even an 8-character password becomes unguessable by sheer luck or brute force.

2) Buy a password manager. For *everything* else, I use a password manager. This is a piece of software that plugs into your browser and will remember passwords for you and will also create strong passwords for you that you need not remember. You secure it with a master password so instead of having to remember your password for your bank, and your electric company, and your phone company, etc. you remember the master password. The one I use is called 1 Password (http://agilebits.com/products/1Password). It works on Mac, Windows, iPhone, iPad and Android. I use it on both my employer-provided Windows box and my phone and my Mac and when I buy an iPad later this year, I'll throw it on that as well.

The beauty of this is that it can sync using Dropbox or over your WiFi so the password file is always up to date regardless of the device. It's strength is creating strong password. Although my cipher scheme is workable and creates passwords that are reasonably strong, 1 Password allows you to use passwords that you simply couldn't remember. Here are three that I randomly generated as an example (i.e. this isn't the password to my bank account). 1 Password will run you $39.99 for the Mac or PC version and another $5.00 for the iOS version. But very well worth it!

yot4med5hib4ced
Z{8h?3dqW6(:42J
4a4p6x;KtM8B>U8;@6Dy

As you can see, those passwords are all but unguessable and anyone this side of a national intelligence agency (like the NSA) would have a hell of a time cracking it.

Cheers
Aj

I'm certainly not computer savvy, however, we change our passwords at work about once a month and you have to get creative to come up with different ones every time. I have a trick of spelling words backwards and then additionally ALWAYS adding at least one symbol and a series of numbers.


Keep the tips coming!!!!!



http://dl.glitter-graphics.net/pub/511/511791t0gnjo0n7k.gif (http://www.glitter-graphics.com)

1) Creating a strong password. I use a cipher technique to make any password that I think I might have to type in (like the password to login to my laptop or my workstation). Take a word or phrase you will remember, then shift your keystrokes in some direction. For example, if you take applepie (which would be a horrible password) and shift it up and left you get
Q00o3083. If you want to be really crafty you can change some of those numbers into symbols so Q00o#)83. Now, someone attempting to break your password has to to determine what your starting word is and what your cipher scheme is. With this, even an 8-character password becomes unguessable by sheer luck or brute force.



I love this! I can take my fave passwords, move my fingers up to another row ot two of keys and still have the familiarity of the keystrokes, without the security risk of my "fave passwords."

:sparklyheart:

And folks? NEVER, ever use "abc123", "password" or "fuckyou".

This will surely get you hacked.

And folks? NEVER, ever use "abc123", "password" or "fuckyou".

This will surely get you hacked.
Danm it. How did you know all my passwords?

Question: I once advised some friends (well, colleagues) that you could use your childhood phone number, along with a letter or two. Area code included depending on how many characters you need. They liked that because it was easy to remember what the number was, as well as what they'd decided to use as a password.

I understand the limited longevity, but in general, is there anything to say about that?

Question: I once advised some friends (well, colleagues) that you could use your childhood phone number, along with a letter or two. Area code included depending on how many numbers you need.

What do you think of this, Linus, or others?

Oh, now I could easily do this. I would rather enter numbers---so much easier.

(eagerly awaiting replies from the tech people)

:sparklyheart:

Question: I once advised some friends (well, colleagues) that you could use your childhood phone number, along with a letter or two. Area code included depending on how many characters you need. They liked that because it was easy to remember what the number was, as well as what they'd decided to use as a password.

I understand the limited longevity, but in general, is there anything to say about that?

That is something that's searchable and can be found thanks to the various sites that collect information about individuals. One of the things I recommend to people is to use things that aren't easily tied to you.

For example, I consider myself Buddhist but if I use a phrase or quote out of the Torah or Koran or a quote from Brian Green's "The Hidden Reality", that'd be unexpected and not something easily known about me.

And folks? NEVER, ever use "abc123", "password" or "fuckyou".

This will surely get you hacked.

So when my ex tried to pretend he was me on messenger to dig information from my friends....and I changed my password to "screwyouahole"....that was bad? :eyebat:

Thanks Linus! Also, do not use your pets names, or your favorite food, beverage, or perfume/cologne, and so on. Rosie and I have lost our laptop due to a trojan virus. And this virus just kept reproducing causing us a lot of money, time, and tears. If you are ever up in age, and the computer is your lifeline, you will understand how I felt.

I use my son's nickname from when he was a toddler (which is only known to family) and a mixture of his middle school id and my college id. Don't know how sucky that is or how hard it would be to crack though. It's 13 characters.

I also wanted to add on here to this topic that some will publish your address list, and if you send a private email to one person, everyone who is in your address list will receive it. This is only just an ounce of what happened to Rosie and myself. I think the people were trying to humiliate us or shame us in some way. At least we know who we can trust and who is honest with us. Changing passwords and all of that was just not enough for our cheap Dell laptop from Wal-Mart. I think we spent maybe $500 for everything. So with that said, we decided that it would be best to use the library or another one. The sad part is that I didn't get the virus from looking at porn. Go figure. :|

Question: I once advised some friends (well, colleagues) that you could use your childhood phone number, along with a letter or two. Area code included depending on how many characters you need. They liked that because it was easy to remember what the number was, as well as what they'd decided to use as a password.

I understand the limited longevity, but in general, is there anything to say about that?

Oh, now I could easily do this. I would rather enter numbers---so much easier.

(eagerly awaiting replies from the tech people)

:sparklyheart:

I suspect that a number that has a special format, like a telephone number or a zip code, is a bad choice.

I play a number guessing game with my students, and as soon as they figure out what 'kind' of number it is, it's all over for the person with the secret number.

I think my students are wonderful, of course, but they can't guess-and-check as fast as a computer can.

I was operating on the assumption that the childhood phone number would long ago have been taken out of operation. Maybe that comes from roaming far from home....

I see your point, though: here in New England, that number would be pretty traceable for all the people in their 40s who still "drive out to their parents'" every weekend.

So I went through variations on the haystack site.... It seems like you really need something complicated to pump up that last number. A massive array attack, or whatever.

I had to think: who would ever care so much about my data that they'd go to such trouble? I mean, it's like identity theft. Whenever I hear that, I think, Oh, do me the favor! Steal my identity, please!

So I went through variations on the haystack site.... It seems like you really need something complicated to pump up that last number. A massive array attack, or whatever.

I had to think: who would ever care so much about my data that they'd go to such trouble? I mean, it's like identity theft. Whenever I hear that, I think, Oh, do me the favor! Steal my identity, please!

This is obviously coming from someone whose identity has never been stolen. Who has never had accounts and credit cards opened up in their name without their knowledge nor had their credit rating shredded with little to nothing to be able to do to rectify it.

I know you were joking, but identity theft literally steals who you are on paper and you have little to NO control over it. Some organizations can or try to help, but once it's stolen once, it's easier for it to happen again and again. One person who took my information sold it to another and so on and so forth. Next thing you know, I've got thousands of dollars of stuff in my name in places I've never knew existed, much less visited or lived. My grandfather had over $10,000 charged to a single card less than ten minutes after the guy got his info.

It makes living your life.....buying a car because your's broke down....getting a loan with a reasonable interest rate....securing good insurance....difficult.

Sorry, but that wasn't funny to me. You asked who would care. Well, they DON'T care. That's the thing. You are just a set of numbers and some random information to them; not a live person who is trying to live your life. Unless, of course, the person who steals your identity is someone you know. It's much worse then, I think.

I'm sorry that wasn't funny to you. It can be hard to predict what someone won't find funny.

Linus, before I enter my passwords there, how safe is that site? My passwords are rotated. I use pet names (long gone pets) with numbers inserted as one type I rotate.

Something I learned as a tech support person?

Scenario:

Arwen: I'm here to fix Stephanie's computer.
Random person: She's not here and we don't have her password.
Arwen: I'll look.
1. Inside of drawer
2. Under keyboard
3. Back of monitor

Yep. Found it. I'm in. :| all the way around the offices every time I did that.

The site in question doesn't take your user ID so it'd be hard for them to know where the password would apply. Additionally, Gibson is a long time and well known security site. It would hurt his reputation if he did something unethical (and he's known for protecting his rep at all costs).