Remembering long strings of words, numbers and other symbols can be a real ball ache, especially if you have to change them every month.
Yeah if you're leaving them right next to your comp.
Moderators: Rebuild/OT Moderators, Board Staff
Why do they need to be changed every month?
You underestimate the lengths some people will go to be nosey.
I don't see the point. If you set a decent password, not related to your favourite actor or your cat's name, then no one will be able to guess it. It is practically impossible to guess a random assortment of symbols. So then I assume the only way someone will get my passwords is through some kind of program. If there is a program I'm unaware of that is reading my passwords then no amount of changing them will help. They'll just get read again or used between the time the password is stolen and when you next wish to change them.
Well said, but consider: if you leave something around that could be found, you're not exempt from someone finding it. You can't control who may decide to go hunting or stumble upon it whilst doing something else - if it's in your mind then you're free from such unfortunate events.
If you re-read my post you'll see that I was saying just that.Chuckman wrote:A strong password should be at least twenty symbols and a random combination of numbers, letters, and special characters.
No one is "guessing" these passwords, they're using cracking programs that run on GPUs, similar to crypto currency mining algos, that can do massive amounts of parallel calculations very quickly. They don't need to guess your cat's name.
Why anybody would actually go to that country for vacation is beyond me. I mean, come on, why would you visit a country that absolutely hated your guts, for the simple fact that you were American.
Catamari wrote:Why anybody would actually go to that country for vacation is beyond me. I mean, come on, why would you visit a country that absolutely hated your guts, for the simple fact that you were American.
As much as I love reading about the USSR, I sure as shit wouldn't have gone there as a tourist.
Good god, really? I've only ever had to write password systems a couple of times, but I almost always used whirlpool. This was before PHP had built in Bcrypt support.
I wish my boss would listen to my about password security. But no, she wants all the passwords to be the same, simple, 6-character password. It's insane. What's worse is that you can get into anyone's email (including her's, and the accountants', but excluding mine and the other IT peoples', because we are administrators) by just knowing the username, since everyone has to have the same bloody password.Ornette wrote:I regularly run John the Ripper on my servers to make sure users are not picking stupid passwords and I can crack 20-30 character long passwords in a few days on my laptop. Complexity of passwords matter less and less when there's almost no brute force guessing on the front end anymore.
I've picked dozens, nay hundreds, of email passwords out of the air using airodump, over the years. I have no reason to use them, but it's funny just how little protection is used. Since more people are switching to Gmail, it's getting harder, but there are the still the odd elderly people using AOL.Ornette wrote:Though email passwords are different, since those passwords are almost always sent plaintext and require re-auth everytime you send an email or fetch from your inbox (no sessions), simply because of the way the protocol works. Those are high visibility and high use, and you should definitely pick something strong in that case. Gmail and the like are an exception, since they require authorized app keys if you want to use your own mail reader and not use your browser.
Return to “Completely and Utterly Off-Topic”
Users browsing this forum: No registered users and 20 guests