Getting evangelical about password safety

After a security scare, I read up on password strength and found this site:

https://howsecureismypassword.net/

I entered my bank password and learned it would take a computer 100 years to crack it -- not bad.

But Google? Amazon? Facebook, Twitter? It would take a computer program just 1 day to crack those.

So, a strong password is supposed to have lowercase and capital letters, numbers, symbols, and a dozen characters total, or more. I came up with a simple way to do this and still remember your password.

Just come up with a wacky phrase (that will stick out in your mind) that includes a number and punctuation. For example:

"Now belch five times, fast!"

Make that your password: Nowbelch5times,fast!

Nobody is ever going to guess that password. As for a computer, here's the result I got for "Nowbelch5times,fast!" from the site above:

It would take a computer about

4 SEXTILLION YEARS

to crack your password

Easy to remember, impossible to guess, impossible to crack.

Wow. Are you hiding from the FBI or something?

If I made up a sentence I would totally forget it or get it wrong....perhaps a favourite lyric?

eddie wrote:Wow. Are you hiding from the FBI or something?

If I made up a sentence I would totally forget it or get it wrong....perhaps a favourite lyric?

No, I just got an e-mail that someone else tried to get into my Google account, and one that someone tried to access my Facebook account. Almost sure I know who it is (and they're from my personal life, not forums or anything).

A lyric could work, but remember: Caps, lowercase, numbers, punctuation, no dictionary words. (You meet that last standard by running the words all together.) And I wouldn't use lyrics from a song everyone knows you love.

You can always use a password manager if you're prone to forgetting your passwords -- but then you have to remember the password to that! Maybe, invent tough passwords, use a password manager, invent a tough password for your password manager, write that one down and lock it up somewhere

Having a strong password is much more important for some things than others...


But no matter how strong you make a password... don't use it for more than one thing... because if it does become compromised then everything is open to access... Secondly it makes it much harder to know where the leak might have come from...

Ben Reilly wrote:

eddie wrote:Wow. Are you hiding from the FBI or something?

If I made up a sentence I would totally forget it or get it wrong....perhaps a favourite lyric?

No, I just got an e-mail that someone else tried to get into my Google account, and one that someone tried to access my Facebook account. Almost sure I know who it is (and they're from my personal life, not forums or anything).

A lyric could work, but remember: Caps, lowercase, numbers, punctuation, no dictionary words. (You meet that last standard by running the words all together.) And I wouldn't use lyrics from a song everyone knows you love.

You can always use a password manager if you're prone to forgetting your passwords -- but then you have to remember the password to that! Maybe, invent tough passwords, use a password manager, invent a tough password for your password manager, write that one down and lock it up somewhere

Okay. So now you've worried me enough to change my password.
And I can't think of anything!

How about:

"DoyoumindifIfartinyourgeneraldirection?"

???

That did make me smile Quill

simply the number of charater changes the length of time
the idea that using numbers or special charaters helps is false.

use an ASCII phrase generater and it includes all the input you can use on the common keyboard. and that what you'd use since you don't know prior if they have 'strong' password or not.

And Ben, Change whatever password you enter into that site ... just to be safe

P.S. the app on the site is pretty simple, it is just looking at length ... and they left the door open

hsimp({
options: {
calculationsPerSecond: 1e10 // 10 billion,
good: 31557600e3, // 1,000 years
ok: 31557600 // 1 year
},
outputTime: function (time, input) {
console.log(time, input);
},
outputChecks: function (checks, input) {
console.log(checks, input);
}
}, document.getElementById("password"));

It's tricky to create a code that's easy to remember but too hard for hackers to crack.
If it was easy to achieve something so tricky none of us would be having this conversation.


Write a short phrase which is meaningful to you alone. You could include the secret nickname of a past partner - no one will guess that.  Join all the words together, so it becomes a meaningless non-word.  
For good measure, write the whole thing backwards.
Chuck in a couple of random digits, and make a couple of the letters upper case.


Now crack that, bitch!

Oh and make it a long code. No use going to all that trouble to end up with just a few characters.


Remember the difficulty in cracking the code is exponentially related to the length of it. Eg  making a code 4 times longer, doesn't just make it 4 times harder to crack (as in nX4) ,   you have in fact increased the difficulty level to the power 4 - as in n⁴ an exponential increase, not just a simple multiplication.


One hears of hacking attempts everyday, even Zuckerberg's personal FB page code was guessed.        
Be careful out there!

I think just use a phrase.
for example
"MightyMorphingPowerRangers"
long and easy to remeber (of course use something suitable for you but best not a favorite thing)

If you want to get tricky (but it wont stop a 'brute force' attack that just tries every combo)
swap I with 1 or ! and E with 3 some other letter number swap.
another good addition is a purposeful misspelling
like
"MightyMorphinePowerRangers"
if someone quickly saw it they probably think they read the original phrase.


the overall best way is to link your account to a recovery phone number, a lot have settings where they will message you if it is accessed from an unknown computer, with a passcode, so unless they also have you phone they cant get any further. if your using a new computer you have to enter a passcode but small effort if it is important to you. and the increasing number of account linked to credit cards etc means that it generally is.

The best way is to not use the Internet at all for anything important enough to you that you do not want to risk others having access to...!!!


The idea of having passwords and secure passwords and extra strong secure passwords etc... is promoting a complete false sense of security... as nothing you do on the internet is any more safe or secure than putting something into an envelope and giving to a random person in the street who said they were going to be passing a post box...!!!

Tommy Monk wrote:

The best way is to not use the Internet at all for anything important enough to you that you do not want to risk others having access to...!!!


The idea of having passwords and secure passwords and extra strong secure passwords etc... is promoting a complete false sense of security... as nothing you do on the internet is any more safe or secure than putting something into an envelope and giving to a random person in the street who said they were going to be passing a post box...!!!

That is utter nonsense, your bank account is a lot less secure when your card is in a waiter's hand than it is online when the bank is committed to security and you have a good password.

My card in a waiters hand...!?


Firstly... the closest I've been to a restaurant in years is an occasional take away from the local curry house, or having a quick munch in the local cafe...


Secondly... I always pay cash!!!

Tommy Monk wrote:My card in a waiters hand...!?


Firstly... the closest I've been to a restaurant in years is an occasional take away from the local curry house, or having a quick munch in the local cafe...


Secondly... I always pay cash!!!

well Tommy's right
the safest course fo action is to sit under a dangleberry bush all day and never travel so far as to be unable to see your dangleberry bush.

Guess I'd better start tailoring my examples to the specifics of Tommy's life?

Ben Reilly wrote:

Tommy Monk wrote:

The best way is to not use the Internet at all for anything important enough to you that you do not want to risk others having access to...!!!


The idea of having passwords and secure passwords and extra strong secure passwords etc... is promoting a complete false sense of security... as nothing you do on the internet is any more safe or secure than putting something into an envelope and giving to a random person in the street who said they were going to be passing a post box...!!!

That is utter nonsense, your bank account is a lot less secure when your card is in a waiter's hand than it is online when the bank is committed to security and you have a good password.

Also... I wasn't referring to just bank details...

Ben Reilly wrote:Guess I'd better start tailoring my examples to the specifics of Tommy's life?

You champagne socialist types are very far removed from the realities of us working class types who you pretend to represent...


If you want to tailor things a bit... just pretend you worked bloody hard in a real job, a skilled job, and were still a bit poor and still struggling... and then your political workers party representatives, full of middle class champagne socialists, spent 13 years in govt making your life worse...

So tommy did you do some arachaic task that now earns 20 cent an hour cause it can be done is emerigng economies.
market forces, your skills are probably worth pennies literally
that is REALITY
the sort of manual task you did does not earn enough to fund the extravangant life style you want, sure it might not be much but if your job was something that a chinese factory work does now why should you get more than a chinese factory worker?

You Want a lifestyle You simple have not worked hard/smart enough to be entitled to, but Brits are used to having that life style via theft so now you feel you are missing our since you have to work instead of steal to maintain that high standard of living.

Again it has nothing to do with your parties it is the WORLD and the Uk is not big enough to run on it's own.

The work I do here in the UK can only be done by somebody here in the UK... and needs to be paid enough to be relative to the rest of the workforce here, and the costs of living, and reflective of the meritocratic level of skill...



You talk about some doing stuff for 20 cents an hour... but how would they like it if their govt allowed masses of people to flood in who said they would do the same work for 10 cents an hour...!?


While this influx also resulted in the rent costs of the locals doubling...!?

no it doesn't thats why the jobs are going. logisitic and transport are cheaper.

And most gov't do that, in fact UK has MID LEVELS of Immigiration!! a point You still Fail to accept.

You are not getting anything any harder than anyone else
You are just losing all those False protections you used to have and You literaly voted to REMOVE ALL The proctection the EU provided too (WHICH WAS FUCKLOADS)
You now have to competete on Equal terms.
that is your problem now the other guy in not being held back any more and you cant keep up.



Again it has nothing to do with your parties it is the WORLD and the Uk is not big enough to run on it's own.
literally the only Unique part of this is how BADLY the UK is dealing with it. nations you used to enslaved are handling the global economy better than you.

Tommy Monk wrote:

Ben Reilly wrote:Guess I'd better start tailoring my examples to the specifics of Tommy's life?

You champagne socialist types are very far removed from the realities of us working class types who you pretend to represent...


If you want to tailor things a bit... just pretend you worked bloody hard in a real job, a skilled job, and were still a bit poor and still struggling... and then your political workers party representatives, full of middle class champagne socialists, spent 13 years in govt making your life worse...

Yeah right on! I bet Ben uses money for napkins and rests his feet on the back of a Vietnamese child.

VEYA, when the fuck are you going to stop running us Brits down? YOUR own country is not lily white! No one here go's on and on and on about how nasty the Brits are/were. You have the most enormous chip on your shoulders about us, for Gods sake give it a rest.

Ben Reilly wrote:After a security scare, I read up on password strength and found this site:

https://howsecureismypassword.net/

I entered my bank password and learned it would take a computer 100 years to crack it -- not bad.

But Google? Amazon? Facebook, Twitter? It would take a computer program just 1 day to crack those.

So, a strong password is supposed to have lowercase and capital letters, numbers, symbols, and a dozen characters total, or more. I came up with a simple way to do this and still remember your password.

Just come up with a wacky phrase (that will stick out in your mind) that includes a number and punctuation. For example:

"Now belch five times, fast!"

Make that your password: Nowbelch5times,fast!

Nobody is ever going to guess that password. As for a computer, here's the result I got for "Nowbelch5times,fast!" from the site above:

It would take a computer about

4 SEXTILLION YEARS

to crack your password

Easy to remember, impossible to guess, impossible to crack.

I can't claim to be very internet savvy, I'm afraid, and I know that I am a cynical old bugger, but I think that I would gulp somewhat at the prospect of entering my bank password on any website which purports to give advice on just how secure the password is! Wouldn't that be, er, a breach of security?

eddie wrote:

Tommy Monk wrote:

Ben Reilly wrote:Guess I'd better start tailoring my examples to the specifics of Tommy's life?

You champagne socialist types are very far removed from the realities of us working class types who you pretend to represent...


If you want to tailor things a bit... just pretend you worked bloody hard in a real job, a skilled job, and were still a bit poor and still struggling... and then your political workers party representatives, full of middle class champagne socialists, spent 13 years in govt making your life worse...

Yeah right on! I bet Ben uses money for napkins and rests his feet on the back of a Vietnamese child.

Thai -- even better.

Fred Moletrousers wrote:

Ben Reilly wrote:After a security scare, I read up on password strength and found this site:

https://howsecureismypassword.net/

I entered my bank password and learned it would take a computer 100 years to crack it -- not bad.

But Google? Amazon? Facebook, Twitter? It would take a computer program just 1 day to crack those.

So, a strong password is supposed to have lowercase and capital letters, numbers, symbols, and a dozen characters total, or more. I came up with a simple way to do this and still remember your password.

Just come up with a wacky phrase (that will stick out in your mind) that includes a number and punctuation. For example:

"Now belch five times, fast!"

Make that your password: Nowbelch5times,fast!

Nobody is ever going to guess that password. As for a computer, here's the result I got for "Nowbelch5times,fast!" from the site above:

It would take a computer about

4 SEXTILLION YEARS

to crack your password

Easy to remember, impossible to guess, impossible to crack.

I can't claim to be very internet savvy, I'm afraid, and I know that I am a cynical old bugger, but I think that I would gulp somewhat at the prospect of entering my bank password on any website which purports to give advice on just how secure the password is! Wouldn't that be, er, a breach of security?

A slight risk, perhaps, but they obviously don't know what site my password is for (you just enter any password on that site).

Besides, I have so much money as a champagne socialist (obviously editing a weekly high-school sports page is high-paying work) that I can easily afford to lose a little. In fact, that was just one of my many bank accounts' passwords, I have over 10!

Imachampagnesocialstandiburnmoney

Great password

eddie wrote:Imachampagnesocialstandiburnmoney

Great password

The site says it would take

336 UNDECILLION YEARS

to crack that

Ben Reilly wrote:

eddie wrote:Imachampagnesocialstandiburnmoney

Great password

The site says it would take

336 UNDECILLION YEARS

to crack that

Je suis indéchiffrable.

eddie wrote:

Ben Reilly wrote:

eddie wrote:Imachampagnesocialstandiburnmoney

Great password

The site says it would take

336 UNDECILLION YEARS

to crack that

Je suis indéchiffrable.

Puedes decir eso otra vez!

I would, but it's a really hard word to write in French and I had to google it