New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
KeepassX on Linux generates my passwords. Usually 256 characters, like this one:
2Fkf5U7vRmy3BLcdtF52z8D6Hwc-7a7PLBDjpgqMQWafbi_Z4GzSuXYpoFegEXEbAmxKPwxUr7bBezPqEdcKf-xTY9Xw LVEohozJvt HV4yGxwc3Pi9y42qHfFD-SceVd2yTVR8x8mhjDSL7nMNXooMk -C7xBXkHNQ5nL 9sd-djzFMWQqfRMr3vmX9aSKV4W23K9uECA5hdkveeru-SVRxXuHo2gEYVyLpvuuTkioTr5-rLHt7BGTtCmDWrc
It is really amazing how many sites do not support this, or 128 char, or 60... I really hate my bank, they have a max pwd size of 20, and a lot of restricted characters...
when I was in high school, I brute-forced a FTP server from the school... get a positive hit in 20 seconds... password= "rachel"
WTF?!?!?! I didn't even use bruteforce, just dictionary attack =/
My bank allows only numbers in password, how bad is that?
My bank requires me to use an electronic signature (a USB device with a sim card like memory in it containing cryptographic key). Without the electronic signature i can login but i can only see statements, etc. If i want to make a bank transfer i need the electronic signature.
So wait, using sentences for passwords is better?
I don't know anyone on here IRL. And Finnish isn't spoken by many people in the US.
Same for mine. And their "restricted characters list" doesn't include a lot of their restricted characters. For example they don't allow < > & but of those they only mention &.
My password is letters and numbers, over 15 chars and has capitals.
I still remember it. :-)
Mathematically yes, especially if is doesn't make sense.
My passwords are 2048-bit encrypted PGP signatures.
Just kidding.
My passwords are over 20 character of the 96 Characters password variety. So it will take hundreds to thousands of years of a Class F to crack it lol.
Come at me supercomputers! lol
My passwords are normally 12 - 30 characters but sometimes more than 30.
I can remember the most of them.
Using passwords between 9 and 19 characters in length. All "random", mixes of both cases, numbers, symbols etc. but with easy enough ways for me to remember.
I'm very tempted to set up something like 1Password, but within a TrueCrypt partition that is only accessible from inserting a crappy 128mb memory stick I have lying around. Obviously I'll need some form of emergency procedure in case that memory stick goes missing or breaks somehow, but that's my plan for the moment
I prefer to use an algorithmic approach to passwords on the web. It's also best to avoid certain characters like $, #, and /. Sadly, many scripts aren't coded correctly to accept strings like they are written.
I don't like the "one password to rule them all" approach. So if you use a pass keeper, all that is needed is the main password. Storing your passwords mentally is definitely the way to go. Since I use the algorithmic approach, then really I just remember the process and then I'm done. Each login is different.
EXACTLY =/
my password is "password" without quote
My password over at yahoo is still three letters. My full name has three words. Have fun (if you can figure out my username, and my middle name).
You tempt me to accept that challenge :P Wouldn't be anywhere close to fair, though.
If someone finds out my email password, they'll automatically have access to a large portion of my other accounts. I have one point of failure anyway, may as well make it as secure as possible.
Do you use google apps (or another similar interface) sir? I could teach you a quick method to eliminate that POF.
Please share - I would be interested to hear.
shrug I don't use it, I haven't touched it in a few years
Yes I do use Google apps. I'd like to know your method too.
Alright, we'll go with Google Apps as our example platform (due to how easy they make this). And we'll assume that you've gone out and purchased the domain raindog.com for yourself.
You have your admin account. This account needs to be named something that you will remember, but exceedingly difficult for others to guess. [email protected], just for the sake of weird obscurity :P You set a memorable pass to that account, and -only- use it when you need to make changes to the google apps account. Since it's not used elsewhere, you've gone a great length in ensuring your GA is secure (albiet a little bit more inconvenient to access).
Now, you have your usual account. [email protected] and such. Use that for all of your non-sensitive stuff. Forum accounts, LET, what have you. Business as usual.
Using your admin login, create a 'group' whose name you will remember. [email protected]. Use that as your login/POC for things like WHMCS, your Registrar, etc, and have it forward to your normal account. Once you're all signed up and good to go... delete the group. It is now completely inaccessible to anyone... nobody can get into your 'email' and reset your WHMCS pass. Simply recreate the group with the same forward if you need to do your own pass reset, or what have you.
There are several inconveniences here. Obviously, since casualfriday@ doesn't actually exist, you won't get invoice notices and such. So it does require you to be on top of your ledger, as it were. There's also the minor inconvenience of having to recreate and redestroy the group whenever you need to sign up or make changes somewhere. But, it is a pretty much guaranteed method of keeping the email 'account' associated with your sensitive logins safe.
Meh. Just use 2 factor authorization with Google apps and you'll be fine.
@speckl if your pass keeper is on local machine protected with high entropy and on removable media it's likely the most secure place to store all your other pass right?
WHMCS got hacked and passwords was found, when I was memorizing my passwords I would to often forget which one I used for what site and get locked out and have to reset my password. I only had about 8 different passwords I used for all of my stuff...
Now that I use a pass keeper all of my passwords are unique so if one is guessed access to the rest of the stuff is prohibited and in the most secure place.
@gsrdgrdghd yea 2 factor auth ftw
Fair enough, I can see the security benefits. In the security vs. convenience battle though I see you fall heavily on the security side.
Mine allows unlimited but require the first 5 to be a number for phone banking - i guess that is the better way
It depends on what I need a password for... but yessir, security is more important than convenience for me.
http://howsecureismypassword.net/