Jump to content

Password Security

Recommended Posts

https://xkcd.com/936/

 

Also, Barclays have an advert on TV, recommending people use strings of 3 words, as passwords. Wondering how secure this is?

Share this post


Link to post
Share on other sites

I can see a lot of people phoning up to unlock their account. Most people have problems remember one password!

 

A set of three words is much more secure but in most cases, not so practical. Fairly sure my bitcoin account has 12 recovery words and 2FA for standard use. My bank randomly uses 2FA for online purchases.

Share this post


Link to post
Share on other sites

Try and make it as unmemorable as possible - write it down and hide it in some obscure place - just don't forget the obscure place!

 

Use a mixture of upper and lower case and special characters - if special characters are not allowed then I would be questioning the security of the service!

 

Or use a free generator: https://passwordsgenerator.net/

😅

Edited by swarfendor437

Share this post


Link to post
Share on other sites

You don't need special characters for a secure password. It's about entropy and how long it will take to crack. If you make sure you mix in upper/lowercase and numbers in those 3 words it's much better. One of my passwords has 112 bit entropy without a single special character for example. Better to have a longer password. You sometimes find bugs, like amazon would allow any length passwords but was only storing the first 8 characters. There should be no real limit on a password field.

 

It's amazing how many people still use password or their username as their password.

 

Use a password manager or do what a friend does and never remembers any, just requests a reset every time :D 

 

While writing down passwords may sound insecure, if the person who finds it has no context about it then there's nothing wrong with it.

Edited by probedb

Share this post


Link to post
Share on other sites
4 hours ago, probedb said:

It's amazing how many people still use password or their username as their password.

 

So true, The times I've seen "password" and "12345" as peoples login password to some very secure information.

 

When I took over as admin at the last place, it was set to change every 30 days, no previous 5 passwords allowed and must contain at least 8 characters - upper and lower case and numbers etc. Odd, a lot of people wouldn't speak to me for a while!  I do like the 4 digit PIN option on Windows and macOS, it is linked to a password and if a PIN is OK for my bank card, It's OK on my home PC. 

Share this post


Link to post
Share on other sites

I’m wondering, with the 3 word passwords; what about a dictionary attack?

 

<number-of-words-in-common-use> cubed combination?

 

Of course, not accounting for separators or capitals.

 

Also, zach, hope you’re not  keeping crypto on an exchange? Do you use a hardware wallet?

Share this post


Link to post
Share on other sites
29 minutes ago, Waldo said:

Also, zach, hope you’re not  keeping crypto on an exchange? Do you use a hardware wallet?

I don't but there is only a tiny amount in it, I doubt if there's two quid in it. I usually buy and use on the same day. Call me old fashioned, I find online banking and Paypal suit all my everyday needs.

 

Just checked the bitcoin, all's OK but I'll not retire just now with it.

Share this post


Link to post
Share on other sites

A dictionary attack is possible with a word-based passphrase. In fact 3 words randomly chosen from a standard dictionary is about as secure as a randomly generated 8 character password (i.e. not very secure at all). 5 or 6 words would be much better.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.