Stupid Guest Tricks

TiggerHappy wrote: I was told that if you have too many requirements to make a password, that actually makes it easier for people to guess a password because the requirements end up being hints.

You were given false information. The idea behind complex passwords, not based on a dictionary word, is to increase the complexity of the password, plus the number of combinations available. Adding on encrypting and salting passwords on the backend, it makes it extremely difficult to crack a password. I don't recommend doing a password like p@55w0RD. The hackers guessed those substitutions long ago. My passwords are usually a phrase I will remember, the I take the first character of each word. Substitute or add symbols, numbers, and random capitalization to make the password. It looks like a random set of characters, which is what you untimely want to achieve. A pass phrase is even better.

The one I've seen that can actually decrease security is the requirement to change passwords monthly or quarterly. The studies I've seen on that basically indicate that frequently changing (and not allowing repeats) means more people write them down and tuck them somewhere around their workstation. As long as you have no reason to suspect a breach, and you vary your passwords by site, you are better off keeping the password you remember.

WEDFan wrote:... more people write them down and tuck them somewhere around their workstation.

When IBM 3270 terminals ruled the world many people did just that by writing them on the user's guide that was tucked under a flip out lid on the keyboard.

hobie16 wrote: When IBM 3270 terminals ruled the world many people did just that by writing them on the user's guide that was tucked under a flip out lid on the keyboard.

I've seen people write them on the bottom of the keyboard, or put sticky notes on the bottom of the keyboard. If they actually wrote them on the keyboard, we'd switch the keyboards around.

ktulu wrote:You were given false information. The idea behind complex passwords, not based on a dictionary word, is to increase the complexity of the password, plus the number of combinations available. Adding on encrypting and salting passwords on the backend, it makes it extremely difficult to crack a password. I don't recommend doing a password like p@55w0RD. The hackers guessed those substitutions long ago. My passwords are usually a phrase I will remember, the I take the first character of each word. Substitute or add symbols, numbers, and random capitalization to make the password. It looks like a random set of characters, which is what you untimely want to achieve. A pass phrase is even better.

I'd be more open to creating a pass phrase (without symbol requirements) rather than a complex password. I don't like being unable to remember a password to the point I write them down somewhere (on the computer or on a Post-It). I understand you want to help us all keep our accounts secure, but when there are other websites (like banking and loan sites) that require the same kind of password, the average person simply isn't able to remember all those complex passwords without writing them down somewhere. I'm fine with having letters and numbers in my passwords, but when you require symbols on top of that, that's when I resort to writing down the passwords because I cannot remember those kinds of passwords for the life of me.

WEDFan wrote:The one I've seen that can actually decrease security is the requirement to change passwords monthly or quarterly. The studies I've seen on that basically indicate that frequently changing (and not allowing repeats) means more people write them down and tuck them somewhere around their workstation. As long as you have no reason to suspect a breach, and you vary your passwords by site, you are better off keeping the password you remember.

Gah, I HATE it when a site does this.

How the heck do you get the PM thingy working?
I've tried to send one out,and it didn't record it being sent or even recorded.
Am I missin something new? (wouldn't be the first time)

darph nader wrote:How the heck do you get the PM thingy working?
I've tried to send one out,and it didn't record it being sent or even recorded.
Am I missin something new? (wouldn't be the first time)

It'll go to the outbox until the person reads it, but it's like making a post.

You know, the other option could be to use a code generator like Facebook has.

Big Wallaby wrote:You know, the other option could be to use a code generator like Facebook has.

You going to write the code for that? Safari does suggested passwords, and then saves them to iCloud Keychain in Maverick's and iOS 7.3.

ktulu wrote:You going to write the code for that?

No.

Actually, let me rethink it.

No.

Another option for people who want a long, secure password, try out lastpass.com* or roboform*. I use LastPass for everything. I don't know most of my passwords, except for sites I may have to access quickly and away from my laptop (which is practically nailed to me), my iPad (for how often I have with with me, see my comments about my laptop) or iPhone (same, except that I have it at times when I don't have the other two with me). But I love LastPass.

* Those who know their way around security, let me know if this is a bad idea.