Ik see KeePass Password Safe recommended. How can I be sure this is a safe program and not someone who tries to hack all my passwords? But that article said that phrases with spaces make cracking even more difficult. It edited my comment. I tried to say that the key combination of the alt key and the number creates a character that looks like a space but is not considered to be a space.
I see people are bringing up whether one can use spaces in between each word they use but a simple work around to that is to use something on the keyboard instead. Good advice. My own passwords are over 22 letters long [ calculate that time to crack hee hee ] and I always use the complete phrase of something I NEVER forget. The above example is 37 letters long!!! No way hose is a cracker going to stumble on that password this side of eternity.
Looks as though my obsession with long and crazy passwords has already paid off. Also I have that nifty little code generator avavilable for free that works on both eBay and PayPal. How do they go about getting around that step as hackers?
But my pride and joy password is 25 characters with 16 special characters. No, wait, for Word documents, I use a 33 character password with 24 special characters. Yes, I am crazy. Thank you. Always having a complicated password for every different online account is almost impossible.
Just in email I have several accounts that I use regularly and then you add in all the other accounts: online-banking, credit cards, social media, etc… and then to have different passwords for all of them is a pain, but necessary. However one of the first things I look for when setting up an account is if they offer 2FA two-factor authentication where I can telesign into my account.
Personally I think if you are just relying on your passwords complicated or not to protect your info you will pay the price sooner or later. Please let me know how through Email I can send my details of the solution for finding out from expert like you if it is feasible or not. Submit a lost password request.
Dictionary attacks are the reason why general-purpose hash functions are not very good for hashing passwords. Instead of SHA, you might want to use something really slow, like bcrypt. This might even be slightly better because the space key has a distinctive sound, so someone listening to you typing your password could, theoretically, take note of that.
They are pretty much the only way to have a unique password for every website. Basically, you have a word list of 7, short words, and you pick each word by rolling five dice. This way, your passphrase is truly random, so its strength is easier to determine than if you choose a slightly obfuscated, but still sensible phrase from a book or a movie or whatever. Leo has a lot of articles on LastPass — a great password manager.
Or just leave out the spaces entirely. In fact the only way to use this is with a password manager of some sort that remembers it for you. I would like to use passwords of the type Mark Jacobs depicts.
I use LastPass and feel safe using it. Password managers are fine. Thanks for the info. That risk is decreased by a factor of about typeable ASCII characters for every character added to your password. I have 5 computers, 2 tablets and a phone and LastPass keeps my passwords synchronized on all of them.
So if they were hacked which they have never been , all the attacker would get is an encrypted blob of random data. No practical risk to me if that blob happens to be mine.
I get the gist of what your saying in that the increased risk of storing ones password database online , while technically there, is low enough not to concern you two since you have confidence in LastPass security practices and LastPass gives the average user a solid increase in convenience for only a small, if not negligible, risk of storing ones password database online.
Password Safe just takes the conservative approach and assumes the user will take precautions not to lose that password database file. Great advice as always …….. My latest way of dealing with passwords is — as you suggest — to create a pass-phrase. To further secure this, I have been creating a long phrase but spelling the main words phonetically — my own version so to speak.
To finish off I put numerals. As commented, I have hit the problem of being forced not to have spaces and being limited to number of characters but can easily get around this.
It takes a fraction of a second for someone to come across this piece of paper and take a photo with a smartphone, then months later they could use the passwords and you would have no idea who was doing it. For me the above tips are very useful, for most people a password of characters long which is a mixture of all possible characters but also very memorable is the best solution. Additionally, as others have said, have a 4 digit part of your password and then for different sites change that.
I use a 6 digit name, 2 digit number, 3 special characters, a 6 digit name and a 2 digit number for a total of Easy to remember. I use the postal addresses of my childhood school friends.
Even though it is over thirteen years old, its author is so knowledgeable, and so forward-thinking, that the book easily remains relevant even to this day! Numbers 1,2,3, etc. It has just occurred to me that there is a way, at least, to test this! Unfortunately, if you no longer have access to the recovery email account or phone number, your account may be lost forever.
Leo, I use LastPass to store and generate passwords. I set LastPass to generate passwords of 24 characters of all types as a default.
Often when creating a new log in for a site I will get a message that my password is a too long, with message showing the max password length, usually 8, b can only use alpha-numeric combination with no special characters or c can only use alpha-numeric characters with a specified list of special characters. In those cases I just max out the characters and follow their rules. Seems to me that in , web site owners would be less restrictive on what a password should be.
Minimum and maximum values of say, 10 to 30 characters of all types, should be standard practice. At least Social Security requires two-factor authentication. Any rules that require certain characters be included or excluded, or specify a minimum length reduce the universe of possible passwords. Hackers can easily determine these rules by looking them up on the original site.
Totally agree. The issue, I think, is that so many of these agencies are running legacy systems on top of incredibly old systems mainframes? But length is MUCH more important. Word3 Word4. Compromised passwords caused 80 percent of all data breaches in 2 , resulting in financial losses for both businesses and consumers.
It evaluates each password based on key factors such as:. Using these factors, the tool scores each password and converts this score into the amount of time it would take a computer to crack this password. Rather, secure passwords contain a seemingly random combination of numbers, letters and symbols and include at least 16 to 20 characters. A 12 character password is somewhat secure; however, the most secure passwords are 16 to 20 characters long.
Instead, Wynne suggests adding a layer of more robust authentication, like cryptographic credentials, or a biometric identifier think fingerprint scanner. Which, hey! As great as an airtight password is, anything that makes them a little easier to achieve is more than welcome. For next level security, just go ahead and get a Yubikey. If that feels like too much, a password manager would still up your game.
Alright, fine. At the very least, follow these 7 steps for better passwords. Think Length, Not Complexity. We really are dealing with the worst case scenario. This is 26 lower case and 26 upper case options. As for special characters, there is a lot of them.
For a total of 70 characters to pick from for our password. That is a significant number for sure. But keep in mind that our machine can guess 10 trillion passwords per second.
That means it would have guess every possible combination in about 58 seconds. This clearly rules out 8 character passwords with all combinations. What about 9, 10, 11, and so on? You can see why I like to say 12 character long passwords is the bottom. So I like to divide the number in half. It probably would be sooner than that if they upgrade their cracking computer. As shown in the example above, the longer the password, the longer it took to crack.
Just adding one extra character to your password made it exponentially stronger. At 11 characters it took days to guess all the possibilities. When you add one more character, it jumped to 16, days to guess. That is a huge increase!
0コメント