Have we had a PASSWORD thread lately? #*%& I hate them.

[HBARleatherneck]

My rant, weak as it may be.

I hate passwords. Sure I want my accounts protected, but I would rather just kill every theiving, cyber, indentity criminal(insert other dirtbags here) and end the need. (if that was possible)
I have like 809 zillion passwords. I cant remember half of them, so I have to constantly write them down, which is probably not good. It used to be you could use you favorite cats name or your favorite car, but now it has to be 40 digits, 3 capital letters, no words, 4 symbols, etc, etc, etc.

My stupid DS Login for the military is the worst. You have to come up with a new password, every other day or so. (at least it seems that way). The password has to be changed frequently.

Passwords for shopping sites, passwords for internet forums, passwords for banks, for travel, for paying bills, for the doctor, for prescriptions, and on and on. it gets old.

[hurley842002]

I never hated passwords so much, until I started working for the Fed Gov.

[CS1983]

Have you thought about using a master database program for such things? That way you only really have to remember one master password and then you just save username, pw, url, and sec question/answer in one repository. Something like KeePass... or any other the other ones out there. Could also just save an excel sheet which you pw protect.

Another method is to simply save them on your phone in contacts like:

Jimmy Smith (Army Buddy)

password@gmail.com

As long as you are only saving the password and not necessarily anything about that pw except an occult reference you understand, it isn't awful.

[Zundfolge]

I used to hate passwords too ... now I use LastPass and have moved on to other things to bitch about.

I have one complicated password on a piece of paper in my wallet (because I'm not going to memorize a 12 random character PW) and that's it. Then I generate 12-24 random character passwords for every site I use (using a different one for each site) and I don't have to remember anything and every one of them is pretty strong.

[RblDiver]

(because I'm not going to memorize a 12 random character PW)

You know, a random-character password isn't more secure than a password of words you can remember.
http://www.explainxkcd.com/wiki/inde...sword_Strength

(I will point out that I do very poor practice and basically use the same password all around, or at least as much as they let me. I hate sites that have an upper limit on passwords that I have to remember where it stops!)

[Zundfolge]

You know, a random-character password isn't more secure than a password of words you can remember.
http://www.explainxkcd.com/wiki/inde...sword_Strength

(I will point out that I do very poor practice and basically use the same password all around, or at least as much as they let me. I hate sites that have an upper limit on passwords that I have to remember where it stops!)

As much as I enjoy the XKCD cartoon (after all I posted it earlier in this thread) it doesn't take into account how actual hackers hack passwords. If they're going to "brute force" hack the password (that is just start throwing guesses en masse at the login) they tend to start out with a "commonly used passwords" list, then move to a dictionary, THEN run random characters.
But more commonly they'll look through your social media and compile a list of words that seem meaningful to you because most people use meaningful words as a password (for example my boss uses his wife's middle name plus their anniversary date for all his passwords).

No password is uncrackable, but actual words are slightly easier to guess. The strategy employed by the XKCD guy is long pass phrases of random words, which will work well against someone running a purely random brute force hack.

[brutal]

As much as I enjoy the XKCD cartoon (after all I posted it earlier in this thread) it doesn't take into account how actual hackers hack passwords. If they're going to "brute force" hack the password (that is just start throwing guesses en masse at the login) they tend to start out with a "commonly used passwords" list, then move to a dictionary, THEN run random characters.
But more commonly they'll look through your social media and compile a list of words that seem meaningful to you because most people use meaningful words as a password (for example my boss uses his wife's middle name plus their anniversary date for all his passwords).

No password is uncrackable, but actual words are slightly easier to guess. The strategy employed by the XKCD guy is long pass phrases of random words, which will work well against someone running a purely random brute force hack.

Most common user accounts are wide open after securing access to another database through exploits.

With most accounts getting locked out quickly after xx bad tries, brute force attacks on Joe blow's email or bank account isn't likely.

However, just one more reason to chose two (or if required 3) factor authentication methods where offered.

[CS1983]

If the program were to send info out, that would be one thing.

However, it doesn't. And, it's encrypted by your own Master password.

Now, if someone cracks your 256-bit pw while on your system and figures out it's SNWOL@N2n39AS!@#nbdlsn92ncVBGF$%@, you have larger problems.

suggestion: phrase usage. better suggestion: unlikely phrase usage

example: USMC5ucksI<3Commun15m

No one in their right mind would figure that out by social engineering, and I can pretty much guarantee it's not on a rainbow table.

[Zundfolge]

suggestion: phrase usage. better suggestion: unlikely phrase usage

example: USMC5ucksI<3Commun15m

Time for the requsite posting of this cartoon:

I get annoyed at changing passwords for different systems at different times.

Sites that force you to change your passwords regularly actually undermine their own security because they encourage people to use simple and easier to guess passwords (like pet names or "password123") I'm looking at you DOD.

[Irving]

I have friends that don't know how to change the password for their wifi, so they just write the random characters down on a piece of paper and hand it to you when you come over. I think it's pretty funny.

I get annoyed at changing passwords for different systems at different times. The password to get into my tablet, and the password to get into the system on the tablet are always different because they require changes at different times.