Crafting The Perfect Password - Comments Page 1

Category: Security




(Read the article: Crafting The Perfect Password)

All Comments on: "Crafting The Perfect Password"

Comment Page: 1 |  2 

Posted by:

Gene
26 May 2016

https://xkcd.com/936/

Posted by:

cambeul41
26 May 2016

Am I missing something?

"Two or three common words that are memorable to you, but not easily guessed by others" I assume to mean for each password. If I need a number of passwords, that means remembering an equal number of 2~3 word combinations, so I am back to approximately where I was before. Or are you saying that a whole slew of passwords is not needed?

Posted by:

Darcetha
26 May 2016

Great information. I use a password manager for my passwords, because I visit different websites, and I use a different password on each one. Have not had any problems so far.

Posted by:

Tom
26 May 2016

Last Pass can be accessed from any browser. No need to have the program installed. The passwords stored on the server are encrypted so nobody's gonna hack them. Highly secure + convenient. That's the solution I like.

Posted by:

Ken Mitchell
26 May 2016

Cambeu14: That's what password managers are for. Bob likes LastPass; I prefer Keepass for Android. Whichever you prefer, you only need one robust password to get you into your password manager, and then you can look up the one you need.

Posted by:

Warren Ngo
26 May 2016

Bob, here's a suggestion. Rather than using 2 or 3 common words along with a never-changing upper case letter and a never-changing special character:
Use the first letter of each word in a line or two of a memorable song such as Woodie Guthrie's This Land Is Your Land. So the password becomes tliyltlimlXX. This would avoid using any common words at all.

Posted by:

Ruth
26 May 2016

Aren't you nervous that password managers will be hacked? Even if they are encrypted, how can you really trust them with all the other supposedly secure sites that have been hacked.

And if the password manager is hacked, all your passwords are at risk!

Posted by:

Ken Mitchell
26 May 2016

Ruth: Online password managers such as LastPass _do_ make me a little nervous. That's why I prefer Keepass; there's no online service that handles your password. I do store my Keepass database in a cloud service, but they don't know the password; Only _I_ know that.

Posted by:

Jay R
26 May 2016

Warren- I like your suggestion. Now if I could just remember a long line from something. Maybe something from Poe. I think that I would change one or two words in the line, hopefully I would remember the change, so that even with a correct guess of the line, it would not work. Fourscore and twenty years ago could become Eighty and twenty years ago.

Would I need to change the perfect password every several months like so many recoomend?

Posted by:

Therrito
26 May 2016

I went to Kaspersky’s Secure Password site and checked out a few sample passwords and at best it would take 8 years of brute fore attack to crack my passwords.
I use a simple base password that's easy for me to remember, a mix of numbers and lower case letters, then prefix it with upper case and special characters that's specific to the web site that I wish to use it on.
The prefix could be BOX or B_X for dropbox(dot)com or GM@IL for my gmail account followed by my base password. It's a relatively simple process that requires the user to remember only the prefix that is specific for each web site.
This method has served me very well over the years and I do not plan to change it any time soon.

Posted by:

Duvid
26 May 2016

Bob - what I do is similar, and it solves the problem of different passwords for different sites.

I have my "standard", including uppercase & special characters; then I preface that with something relating to the site, as applicable, i.e. "FirstDir" for First Direct Bank, or "Zon" for Amazon.

What do you think?

Posted by:

Tom
26 May 2016

I use KeePass, available on SourceForge, and have for years. One password I remember is the one to log into KeePass, then go from there.

Your could break my arm to tell you a password but I can't; I have no idea what some are because I just don't look at them.

You can take it with you on a thumb drive.

Regards,

Tom C

Posted by:

Charley
26 May 2016

I have 100s of passwords (yes, really!). So I use a password manager to help me remember them. But they are created using a formula. I take the website name (e.g., askbobrankin.com) and apply a little magic to it in my head, then add some special stuff that I can remember. That way if I don't have my password manager handy, I can recreate what my password is usually (not always, but it usually works for when I need it). I also have all my passwords stored, encrypted, on the web. So if I get stuck, I can go to the web and find any of my passwords.

Posted by:

Perry
26 May 2016

I use Keepass on both PC and iPhone. I actually have 2 Keepass databases, where one contains the password for the other, separating business and personal. If you use Keepass, you can highlight the website you are planning to go to, hit CNTL U and it will open the website, then hit CNTL Alt A and it will type in your user name and password for you... just helpful hints to keep things simple without having to remember but 1 password

Posted by:

JimM
26 May 2016

For the most part I let Google remember my passwords for each site I have to log into. Only exception is those that have access to my credit card information or bank information. Those PWs are on a thumb drive and I click and paste them into the website. My question is: I sometimes forget to write down the ones that I have Google remembering. Is there anyway to get those so I can write them down or put them on my thunb drive?

Posted by:

Annette
26 May 2016

I use a 5 word phrase which ends in a number (for example: I started state university in 85) which I have no trouble remembering. I reduce this to IsSui85 and add 2 or 3 letters relating to the specific site -- for Amazon I would use IsSui85AMZ. This way I have an individual password for each site, but all are based on my basic phrase. P.S. the above phrase is NOT my chosen password!

Posted by:

Monte
26 May 2016

I've been introducing a 60s something friend of mine to the world of computers. Last week he asked me over to help him with getting on a couple of his "favorite" sites. I asked him for his username and password and got a very perplexed look from him as he said, "Doesn't everybody know that?" He went on to say he just followed. When the screen prompt said to "type in your username," he literally typed in yourusername. Likewise, when he was prompted to "type in your password," he sure 'nuff typed in yourpassword. He and I are still talking about what a username and password should be. I think (hope) he's catching on. Thanks, Bob. Believe it or not, there are still folks out here who really do need your insights and advice (me included).

Posted by:

Steve G
26 May 2016

I am surprised nobody has mentioned Dashlane. I have had great success with it and I periodically change the master password. You can export to your other devices and you have nothing on a cloud or someone elses site.

EDITOR'S NOTE: You mean nobody except me? :-)

Posted by:

Kathy
26 May 2016

And they say Classics is a useless major. I use a transliteration of what an old Greek grammar calls "peculiar forms of tenses," plus a capital letter with numbers and a symbol at the end.

You wouldn't need to know classical Greek to find a few different forms. Less common forms of Latin or middle/early modern English would probably work too.

Kaspersky rates one of my older Greek based passwords at 10,000 centuries plus to crack.

Posted by:

Granville Alley
26 May 2016

Nearly all the Password Crackers are salted with almost all words, so they will relatively easily crack any password that utilizes words and just one or two special or Capital Letters. The far better methodology is to take a couple of unrelated phrases that are memorable to you but does not necessarily mean anything to someone else and use the first or last letter of each word in the phrase split by a 4-6 digit numeric with a special character at either end of the numeric.

Someone suggested a taking the first letter of each word of a song lyric phrase which is also a good idea although again combine two unrelated ones and put a short memorable to you numeric (not related to your address, birthday, or former addresses and preferably not a numeric you are using for pin numbers for credit cards. These kinds of combinations actually require the true brute force type cracking you discussed earlier.

Again anything using whole words or phrases of whole words will run into the already salted databases of password crackers and will be broken relatively quickly and are really no easier to remember than utilizing the first letter of each word of two or more phrases with a numeric thrown in between.

Comment Page: 1 |  2 

Read the article that everyone's commenting on.

To post a comment on "Crafting The Perfect Password"
please return to that article.

Send this article to a friend. Jump to the Comments section. Buy Bob a Snickers. Or check out other articles in this category:





Need More Help? Try the AskBobRankin Updates Newsletter. It's Free!

Prev Article:
Geekly Update - 25 May 2016
Send this article to a friend
The Top Twenty
Next Article:
[SOLD!] Where to Sell Handmade Goods

Link to this article from your site or blog. Just copy and paste from this box:


Free Tech Support -- Ask Bob Rankin
RSS    
Subscribe to AskBobRankin Updates: Free Newsletter

Privacy Policy