How Hackable is Your Password? - Comments Page 1

Too many passwords to remember for my finite mind; I use LastPass.

The hackers would have had to known me nearly 80 years ago - good luck

I'm a long-time user of KeePass. I just checked the number of entries I have. Including both personal and work-related accounts, I have just over 250 entries in KeepPass, so a password manager is a must. Multi-word phrases are the way to go!

I use my pets' nicknames, which are gibberish first and last names (think "Mic Cheedle"), I capitalize the first and last names, and then add a combination of letters, numbers, and symbols that have no meaning. I also make the password at least 15 characters long.

I've hesitated to use password generator software. What if that software crashes or gets a bug? Then you won't know any of the passwords it stored for you and you are locked out of all your websites. I can't trust any software to work flawlessly.

I use Blur by Abine, have for years. You can customize the length of the passwords, the sort of characters you want (some sites are picky), it can even generate a standalone password for those sites that won't let you automatically generate one using a password manager, there are some that are like that, just go into Blur and generate a password, then add that to the new site, edit your Blur record to include whatever else you need and you're set.

And their customer support is absolutely outstanding for premium users, there is a free version too. I know it is not widely known and others get a lot of attention, but this one is really good and I don't mind that others have better name recognition, I consider that another strength actually. It also tells you if you've reused a password, which we all did in years gone by and gives you a chance to rectify that. Very satisfied with this program. :^)

The best strength meter I've found is the Gibson Research Corp. I use it to check all my passwords.
https://www.grc.com/haystack.htm

For years I have used Password Corral to keep track of all my passwords. It stores all your passwords as an encrypted file every time you exit. You only need to remember one key password to open it.

The original crypt algorithm in UNIX had a maximum length of 8 characters and stored the salt in the first 2 characters of the encrypted password making cracking much easier. And while the file storing passwords was secured from easy snooping the NIS protocol to centralise the database opened it all up again (ypcat passwd). NIS+ hid that data from normal users but never caught on.

One of the issues with secure passwords in some situations is that somehow regular password changes is a "good idea" but actually leads to weaker passwords that qualify and have minor pattern changes each change. Much better to enforce strong passwords and leave them alone unless a breach or similar indicates changes.

I use LastPass, paying for Premium. I can share logins without making the password visible if needed and it allows generation of one time password sheets and other recovery mechanisms if you forget your master password. I don't put my main banking ID in there but most other systems are, where allowed 20+ random character passwords.

I've used LastPass as my password manager for years. I also maintain a locked, password-protected Excel spreadsheet that lists all my websites, usernames, and passwords as a backup just in case. An up-to-date printed copy of the Excel spreadsheet is inside my safety deposit box for my will's executor in case of my untimely death as well.

For many years I have used RoboForm successfully. It has always worked well but is also continuously being improved.

There is currently only one thing that still bothers me—all the sites adding an "m" to the URL for mobile sites. That requires opening the list of passwords and choosing the password for the desktop site, which always works but takes a lot longer to complete.

Since I use a password manager and therefore only need to know a few passwords (one for the password manager, one to log onto my computer, and a couple of others), I just make them random gibberish. Since I type them in every day, there's no concern that I'll forget them. Focus on making a password that's easy to TYPE, since that is your main interaction with it. Any password is easy to remember if you type it every day.

Another great article about a topic that we need to hammer into our collective brains and often.
Thank you, Mr. Rankin, for all your continual efforts to keep us safe (and secure) from our own foibles.
I keep hoping that some day you would give the Keepass password manager an honorable mention. I guess with over 482 unique password entries in my personal KeePass copy, I may be ardent about this OpenSource offering, which has been around for at least 15 years.

Just opened my LastPass vault. 837 stored passwords. Some of the "early" ones (some for defunct sites or ones I haven't visited in years) are either very simple or duplicates, though. I really should do something. Someday.

I also use and recommend KeePass - though, I'm sure any of them would work fine. For those concerned with software bugs/crashes, like Doug: keep a backup! I have several electronic backups and I feel fine with that, but you can always print them out and stick them in your safe (or other secure location), too. I strongly feel that any tiny potential risk of using a password manager is overwhelmingly outweighed by the security (and convenience!) that they provide.

All good advice, though I have seen no indication that Dashlane is "getting better at circumventing the security-limiting roadblocks that some website owners think are important." It is for this reason that I often only enable letters and capitals and numbers. Dashlane tends to use so many different special characters that are almost universally forbidden.

I am multi-lingual and make passwords from mass ups of different languages. It seems to work as I have never been hacked, even when working with Homeland Security.

I use LastPass, but of late, I am getting more concerned about putting my passwords in cyberspace. I tested my most recent password with the Gibson Research Corp and it came up time to exhaustively search its space was a minimum of 1.41 hundred million centuries. Unless I'm missing something, that sounds pretty secure to me. What I'm thinking now is would that be secure enough to use on ALL my login sites.

I wonder about the Password security of using a random password-generating software.
-Suppose my Password to it gets hacked, all of my Passwords are revealed.
-Suppose I get shut out from my random password-generating software, how will I get into all my Password protected websites?
-Can I safely store all those random password-generating software generated Passwords securely elsewhere, as a Backup?

@Brian B, the problem with using the same Password everywhere is not the strength of your password, but rather the fact that by doing so you are exposing all the places you log into to the lowest common denominator of the website of company with the weakest security for their PassWord Database.

This is a risk, I personally am unwilling to take. If point of fact I would argue that this is basically a guarantee that your PassWord will end up in common hacker databases of known passwords. If the companies that you are logging into do not properly encrypt, maintain encrypted their password databases using encryption that is sufficiently secure.

You are basically betting all your security on the least secure company or website you log into.