Pete Posted April 28, 2012 Report Share Posted April 28, 2012 This is a rant about password security or lack thereof with various services lately. The other day I got an email saying that Cryptic had had their password database compromised (anyone therefore with a Star Trek Online account might want to consider changing their password, even though Cryptic no longer ahve anything to do with the game) and then today it turns out my UK hosting company has had its systems compromised. I'll stress now that the latter has no link to StrategyCore as this is on far superior US hosting (UK and European hosting really sucks in terms of service and value for money). but it still annoys me as even though they've likely only accessed encrypted versions of passwords they can still decrypt them given enough time. As I do rather a lot on the web this means I have to change my password in at least 20 places. Yes, I know that I shouldn't use the same password everywhere, but I have trouble remembering more than 2-3 at a time and some services will lock your account after a couple of failed attempts. Oh well. I'll be sure to make a list of the services I need to change for next time as this time I'm just searching through my email inbox for the word "password" in an effort to make sure I've got them all Link to comment Share on other sites More sharing options...
FullAuto Posted April 28, 2012 Report Share Posted April 28, 2012 Is there yet a solution to the conundrum of having 20 different secure passwords? I currently compromise, having about a dozen ludicrously easy ones. Link to comment Share on other sites More sharing options...
Pete Posted April 28, 2012 Author Report Share Posted April 28, 2012 I just try to remember one difficult one usually - less chance they're going to crack it by brute force i.e. dumping loads of words into the password field and getting lucky. Link to comment Share on other sites More sharing options...
FullAuto Posted April 28, 2012 Report Share Posted April 28, 2012 I saw an app that was like a password safe. It struck me as being a good idea, in theory. The practicality of it was not something I cared to test myself. Link to comment Share on other sites More sharing options...
Pete Posted April 28, 2012 Author Report Share Posted April 28, 2012 We use KeePass at work which is rather good. Perhaps I should use it for my own stuff too. Link to comment Share on other sites More sharing options...
Sgt. Strike Posted April 28, 2012 Report Share Posted April 28, 2012 Your best bet is to use a password at least 6 letters with at least one number replacing a letter. This prevents brute force from getting your password. Let me post an example here. Password is easy to guess, easy for a brute force, etc. to find. Now, Passw0rd is much different and won't be easily guessed. P@ssw0rd is even harder. I actually, on some of my accounts, use a phrase. Sometimes there is a number for a space, sometimes just the phrase itself. And you can cycle through passwords as well. You don't need that many passwords, just about a total of ten things, and you can vary them from each use. Link to comment Share on other sites More sharing options...
Pete Posted April 28, 2012 Author Report Share Posted April 28, 2012 I aim for 10 or more as the length as with each additional character you decrease the chance of someone guessin it or a script from cracking it (more permutations). I have 4 uppercase and 2 lowercase letters as well as 4 digits and a symbol just for good measure in a reasonably random order that I can remember (various initials, a memorable date that's not a birthday etc etc). It just falls down when website's databases get hacked as they have your email address and encrypted password locally then and can just throw computing power at it until it works out the password. Link to comment Share on other sites More sharing options...
Kret Posted April 29, 2012 Report Share Posted April 29, 2012 Call me paranoid, but I like password length to be in between 12 and 16 chars long. I dislike using mixed case since I'm prone to mistyping passwords that involve toggle keys (Shift, Caps Lock, Alt Gr), but I do add numbers and symbols that don't require suck keys. Also, to avoid my passwords being built from subconscious preferences I use this password generator. Set it up with your preferences, have it generate some passwords and choose the ones you're comfortable with. One thing that people need to stop using is the "Remember Password" option used in any site or app since forcing yourself to retype the password actually helps you memorize it. In fact, sometimes I don't actually remember the password myself, but somehow, my fingers just know what sequence of movements they need to do to type the right keys. Oh, and as a nice anecdote: at my work place, most people remember their passwords because of having to type them, but seldom actually remember their username since they rarely need to type it in. Link to comment Share on other sites More sharing options...
Bomb Bloke Posted April 29, 2012 Report Share Posted April 29, 2012 I prefer to choose words I don't know how to spell. Link to comment Share on other sites More sharing options...
Sgt. Strike Posted May 1, 2012 Report Share Posted May 1, 2012 The thing is, anymore, what's "secured" and what isn't, is, for most things, a matter of time. True hackers aren't out to be malicious, but information seeking. And getting into, and out of, places without tripping any security. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now