How secure are yours? I use something everyone who mastered grammar school certainly knows about. Still, hackers would have a rather hard time to crack it, for sure...
371- 528 - 818 - ?
SGI: Security
Secure passwords
After the recent Gawker.com password fiasco, I've been refreshing many of my accounts with a range of new passwords.
I didn't think that I'd be affected by the Gawker problems, since I don't remember ever signing into or caring about the site, but it turns out that they own a bunch of other sites and use the same authentication system for all of them. I made a comment on one of them, Lifehacker.com, years ago, and I used that username/password pair on a bunch of non-essential sites, so my credentials were compromised.
I didn't think that I'd be affected by the Gawker problems, since I don't remember ever signing into or caring about the site, but it turns out that they own a bunch of other sites and use the same authentication system for all of them. I made a comment on one of them, Lifehacker.com, years ago, and I used that username/password pair on a bunch of non-essential sites, so my credentials were compromised.
My trick is to start with a phrase I'll easily remember, like:
Oh no you don't!
Then start mangling by replacing letters with numbers or symbols that look similar as well. The trick is to use the conversion inconsistantly;
0h_nO-Y0u_d0N'T!
The other trick is to try several variations until you find a combination that rolls off your fingers well.
Geof
Oh no you don't!
Then start mangling by replacing letters with numbers or symbols that look similar as well. The trick is to use the conversion inconsistantly;
0h_nO-Y0u_d0N'T!
The other trick is to try several variations until you find a combination that rolls off your fingers well.
Geof
--
+MacPro +Sun Ultra 40 +G4 MDD +G4 Cube +G3 B&W +MacBook Air +iPad +Amiga 3000 +Amiga 2000 Toaster
+MacPro +Sun Ultra 40 +G4 MDD +G4 Cube +G3 B&W +MacBook Air +iPad +Amiga 3000 +Amiga 2000 Toaster
for online accounts i only use generated stuff as well as for local services that can be reached from the outside
r-a-c.de
Well, just write down your password in this thread, and we'll tell you if they are strong enough, for free! Aren't we kind hearts?
R4000
R4000
R4000
R4400
R4400
R8000
R10000
R4000PC
R4000SC
R4600
R5000SC
R5000
RM7000
2xR10000
R12000
2xR12000
-
2x2xR10000
R16000
4xR16000
among more than 150 machines : Apollo, Data General, Digital, HP, IBM, MIPS before SGI , Motorola, NeXT, SGI, Solbourne, Sun...
foetz wrote: for online accounts i only use generated stuff as well as for local services that can be reached from the outside
Hey, foetz, great to see you here again!
Do you use a password manager to "remember" the generated passwords? If so, is there a particular one that you recommend?
pi=4,25?miod wrote: Well, just write down your password in this thread, and we'll tell you if they are strong enough, for free! Aren't we kind hearts?
371- 528 - 818 - ?
The main reason I don't use generated password is they are too hard to remember. If they are phrase based, I can make them relatively easy to remember. I used to play the middle row of the keyboard (asdfghjkl) into the white keys of a piano (cdefgabcd) with the upper row (we-tyu-op) into black keys (c#d#-f#g#a#-c#d#) and the make my passwords into musical motifs. For instance, in C-major, the password 'adgfdsasaaasssdddfasdfdfghghjk' is the main theme of Beethovens 5th symphony, 4th movement. The musical approach was basically to build long passwords that where easily remembered. Unfortunately, many system now require mixed upper/lower/number/symbols which makes the musical approach harder. If I can't remember a password, and have to lookitup, it's not very useful to me.
Geof
Geof
--
+MacPro +Sun Ultra 40 +G4 MDD +G4 Cube +G3 B&W +MacBook Air +iPad +Amiga 3000 +Amiga 2000 Toaster
+MacPro +Sun Ultra 40 +G4 MDD +G4 Cube +G3 B&W +MacBook Air +iPad +Amiga 3000 +Amiga 2000 Toaster
I think this comic sums up my thoughts on the matter.
<- MicroVAX 3500
<- MicroVAX 3300
Oskar45 wrote:pi=4,25?miod wrote: Well, just write down your password in this thread, and we'll tell you if they are strong enough, for free! Aren't we kind hearts?
Definitely too weak.
Try using ``pi=14.3'' instead.
R4000
R4000
R4000
R4400
R4400
R8000
R10000
R4000PC
R4000SC
R4600
R5000SC
R5000
RM7000
2xR10000
R12000
2xR12000
-
2x2xR10000
R16000
4xR16000
among more than 150 machines : Apollo, Data General, Digital, HP, IBM, MIPS before SGI , Motorola, NeXT, SGI, Solbourne, Sun...
A root password on a well-used machine here at school was "ribbed for her pleasure"
I use random goobledygook numbers+letters...
I use random goobledygook numbers+letters...
Google: Don't Be Evil. Apple: Don't Be Greedy. Microsoft: Don't Be Stupid.
josehill wrote:foetz wrote: for online accounts i only use generated stuff as well as for local services that can be reached from the outside
Hey, foetz, great to see you here again!
Do you use a password manager to "remember" the generated passwords? If so, is there a particular one that you recommend?
much thanks
of course those kinds of passes have to be written somwhere and my intranet db is just the right place for that. it's platform independent and i can access it in all kinds of ways.
currently running with mysql and as simple as possible. looks like that:
Code: Select all
CREATE TABLE `accounts` (
`COMPANY` varchar(100) default NULL,
`LOGIN` varchar(50) default NULL,
`PASS` varchar(50) default NULL,
`id` int(11) NOT NULL auto_increment,
PRIMARY KEY (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=1 DEFAULT CHARSET=latin1;
just an example but something like that does the job for me
r-a-c.de
I tend to use passwords that are 22 characters long. I know it is a pain, but it gets the job done.
Keep in mind that many systems, including IRIX 6.5, only recognize the first eight characters of a password.
![[[C|-|E]] avatar](../../../static/0523d5bb-607f-410e-9902-4f0ff44d3717.jpeg)
I randomly generate all my important passwords using letters, numbers, and symbols
. I also make them as long as the application or operating system allows. Finally, I memorize them. Sounds crazy but, hey, it is very secure!.
I also try to avoid password reusing except for the very unimportant accounts
.
. I also make them as long as the application or operating system allows. Finally, I memorize them. Sounds crazy but, hey, it is very secure!.
I also try to avoid password reusing except for the very unimportant accounts
.
_________________
_
Betty Blue
_
R12000A 400 Mhz ; 1 Gb RAM ; 72 Gb 15K HDD; IRIX 6.5.29
CrystalEyes; Dial Box; O2Cam "ZEYE"; external Toshiba SD-M1711 DVD-ROM; Octane speakers;
Lock bar; SGI microphone.
Mods: PSU Noctua fan; internal Toshiba SD-M1401 DVD-ROM; Adaptec AIC-7880P SCSI card.
_ REKIEM_I7 _
Seasonic X 1250W PSU / Intel I7 2600k 4 x 5,00 Ghz / 2 x Gainward 2Gb GTX 560Ti Phantom 2 / 32 Gb DDR3 / Intel x25-M 160 Gb SSD and 2 x 1,5 Tb HDDs
_ Lazarus _
2 x Intel Xeon MP Gallatin 3,00 Ghz with 4 MB cache / Zotac 512Mb GT430 / 12 Gb DDR266 ECC / 4 x Maxtor Atlas 146GB 10K V U320
9 character, mixed case alpha, numerical, with special characters. One for each account kept in my head via muscle memory.
DECUS Member 368596
josehill wrote:
Keep in mind that many systems, including IRIX 6.5, only recognize the first eight characters of a password.
Sorry, I work for a Windoze house and so I use this length for those. For Unix systems it is 8 characters.
_________________
DELL Inspiron 15R 3.2GHz 16GB RAM ATI7730M/Intel HD4000 750GB Windows 8
IndyFred wrote:
josehill wrote:
Keep in mind that many systems, including IRIX 6.5, only recognize the first eight characters of a password.
Sorry, I work for a Windoze house and so I use this length for those. For Unix systems it is 8 characters.
Not necessarily. "Classic UNIX" with the salted-DES password system yes, but newer UNIX systems can have alternate authentication mechanisims with a greater number of significant characters. Note that all your systems need to support the greater length (and I don't think IRIX does, at least without major hacking).
_________________
Damn the torpedoes, full speed ahead!
Systems available for remote access on request.
(single-CM)
Code:
(and I don't think IRIX does, at least without major hacking)
How would one go about increasing the maximum password length on an Irix box?