Jump to content

Menu
Giving You and Your Child a Road Map to the Best Possible Education
The Well-Trained Mind Community

Password expert was wrong: paintedmusseltuxedolettuce better than $aLu.Te!

milovany

By milovany,
in The Chat Board

 Share

Recommended Posts

milovany

milovany

Posted
Posted (edited)

Has has been shared already?  I looked but didn't see it -- forgive me if so.  

 

It was an interesting read for me this morning. The man who was part of the report detailing how our passwords should have a good mix of uppercase and lowercase letters, as well as numbers and special characters, now says he was wrong. A long string of words is more secure. He also says it's not necessary to force users to change their passwords routinely unless there's been signs of a password hack attempt.  I have a system for creating passwords that uses the uppercase, lowercase, numbers and symbols in a routine (but known only to me) way. Looks like I may be able to let go of the password gymnastics.  

 

WSJ article

 

 

Edited by milovany
  • Like 12
Link to comment
Share on other sites
ashfern

ashfern

Posted
Posted

I hate when I can't quite recall the password. If the website would put a reminder of what they require for the password. Some want a of combination upper & lower, some want letters & numbers, some want special characters, some you can't use special characters. It's very annoying.

  • Like 11
Link to comment
Share on other sites
milovany

milovany

Posted
  • Author
Posted

I hate when I can't quite recall the password. If the website would put a reminder of what they require for the password. Some want a of combination upper & lower, some want letters & numbers, some want special characters, some you can't use special characters. It's very annoying.

 

Hopefully this news will start to filter into company website departments and we'll see changes over time.  I'd much rather try and remember monkeymuffiincaliforniatrain than what I've had to do with my system.  The system certainly made things easier for me, but sometimes my system doesn't work, for example when a website won't allow certain special characters. Then I have to remember how I changed that one password when I visit that site.  

  • Like 4
Link to comment
Share on other sites
EmseB

EmseB

Posted
Posted

Longer passwords are definitely better, which is why it's so annoying when a company limits a password field to 8 or 12 characters.

 

I use LastPass which is amazing for having different passwords for every site that has different criteria and not having to remember them.

  • Like 2
Link to comment
Share on other sites
Cinder

Cinder

Posted
Posted

Longer passwords are definitely better, which is why it's so annoying when a company limits a password field to 8 or 12 characters.

 

Yes, my ds has talked to us about this issue--that more characters provides more security than just using symbols and numbers. He was annoyed recently at some website he uses that limits the passwords to 8 characters.

Link to comment
Share on other sites
TravelingChris

TravelingChris

Posted
Posted

Both of my kids work in the health field and they were both complaining to me yesterday how the new vaccination system set up by the government is absolutely horrible and they are having issues at each of their works. The problem- you have to change your password every 2 months and if you forget you are locked out. We had a similar nutty situation with our military retiree pay website- giant complicated passwords with all sorts of crazy rules that had to be changed every two or three months. I initially set it up and gave all the passwords for like four years worth to dh but thamkfully he was able to bypass it in another way where he doesn't have to keep changing passwords. I was so furious with it that I just used curse word substitutions and adjectives like idiotic, stupid, etc. So what does everybody do in these moronic situations- keep records of passwords.

  • Like 1
Link to comment
Share on other sites
Guest

Guest

Posted
Posted

I am exceedingly irritated by companies that require me to have a password to look at their site.  If I have any choice in the matter, I walk away.  It's so stupid.

 

 

Link to comment
Share on other sites
Guest

Guest

Posted
Posted

Hopefully websites will stop forcing the password gymnastics upon us. I also have my own password system and while it's alpha-numeric, it's annoying to be forced to include capital letters and special characters.

I'd love to get rid of the asinine security questions!!

"What was your maternal grandmother's shoe size?"

"Name your first grade teacher's favorite food"

"What was the third song at your neighbor's wedding reception?"

  • Like 5
Link to comment
Share on other sites
Aura

Aura

Posted
Posted

Both of my kids work in the health field and they were both complaining to me yesterday how the new vaccination system set up by the government is absolutely horrible and they are having issues at each of their works. The problem- you have to change your password every 2 months and if you forget you are locked out. We had a similar nutty situation with our military retiree pay website- giant complicated passwords with all sorts of crazy rules that had to be changed every two or three months. I initially set it up and gave all the passwords for like four years worth to dh but thamkfully he was able to bypass it in another way where he doesn't have to keep changing passwords. I was so furious with it that I just used curse word substitutions and adjectives like idiotic, stupid, etc. So what does everybody do in these moronic situations- keep records of passwords.

I do exactly that. I keep a hard copy of websites and their passwords. I don't carry it with me, so it would only be of use if someone broke into the house, found the mundane place I keep it, figured out what it was and how to use it, and so on.

  • Like 2
Link to comment
Share on other sites
Seasider

Seasider

Posted
Posted

I'd love to get rid of the asinine security questions!!

"What was your maternal grandmother's shoe size?"

"Name your first grade teacher's favorite food"

"What was the third song at your neighbor's wedding reception?"

When I opened a new bank account for my mother, the officer suggested that I choose one really oddball word or phrase and program that in as the answer to every single question. Since I am not using that account very often, I am thrilled with how well that's worked out.

 

Mother's maiden name? Gobbledegook.

Name of first pet? Gobbledegook.

Favorite vacation city? Gobbledegook.

  • Like 5
Link to comment
Share on other sites
Guest

Guest

Posted
Posted

I do exactly that. I keep a hard copy of websites and their passwords. I don't carry it with me, so it would only be of use if someone broke into the house, found the mundane place I keep it, figured out what it was and how to use it, and so on.

 

I asked a brilliant man (I mean as in really a genius) who works in the encryption field how to best keep track of the passwords.  He looked at me like I was nuts.  "Write them down! No one can remember all this stuff."  

 

Then put them somewhere safe.  Like a safe.  As a backup measure, I periodically send a copy to my BFF and she slaps the envelope in her safe.  Done.

Link to comment
Share on other sites
klmama

klmama

Posted
Posted

When I opened a new bank account for my mother, the officer suggested that I choose one really oddball word or phrase and program that in as the answer to every single question. Since I am not using that account very often, I am thrilled with how well that's worked out.

 

Mother's maiden name? Gobbledegook.

Name of first pet? Gobbledegook.

Favorite vacation city? Gobbledegook.

 

 

This is brilliant!

  • Like 1
Link to comment
Share on other sites
Corraleno

Corraleno

Posted
Posted (edited)

I was so furious with it that I just used curse word substitutions and adjectives like idiotic, stupid, etc. So what does everybody do in these moronic situations- keep records of passwords.

 

The ones that tick me off the most are the websites that don't give you specific parameters (# of letters, UC, lc, numbers, characters, etc.) but just say that the password you chose was "weak" and make you keep randomly typing new ones until you hit on one it decides is "strong" enough. Those are the passwords that end up being a string of curse words and characters!

 

As for recording passwords, Safari does that automatically and I can access the whole list with the main password for my laptop. Written copies would never work for me because I'd be writing new passwords on scraps of paper and then losing them before I ever got around to adding them to the master list.  :blush: 

 

I'd love to get rid of the asinine security questions!!

"What was your maternal grandmother's shoe size?"

"Name your first grade teacher's favorite food"

"What was the third song at your neighbor's wedding reception?"

 

  :lol:  :lol:  :lol:

 

When I opened a new bank account for my mother, the officer suggested that I choose one really oddball word or phrase and program that in as the answer to every single question. Since I am not using that account very often, I am thrilled with how well that's worked out.

 

Mother's maiden name? Gobbledegook.

Name of first pet? Gobbledegook.

Favorite vacation city? Gobbledegook.

 

That is genius!  :thumbup1:

Edited by Corraleno
Link to comment
Share on other sites
klmama

klmama

Posted
Posted

Dh thinks the password vault on the computer is a better choice.  I think that if the computer is stolen, his list will be gone; my written list of passwords tucked into a file with foreign language worksheets is likely to still be there.

 

 

  • Like 1
Link to comment
Share on other sites
EmseB

EmseB

Posted
Posted

Don't most browsers include password management? I know Safari does and I think Firefox does too. Or do people think those aren't secure enough?

I prefer a manager independent of my browser, with a mobile app (only accessible by fingerprint). I have a really long phrase I use to log in to it and my passwords aren't stored on my computer.

Link to comment
Share on other sites
RegGuheert

RegGuheert

Posted
Posted (edited)

Don't most browsers include password management? I know Safari does and I think Firefox does too. Or do people think those aren't secure enough?

Yes, Firefox, Safari and other browsers have features to store passwords.

 

I consider them a huge security leak.  Here are some issues:

 

- You can view all the passwords stored there.

- If it is Firefox (and perhaps the others), you can easily get the passwords from a backup of the computer if one exists.

- If you tell the browser to "Never Store" certain passwords, then the browser stores the urls of your banks, investments, etc.

 

My policy with these things is:

 

- NEVER store a "strong" password for an important site in the browser.

- NEVER tell the browser to "Never Store" important passwords, but rather tell them not to remember it each and every time.

 

DS19 has the most secure approach I know of to password security.  It's a bit of a pain, but I think his stuff is ridiculously secure.  I'm getting close to adopting his approach myself.

Edited by RegGuheert
Link to comment
Share on other sites
Lady Florida.

Lady Florida.

Posted
Posted

Dh works for a civilian contractor in a military facility. He's required to change his password every 6 months and they follow the uppercase/lowercase/numbers/characters rule. He has a special way of coming up with new ones. I wonder if government entities are going to change their rules after this.

 

I like my way of coming up with passwords and I could be wrong but they do seem secure to me.

 

-No one on the planet, not even dh, knows the pet name* I had for the dog I owned in the seventies plus the year she was born and the year she died. Not even closest family knows what I used to call her. Most don't remember when she was born if they even knew.

-No one (except maybe my 82 yo aunt) knows my mother's first name that she never ever ever used (not in any legal or informal way ever) but was given at her baptism because the priest required a saint's name, plus the unkind name she and her sisters were called as kids (because they were "greasy Italians") plus the year she and my dad divorced. 

 

^^Those are not actual current passwords but examples of how I come up with passwords. ^^

 

I suppose if hackers tried long enough they'd string those things together but if they tried long enough they'd crack nearly any password. 

 

*Yes, I have special pet names for my pets. Doesn't everyone? :)

 

 

 

I'd love to get rid of the asinine security questions!!
"What was your maternal grandmother's shoe size?"
"Name your first grade teacher's favorite food"
"What was the third song at your neighbor's wedding reception?"

 

 

I remember a meme going around a while back with a parent looking down on a child and a puppy. The caption has the parent saying. "Think carefully before you name him. That will be your security answer for the rest of your life.".  :lol:

  • Like 2
Link to comment
Share on other sites
Joules

Joules

Posted
Posted

When I opened a new bank account for my mother, the officer suggested that I choose one really oddball word or phrase and program that in as the answer to every single question. Since I am not using that account very often, I am thrilled with how well that's worked out.

 

Mother's maiden name? Gobbledegook.

Name of first pet? Gobbledegook.

Favorite vacation city? Gobbledegook.

 

I've always done that, but have recently started getting error messages:

"Security questions must have unique answers"

Link to comment
Share on other sites
milovany

milovany

Posted
  • Author
Posted (edited)

Maybe try:

 

Gobble

de

gook

 

Unique answers to each question.

Then you have to remember which one goes with which question, thus (partially) defeating the purpose. And usually answers have to be a minimum of four letters so it would have to be gobb, lede and gook. 😄 Edited by milovany
  • Like 1
Link to comment
Share on other sites
Guest

Guest

Posted
Posted (edited)

There was a very famous XKCD about this years ago. We have found it to be true. I use a password vault (OnePassword) and my password for that is extremely long, unique, and yet memorable. Everything contained within is extremely long and completely algorithmically gibberish, but all I need to remember is the one. Good stuff.

Edited by Arctic Mama
Link to comment
Share on other sites
greenbeanmama

greenbeanmama

Posted
Posted

My husband is in IT and deal with security issues for a billion-dollar company.  He's extremely careful with passwords, and uses a password generator to come up with random uppercase/lowercase/number/symbol passwords of a ridiculously long variety.  What worries me is that the bank that has our mortgage is a) not case sensitive and b) doesn't allow symbols in their passwords.  How drastically reduced are my password options!

 

 

 

 

 

 

I have a piece of paper where I write down our passwords because I can't remember all of them.

Link to comment
Share on other sites
Laurie4b

Laurie4b

Posted
Posted

I was so relieved when this news came out. I will much more easily remember passwords composed of words than letters/numbers/symbols differing by website. 

 

I have one password I use for everything online that is not tied to money in any way, like this and other message boards. Is there anything wrong with that?  

 

Then I have a handful of different passwords that I use for sites like Facebook  (where accounts regularly get hacked) or sites involving any money exchange.

Link to comment
Share on other sites
RegGuheert

RegGuheert

Posted
Posted

There was a very famous XKCD about this years ago. We have found it to be true. I use a password vault and my password for that is extremely long, unique, and yet memorable. Everything contained with in is extremely long and completely algorithmicallt gibberish, but all I need to remember is the one. Good stuff.

This Gizmodo article includes that XKCD piece.

 

  • Like 3
Link to comment
Share on other sites
Anne

Anne

Posted
Posted

When I opened a new bank account for my mother, the officer suggested that I choose one really oddball word or phrase and program that in as the answer to every single question. Since I am not using that account very often, I am thrilled with how well that's worked out.

 

Mother's maiden name? Gobbledegook.

Name of first pet? Gobbledegook.

Favorite vacation city? Gobbledegook.

I thought this was a great idea also until I ran into the website that would not allow duplicate answers to different questions......

 

:-(

 

anne

Link to comment
Share on other sites
Laura Corin

Laura Corin

Posted
Posted

I'd love to get rid of the asinine security questions!!

"What was your maternal grandmother's shoe size?"

"Name your first grade teacher's favorite food"

"What was the third song at your neighbor's wedding reception?"

 

What's your father's middle name?  No, you can't use that because it doesn't have enough letters.... 

 

  • Like 3
Link to comment
Share on other sites
fdrinca

fdrinca

Posted
Posted (edited)

A while ago DH started using song titles from his favorite albums as his password. It hits: long streams of words (usually), capital letters, and, when he includes the tracks, numbers. 

 

I, however, have exactly the same password I have had for 15+ years, and when I am forced to change it I invariably never ever ever remember the new password. 

 

Edited by fdrinca
Link to comment
Share on other sites
Ausmumof3

Ausmumof3

Posted
Posted

When I opened a new bank account for my mother, the officer suggested that I choose one really oddball word or phrase and program that in as the answer to every single question. Since I am not using that account very often, I am thrilled with how well that's worked out.

 

Mother's maiden name? Gobbledegook.

Name of first pet? Gobbledegook.

Favorite vacation city? Gobbledegook.

Good idea... Will do this from now on.

Link to comment
Share on other sites
EmseB

EmseB

Posted
Posted

I had wondered about this thing with different characters, which my dh seems to insist on.

 

It's seemed to me that it isn't really any different than having a larger alphabet that you are using?

 

You are correct.  Adding numbers and characters increases the "alphabet" but in terms of hacking someone's password the effect there is negligible.  Whereas if you have more characters (longer password) that is harder to hack.  Which is basically what the article says, I suspect, but it's behind a paywall for me.

  • Like 1
Link to comment
Share on other sites
J-rap

J-rap

Posted
Posted

When I opened a new bank account for my mother, the officer suggested that I choose one really oddball word or phrase and program that in as the answer to every single question. Since I am not using that account very often, I am thrilled with how well that's worked out.

 

Mother's maiden name? Gobbledegook.

Name of first pet? Gobbledegook.

Favorite vacation city? Gobbledegook.

 

What a great idea!

Link to comment
Share on other sites
TravelingChris

TravelingChris

Posted
Posted

No requiring or including numbers or symbols is less good because we have 26 letters and 52 if you use both capitals and small letters, and there are only 10 numbers (0-9) and usually 8 or less symbols allowed. It decreases the time needed to hack the code as the link previously mentioned showed in a nice cartoon.

Link to comment
Share on other sites
Ravin

Ravin

Posted
Posted

Often there are limits to how many characters a password can be. I use a system that utilizes lines of poetry, using just the first letter of each word, correctly capitalized and including punctuation. The poem then helps me remember the password.

  • Like 1
Link to comment
Share on other sites
luuknam

luuknam

Posted
Posted (edited)

I've been on sites where they require that the password has no word in it that is actually a real word.  So, it has to be completely random characters that do not spell anything at all.  Very frustrating.

 

 

Often by that they just mean English words... so, just make up a phrase in a foreign language. 

 

ETA: it's not like they can realistically make you not use words from *any* language, because then most letter combinations would be words. 

Edited by luuknam
  • Like 1
Link to comment
Share on other sites
Bluegoat

Bluegoat

Posted
Posted

Often there are limits to how many characters a password can be. I use a system that utilizes lines of poetry, using just the first letter of each word, correctly capitalized and including punctuation. The poem then helps me remember the password.

 

I am going to steal your system.

  • Like 1
Link to comment
Share on other sites
milovany

milovany

Posted
  • Author
Posted

You are correct.  Adding numbers and characters increases the "alphabet" but in terms of hacking someone's password the effect there is negligible.  Whereas if you have more characters (longer password) that is harder to hack.  Which is basically what the article says, I suspect, but it's behind a paywall for me.

 

 

This does make sense, that increasing the usable "alphabet" by adding in the special characters and numbers increases the strength of the password.  But when using a mix of the letters, numbers and special characters came to be required, it made it seem as if that mix was the key to a strong password, not the length of the password.  So glad to be learning that it's the length that's key, not the mix of characters.  

  • Like 2
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...