Using secure passwords / password selection

Using secure passwords / password selection (Full Version)

All Forums >> [Web Development] >> Search Engine Optimization and Web Business

Message

BobbyDouglas -> Using secure passwords / password selection (10/21/2005 14:14:34)
A lot of people might not care about this, but those who do secure stuff online, should really think about this. If you have a password that is easily remembered, the chances that someone can pick it out, are pretty good. I remember when people used to use words like "rabbit" or the year they were born as their password. This is extremely insecure. The best passwords, are those that cannot be guessed. Ever think someone can figure out how you came to a password such as: mUNi89nv43nNuivre ? Most likely nobody will every be able to figure out that password since it is so complex. But you still need to be able to enter the password! My suggestion is this: 1) Download a program called KeePass (Quite a few web host companies will use this program to store their passwords) 2) The KeePass program works off of a database. All of your passwords are stored inside one database,and protected by a master password. 3) Think of some common passwords you use. Just to use an easy example, I will pick: rabbit, god, and pizza. 4) Think of a way of organization that you will always remember. Maybe it is group A>Z, or Z>A, or sort by the length of the word (if two words are the same length, then sort in A>Z order). In our case, the password would be godpizzarabbit. That still isn't not quite secure, but notice our password is 14 characters long, which is a lot better than our 6 character long password "rabbit". The great part about this program, is that it accepts all of these as parts of your password: @#$%^&*(). This will help with the next step. 5) Last, you need to think of a way to make godpizzarabbit, but still easy enough to remember. Start with something like this g1o2d1p2i1z2z1a2r1a2b1b2i1t2 notice how hard that would be to guess? But we are not done yet. To make sure that it will be even harder to figure out, we need to add some special characters. I would do something like this: g$1$o$2$d$1$p$2$i$1$z$2$z$1$a$2$r$1$a$2$b$1$b$2$i$1$t$2 So, what do we have to remember, in order to remember our password? We think of the 3 common words, place them in A>Z order so we have godpizzarabbit. We type out godpizzarabbit, and then alternate between 1 and 2 until we reach the last letter, then we end up with g1o2d1p2i1z2z1a2r1a2b1b2i1t2. After this, we place a $ after each letter, except for the last letter. Our ending result is a password of 56 characters: g$1$o$2$d$1$p$2$i$1$z$2$z$1$a$2$r$1$a$2$b$1$b$2$i$1$t$2 It might sound a bit complicated, and it was for me at first, but after a day or so it really catches on. I printed out my password for the first week, just to make sure I remember it. My database is stored in a hidden folder that I just remember by name, and the extension of the database has been changed. Someone would have to know the extenion of the new database, in order to find it on my computer. I also have a duplicate copy of it hosted online (with the extenion renamed to zip), as well on a secure USB flash drive. When someone tries to open the zip file, they see it is currupted, and toss it away.

rdouglass -> RE: Using secure passwords / password selection (10/21/2005 14:27:38)
Good practical info that everyone should pay attention to. But what I've been reading regarding passwords differs a little from that. The problem with schemes like these is that it is very diffcult for the average user to remember a scheme like that. We have switched to pass phrases instead of words. Phrases are far more likely to be remembered by the user yet are still very difficult for cracking programs. I do not say impossible but it's not impossible for them to crack yours as well; just impractical. We have a few guidelines: 1. At least 20 characters 2. At least 1 number 3. At least one upper and one lower case letter 4. Special characters are no longer required. Some example phrases: IHave2Kids1BoyAnd1Girl MyFavoriteShowIs60Minutes MyCarIsA4DoorDodgeDakota We rarely ever get a call about a forgotten password anymore and we have run a few password crackers against it. Only one succeeded in cracking 2 out of ~220 and it took 4 days of crunching to get 'em. And no I won't say wich one worked. [;)] You may not think so but these are quite difficult for the crackers to figure out.

BobbyDouglas -> RE: Using secure passwords / password selection (10/21/2005 14:35:40)
Roger, That's a very good point and an proves an easier way to remember password that is still secure (at least secure enough for the average user). I see it might be pretty hard to remember something like I posted above. The problem with using real words, is that I have noticed programs start with words first. Usually they are limited to X characters in length. If I was going to use straight words, I would make sure that I have something a little longer than 20 characters. But that would be for the password database, I don't think many websites allow a password length greater than 20 characters, some even limit it to 8 or 9! I myself am a bit paranoid. My USB key requires a 128bit password that I randomly entered (so it couldn't be cracked, and I would never use it), OR a fingerprint. So I use my index finger instead of a password.

rdouglass -> RE: Using secure passwords / password selection (10/21/2005 14:54:49)
quote: I myself am a bit paranoid. I don't think it's being paranoid at all. And I think anyone that has been hacked / stolen identity / etc. would totally agree. The only downfall of doing things pro-actively (like password stuff) is that if they work, no one ever knows. It's only when they don't work that people find out and even become aware of any problem.

yogaboy -> RE: Using secure passwords / password selection (11/2/2005 15:51:34)
quote: OR a fingerprint. So I use my index finger instead of a password. If you use your finger and someone really wants the info you've got, then they'll get your finger. I'd rather use a password![:)]

rdouglass -> RE: Using secure passwords / password selection (11/2/2005 16:22:09)
I read an article not too long ago regarding the biometrics security issue. I'll see if I can find the reference to it but the item that stands out in my head that some manufacturers finger print pad only needed to be blown over it lightly like you would when trying to fog up glasses to clean them! Didn't seem very secure to me. I'm sure it depends on the manufacturer and the implementation but I think the technology (biometrics that is) has a way to go.

BobbyDouglas -> RE: Using secure passwords / password selection (11/2/2005 16:51:15)
Well, the 128MB USB stick was only about $100 when I got it, so I doubt that it is too secure, but secure enough for what I do. I tried to blow on it, and even had someone else use their finger to test. I figured it would be a real piece of crap, but it actually has held up pretty good. The case for the stick could have been better designed (harder plastic), but it seems to hold up good enough.

ed1 -> RE: Using secure passwords / password selection (11/3/2005 7:16:18)
My password schema is pretty simple to remember. My password here is … OOPS! I almost told! No, really, I mix Alpha, Numeric, Change case, and Symbols. And I change it. I just type patterns. First series might be Hold the shift key once and use the top row of the keyboard 4 characters left hand, then bottom row of the keyboard, right hand 4 characters. To change the password, I can change the start row, change the shift key, or change both rows. This way I can always “remember” the password, and it’s easy to type because I just roll my fingers across the keyboard. Simple? Or does this not make sense. Programmer- Noun: Device to change caffeine into code.

Page: [1]

Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI

0.09375