Article

2014-01-23 Science & Technology

'Password' No Longer the Internet's Worst Password

Archived material is restricted to Rantburg regulars and members. If you need access email fred.pruitt=at=gmail.com with your nick to be added to the members list. There is no charge to join Rantburg as a member.

Posted by Fred 2014-01-23 00:00|| || Front Page|| [3 views ] Top

#1 So this means it's OK to use 'password' again?

Posted by SteveS 2014-01-23 01:51|| 2014-01-23 01:51|| Front Page Top

#2 That's the kind of thing an idiot would have on his luggage.

Posted by OldSpook 2014-01-23 02:17|| 2014-01-23 02:17|| Front Page Top

Posted by OldSpook 2014-01-23 02:19|| 2014-01-23 02:19|| Front Page Top

#4 So, they found out all these passwords...how?
By cracking them? Had a password contest down at the mall?
(I'm just sayin'...)

Posted by ed in texas 2014-01-23 07:14|| 2014-01-23 07:14|| Front Page Top

#5 Not to be confused with the passwords on the sticky notes affixed on the computer.

Posted by Procopius2k 2014-01-23 07:52|| 2014-01-23 07:52|| Front Page Top

#6 TESTING...

Just subitted a comment and it didn' post.

Did you use the proper password?

Posted by AlanC 2014-01-23 08:11|| 2014-01-23 08:11|| Front Page Top

#7 Once more into the breach.....

P2K, back in the early '80s I worked for a large computer company. Sys admin gurus decided that every password would be reset to a random 10 character string every week.....sale of post it notes soared.

Posted by AlanC 2014-01-23 08:14|| 2014-01-23 08:14|| Front Page Top

#8 The admin password policy I know of is that it has to be at least 15 characters, contain no common words, have so many digits (which cannot begin or end the password) and so many special characters.

Such a policy guarantees that the password will be written down somewhere easy to reference - like a whiteboard.

So if you see what appears to be line noise written on the whiteboard - you'll know it's a password.

Posted by CrazyFool 2014-01-23 08:34|| 2014-01-23 08:34|| Front Page Top

#9 Clearly, the folks making up the complex requirements for passwords are bucking for government jobs - they are so much smarter than the rest of us.

Posted by Bobby 2014-01-23 08:40|| 2014-01-23 08:40|| Front Page Top

#10 xkcd provides a smart tutorial on passwords here.

Posted by Steve White 2014-01-23 08:41|| 2014-01-23 08:41|| Front Page Top

#11 You don't need long, complicated passwords for security; you just need to have a waiting period before subsequent attempts are accepted. Three tries in a minute, then you have to wait an hour, miss three more times, wait a day, miss three more times, wait a month, etc. Four random digits should suffice.

Posted by Glenmore 2014-01-23 09:45|| 2014-01-23 09:45|| Front Page Top

#12 Not to be confused with the passwords on the sticky notes affixed on the computer.

Which is good fun until the kids throw them away on trash day, and it isn't noticed until after breakfast the next day.

Posted by swksvolFF 2014-01-23 11:05|| 2014-01-23 11:05|| Front Page Top

#13 Safeboot has (or had) something like that. After I think 3 failures it delays for 1 miniute and doubles after each consecutive failure after that. 1, 2, 4, 8, 16, 32, etc...

Very effective.

Posted by CrazyFool 2014-01-23 11:05|| 2014-01-23 11:05|| Front Page Top

#14 So, they found out all these passwords...how? - Ed in Texas

Just guessing but I think the No Such Agentcy, runs a pool, kind a like a Superbowl, which is payable every Monday, for the easiest to break password and the results were leaked to the press recently. You are reading the leak.

Posted by Don Vito Matzarrella 2014-01-23 11:16|| 2014-01-23 11:16|| Front Page Top

#15 I tell users to write their passwords on a piece of paper if they can't remember them but keep the piece of paper in a locked drawer.

One of my pet peeves is the way Internet Explorer will "remember" your password for you. But then, if you get a new computer or have to reinstall or upgrade to a newer version of Windows, IE "forgets". Then, if you forgot too, your screwed.

Posted by Ebbang Uluque6305 2014-01-23 16:27|| 2014-01-23 16:27|| Front Page Top

#16 Purely anecdotal but I have had to see a lot of them, frankly (can I say that) so I can check their typing. Also they send me requests.... oh lord they send me requests but itn hard.

Married Wymens
HusbandFirstNameYearofMarriage
ChildrensFirstNameYearofBirth
MaidenNameYearofBirth

Unmarried Wymens
NickNamesTheyHaveForThemselvesYearofBirth
PetNameYearofBirth

Unmarried Menz
NickNamesTheyThinkTheyOutToHaveYearOfBIrth
NickNamesTheyDoHaveYearOfFirstSex
YearModelOfFirstCarDate
FirstDawgYearofBirth
FirstDawgYearofDeath

Married Menz
See Above little change

Posted by Shipman 2014-01-23 17:02|| 2014-01-23 17:02|| Front Page Top

#17 Then there is the old "I'll make it the same as my userid - nobody would every try that!"

Posted by CrazyFool 2014-01-23 17:04|| 2014-01-23 17:04|| Front Page Top

#18 Way Older Users of Either Sex
FirstLineOfBibleVerseCitation

(this isn't all that unsecure, especially with a really obscure or incorrect reference)

And remember to use l33t to show your cool!
And do leave it on a sticky note, or several and make sure I know where they are. This is actually how I suspect Snowden got access. Social hacking is the easiest kind.

Posted by Shipman 2014-01-23 17:05|| 2014-01-23 17:05|| Front Page Top

#19 Lastpass. It works, and is "safe enough" for general use. Good crypto, and protocol is fairly good. Secure mobile client. And you can use 2 factor with it.

Posted by OldSpook 2014-01-23 20:10|| 2014-01-23 20:10|| Front Page Top

23:00 Silentbrick
22:50 Silentbrick
22:38 OldSpook
22:37 mossomo
22:36 mossomo
22:34 USN, Ret.
22:32 mossomo
22:10 trailing wife
21:25 mossomo
21:16 JohnQC
21:09 trailing wife
21:08 Bugs Mussolini1101
21:00 Pappy
20:58 Pappy
20:10 OldSpook
20:04 Besoeker
20:01 OldSpook
19:52 Rob Crawford
19:51 OldSpook
18:43 AlanC
18:36 AlanC
18:28 swksvolFF
18:20 swksvolFF
18:09 SteveS