Millions using 123456 as password, security study finds
Discussion
BoRED S2upid said:
If that’s true then why do some websites insist on alpha numerical type passwords? Why not just insist on longer passwords.
Momentum. The guy who originally recommended alpha numerical type passwords has conceded his mistake. It's now considered bad practice to insist on these requirements, but it does seem like they are here to stay, until passwords are replaced by a better system. Having a paper book isn't actually a terrible idea vs using pattern based or character passwords.
Eric Mc said:
B'stard Child said:
It was a reference to a post you made in another thread citing education being the solution 
It helps but some people you can't re-educate
I worked that out - but thanks for the assistance.It helps but some people you can't re-educate
Yes - there are lots of people who you can't educate - let alone re-educate. That consigns them to the scrapheap of life - in true PH "big and powerful director" manner.
.Sheepshanks said:
Missus worked in the civil service and they had to change their password every month - apparently a huge proportion of them used their DOB plus the current month.
It's amazing that so many idiot organisations still enforce regular password changes - it's utter garbage.For the sites that count I always use auth based 2FA and uniquely monstrous passwords.
For everything else it's the same password. I couldnae care less whether it's hacked. There's no payment details anywhere and not quite the right name or address either.
I've no interest in using a password manager. I may need to access things on unfamiliar machines and where there's a program, there's a hack somewhere eventually.
And it's REALLY frustrating when sites try to force a password format on you. A combo of words is more secure than 8-10 letters and numbers.
For everything else it's the same password. I couldnae care less whether it's hacked. There's no payment details anywhere and not quite the right name or address either.
I've no interest in using a password manager. I may need to access things on unfamiliar machines and where there's a program, there's a hack somewhere eventually.
And it's REALLY frustrating when sites try to force a password format on you. A combo of words is more secure than 8-10 letters and numbers.
Parsnip said:
Am I right or assume that if I use last pass to auto generate something of the same length as horse battery staple mouth or whatever, it’ll be just as strong? do actual understandable words add or remove strength or is it just the fact that you can make something that is really quite long whilst being easy to remember?
bloomen said:
I've no interest in using a password manager. I may need to access things on unfamiliar machines and where there's a program, there's a hack somewhere eventually.
Got a smartphone? LastPass at least has an app, so I have my passwords with me wherever I go.Presumably you don't use internet banking with that logic?
If it's good enough for the likes of Harvard and VMWare, it's good enough for me.
Otispunkmeyer said:
We got recommended to do this at work....or use a password manager like last pass.
Am I right or assume that if I use last pass to auto generate something of the same length as horse battery staple mouth or whatever, it’ll be just as strong? do actual understandable words add or remove strength or is it just the fact that you can make something that is really quite long whilst being easy to remember?
In short the longer the better from an entropy perspective but purpleloverocket is good (bad example as commonish phrase)Am I right or assume that if I use last pass to auto generate something of the same length as horse battery staple mouth or whatever, it’ll be just as strong? do actual understandable words add or remove strength or is it just the fact that you can make something that is really quite long whilst being easy to remember?
The trouble with auto generated passwords is if you lose the app or don’t have access to it, you are stuck
3 or 4 random words are really easy to use and really good. If you want to go even better then you can use passphrases instead.
If you are a pure apple user then keychain is built in and seemless across all devices
Jim the Sunderer said:
I'm supporting 6 clients over 4 laptops, multiple applications, Windows locks itself after ten minutes, vpns disconnecting after 20 and password resets between payslips.
They're lucky I don't use ******* every time.
I don't think you can use only asterisks can you? They're lucky I don't use ******* every time.
The Mad Monk said:
How secure would it be to use a cryptic word encoded, plus a number known only to you?
Think less about that, though it's important, and more about uniqueness.So let's say on Site A you use a password of "crypticwordencoded776" and sit back basking in the knowledge that it's something strong and known only to you.
However it's a b
h to remember so when you register on Site B you also use "crypticwordencoded776".Only Site B don't have the same levels of security as Site A and someone steals (not guesses, steals) the passwords so now they know your email address and password of "crypticwordencoded776".
They then go and try Facebook, Twitter, Gmail, whatever, using your email address and "crypticwordencoded776".
See where this is headed...
Gassing Station | News, Politics & Economics | Top of Page | What's New | My Stuff