You don't need to be an 'investor' to invest in Singletrack: 6 days left: 95% of target - Find out more
40,000^3 is much, much less than 94^18.
sure but isn’t the point that a list of words is more readily memorised than a list of characters, so you can have a memorable password that is really very long (I’m thinking of a one man (actually woman) Beckett play I saw. That would have been a hell of a password).
PasswordPasswordPassword is 24 characters, do you think that it would take longer to crack than a 18 character password of complete randomness?
Veering off at a tangent - can you make a password based on Kanji characters? (Bit rhetorical, as I’m aware that the answer is “depends”)
If the attack was "brute force" i.e. just trying all possible variations, and the password had the option of being alphanumeric and with symbols then yes, the longer the passeord the harder to crack. However, if the attack started of with "lets try the old classics password1234, 1234567890, etc. It might get picked up sooner.
PasswordPasswordPassword is 24 characters, do you think that it would take longer to crack than a 18 character password of complete randomness?
Depends how they are attacking it.
Whether they are just using brute force number crunching or working through known patterns of possible words.
Also, by cracking it, they won't necessarily recover "PasswordPasswordPassword" they just need to find another string which when hashed ends up with the same hash as "PasswordPasswordPassword" eg you could be really unlucky and "P@$$w0rd123" could be the first one they try and that hashes to the same thing, so they get it first time...
Whether they are just using brute force number crunching or working through known patterns of possible words.
Assuming that people who are interested in cracking passwords will opt for the stupidest method possible is probably where a lot of people are going wrong.
Why are you all assuming my password is easily guessable or using any compromised phrases?
I mean, yeah those are all idiotic passwords but if that's the best argument you have against my personal methodology then I feel pretty vindicated tbh.
TrueCrypt?
Yup that's the puppy.
^ The rumour was the nsa forced him to add a back door to it. Not sure if it's true but I remember the final commit message was something like "Not Safe Anymore" so it's plausible.
Anyway you can transition to veracrypt
Why are you all assuming my password is easily guessable or using any compromised phrases?
I'm not. I'm trying to explain password entropy and search spaces to you. And failing, obviously.
huh. Must be getting old then, I have no trouble remembering my work laptop Bitlocker password and network login plus my regularly used banking passwords, login details and whatever else.
Good for you. Meanwhile, most other people struggle to remember where they left their car keys when they came home the previous day. It’s why mine have a tracker on. #rollseyes
Having more complex, non-reused, easily rotated, passwords is a better compromise.
And the complete opposite of what’s considered best practice. Especially the changing them regularly bit.
Place I last worked at we used tablets for checking vehicle locations on our site, and to change their locations when the cars were moved, for whatever reason. We had to change the sodding password we’d set up every damned month, for no discernible reason other than ‘security’, when there was no security issue. Everyone set up a simple password and added a digit at the end which changed incrementally. How very secure. /s
Because 18 digits gives you a 6 trillion year cracking time and can be made of three easy to remember words.
Which is all fine and dandy, until you have to set up a password and the site won’t accept a password with that many characters. I frequently use Apple’s ‘use strong password’ facility, but it’s not uncommon to have it refused just because it contravenes some stupid restrictions on character number, or special characters, or some other random bullshit that a company’s IT wonk has determined is ‘best practice’. 😖🤬
this is annoying & whilst IMO all websites should accept Apple’s default password offerings given how popular their service is (it’s just poor website design otherwise!) it is possible to change the format of the generated password to make a particular website happy, just takes a few more clicks & probably is not very obvious if you don’t know you can do it!I frequently use Apple’s ‘use strong password’ facility, but it’s not uncommon to have it refused
Prompted by this thread I took another look at password managers to get fully off lastpass.
I've gone down the KeePassXc route (on windows), with KeePass Android on the phone.
Seems a really nice solution. Can host password DB on your own cloud storage (I'm using Google Drive) so it syncs between devices. Plus additionally, you can use a key file hosted locally on your device(s) so if the cloud DB were ever to be breached the DB would be unreadable without both your master password and the key file.
Form fill integrations with Chrome browser and also in the android apps is good (maybe not as polished as lastpass, but still very usable).
Just posting incase someone finds useful
Also note the ability to host a 1Password DB on own cloud storage seems to have disappeared. I found the 1Password android app extremely clunky when i tried it in the last version.
Someone got fired? Or maybe they never had one.
A cynical person once told me that part of the reason that kind of job exists is so that there is someone to fire when stuff goes wrong.
Also note the ability to host a 1Password DB on own cloud storage seems to have disappeared.
It's only available to legacy users and possibly not at all since 1Password v8 was instituted. TBF it was starting to get a bit clunky towards the end of my use of iCloud hosted 1Pasword DB (I'm now a happy user of the 1Password cloud account nowadays).
it’s not uncommon to have it refused just because it contravenes some stupid restrictions on character number, or special characters, or some other random bullshit that a company’s IT wonk has determined is ‘best practice’.
That's one for the 'disproportionately cross' thread.
"Your password doesn't meet the complexity requirements."
Tell me what they are, I'll meet them.
"Ooh, no, we can't do that, it's a secret."
