Mental cryptography and good passwords
-
scilogs.com[^]:
Good passwords are hard to remember. A pattern that makes a password memorable is likely to make it vulnerable to attack.
A rather interesting scheme and allegedly secure.
what's wrong with "password" I have been using it for years
You cant outrun the world, but there is no harm in getting a head start Real stupidity beats artificial intelligence every time.
-
what's wrong with "password" I have been using it for years
You cant outrun the world, but there is no harm in getting a head start Real stupidity beats artificial intelligence every time.
-
what's wrong with "password" I have been using it for years
You cant outrun the world, but there is no harm in getting a head start Real stupidity beats artificial intelligence every time.
-
scilogs.com[^]:
Good passwords are hard to remember. A pattern that makes a password memorable is likely to make it vulnerable to attack.
A rather interesting scheme and allegedly secure.
You could do this without any maths by having a particular song in your head that you know all the words to (for example the national anthem) then for any given site, find the first instance of the first letter of the site name in the song (e.g. for codeproject it could be "God save our gracious queen" then take the number of letters after that letter that correspond to the number of letters in the site name (e.g. for codeproject this would give "cious queen", trim spaces and replace vowels with the ordinal of the vowel in aeiou. So - after all that you get the uncrackable password: c345sq522n Then don't forget not to reveal this method and password to the whole world. :doh:
-
Display Name Taken wrote:
zxcvbn
Great... now I have to change my password. Thanks a lot. :)
You can lead a developer to CodeProject, but you can't make them think. The Theory of Gravity was invented for the sole purpose of distracting you from investigating the scientific fact that the Earth sucks.
-
Display Name Taken wrote:
zxcvbn
Great... now I have to change my password. Thanks a lot. :)
You can lead a developer to CodeProject, but you can't make them think. The Theory of Gravity was invented for the sole purpose of distracting you from investigating the scientific fact that the Earth sucks.
change it to your dogs name or something on that lines, you can set your hint up to tell you what you used oh and don't forget to put your dogs name(or what ever you choose) on facebook
You cant outrun the world, but there is no harm in getting a head start Real stupidity beats artificial intelligence every time.
-
change it to your dogs name or something on that lines, you can set your hint up to tell you what you used oh and don't forget to put your dogs name(or what ever you choose) on facebook
You cant outrun the world, but there is no harm in getting a head start Real stupidity beats artificial intelligence every time.
Bergholt Stuttley Johnson wrote:
your dogs name
I was actually thinking that Duncan's solution below was a pretty good idea. The problem is, is I don't know the words to God Save the Queen so it would not work for me. :laugh:
You can lead a developer to CodeProject, but you can't make them think. The Theory of Gravity was invented for the sole purpose of distracting you from investigating the scientific fact that the Earth sucks.
-
Actually this is true, but we need to make use of multiple words. Password might have only one word in it, but we can have more than one word appended and mixed so that we can memorize it, and can be safe too.
Favourite line: Throw me to them wolves and close the gate up. I am afraid of what will happen to them wolves - Eminem ~! Firewall !~
While I tend to agree with you (Google the words in my above post),it this is not necessarily better, here a good read: http://arstechnica.com/security/2013/03/how-i-became-a-password-cracker/[^] So you would need more than only putting more letters. For instance correctbatteryhorsestaple is easily found with a 4word rule in hashcat.
~RaGE();
I think words like 'destiny' are a way of trying to find order where none exists. - Christian Graus Entropy isn't what it used to.
-
You could do this without any maths by having a particular song in your head that you know all the words to (for example the national anthem) then for any given site, find the first instance of the first letter of the site name in the song (e.g. for codeproject it could be "God save our gracious queen" then take the number of letters after that letter that correspond to the number of letters in the site name (e.g. for codeproject this would give "cious queen", trim spaces and replace vowels with the ordinal of the vowel in aeiou. So - after all that you get the uncrackable password: c345sq522n Then don't forget not to reveal this method and password to the whole world. :doh:
-
change it to your dogs name or something on that lines, you can set your hint up to tell you what you used oh and don't forget to put your dogs name(or what ever you choose) on facebook
You cant outrun the world, but there is no harm in getting a head start Real stupidity beats artificial intelligence every time.
Bergholt Stuttley Johnson wrote:
change it to your dogs name or something on that lines, you can set your hint up to tell you what you used
Since a pic is worth a thousand words - here's a copy of a pic I saw the other day. https://www.yellloh.com/posts/i-changed-all-my-passwords-to-incorrect[^]
"When I was 5 years old, my mother always told me that happiness was the key to life. When I went to school, they asked me what I wanted to be when I grew up. I wrote down 'happy'. They told me I didn't understand the assignment, and I told them they didn't understand life." - John Lennon
-
scilogs.com[^]:
Good passwords are hard to remember. A pattern that makes a password memorable is likely to make it vulnerable to attack.
A rather interesting scheme and allegedly secure.
My tried and true Perfectly Automated Security System With Otherwise Randomizing Denotations, or P.A.S.S.W.O.R.D., works best for me. :doh: Or was that Pathetically Absurd Silly Statement With Otherwise Rubbish Dialog? :wtf::confused:
-
While I tend to agree with you (Google the words in my above post),it this is not necessarily better, here a good read: http://arstechnica.com/security/2013/03/how-i-became-a-password-cracker/[^] So you would need more than only putting more letters. For instance correctbatteryhorsestaple is easily found with a 4word rule in hashcat.
~RaGE();
I think words like 'destiny' are a way of trying to find order where none exists. - Christian Graus Entropy isn't what it used to.
Not with my speling. :laugh:
-
Not with my speling. :laugh:
Korrekt whores battirie stapel Seems legit :thumbsup:
My plan is to live forever ... so far so good
-
While I tend to agree with you (Google the words in my above post),it this is not necessarily better, here a good read: http://arstechnica.com/security/2013/03/how-i-became-a-password-cracker/[^] So you would need more than only putting more letters. For instance correctbatteryhorsestaple is easily found with a 4word rule in hashcat.
~RaGE();
I think words like 'destiny' are a way of trying to find order where none exists. - Christian Graus Entropy isn't what it used to.
-
You could do this without any maths by having a particular song in your head that you know all the words to (for example the national anthem) then for any given site, find the first instance of the first letter of the site name in the song (e.g. for codeproject it could be "God save our gracious queen" then take the number of letters after that letter that correspond to the number of letters in the site name (e.g. for codeproject this would give "cious queen", trim spaces and replace vowels with the ordinal of the vowel in aeiou. So - after all that you get the uncrackable password: c345sq522n Then don't forget not to reveal this method and password to the whole world. :doh:
Every one knows your suppose to keep your password on a sticky note attached to your monitor.
-
scilogs.com[^]:
Good passwords are hard to remember. A pattern that makes a password memorable is likely to make it vulnerable to attack.
A rather interesting scheme and allegedly secure.
Its good practice to use secure passwords that are a mixture of letters, numbers, and punctuation. Got that. Its good practice to not use familiar words. Got that. It is good practice to have different passwords for each site. Got that. It is good to make passwords as long a possible. Got that. Great! I have 167 different passwords using random characters, each 20 bytes in length. Oh. Did I forget. You shouldn't write down your passwords, either. AWESOME! At work I use the same 8 character password across all servers and mainframe so I only have to remember one. It comprises upper lower characters, numbers, and punctuation. Each character is typed switching hands, so right left right left, and so on. And it changes every 45 days. At home, I use four or five variants of the same complex password that is 14 characters in length. I think I'm good until some site is hacked and its all exposed.
-
scilogs.com[^]:
Good passwords are hard to remember. A pattern that makes a password memorable is likely to make it vulnerable to attack.
A rather interesting scheme and allegedly secure.
An interesting idea, but seriously, when's the last time you heard about hackers getting into an account by brute force cracking the password? Its all about social engineering and vulnerabilities like bashbug. I like his idea, I might even use it someday, but since the passwords are not really the weak link in the security equation anymore, it seems like a lot of effort to make yourself no more secure.
We can program with only 1's, but if all you've got are zeros, you've got nothing.
-
scilogs.com[^]:
Good passwords are hard to remember. A pattern that makes a password memorable is likely to make it vulnerable to attack.
A rather interesting scheme and allegedly secure.
I use multi-factor authentication. My finances are on my Surface Pro. I always run Quicken on an external monitor, and Quicken isn't smart enough to reposition the launch location when the monitor isn't connected. As for my passwords, they're all in Norton on my old laptop.
-
scilogs.com[^]:
Good passwords are hard to remember. A pattern that makes a password memorable is likely to make it vulnerable to attack.
A rather interesting scheme and allegedly secure.
I still prefer using Base64:
CodeProject==>Q29kZVByb2plY3Q=Done. -
scilogs.com[^]:
Good passwords are hard to remember. A pattern that makes a password memorable is likely to make it vulnerable to attack.
A rather interesting scheme and allegedly secure.
It should be a passphrase: not a password. I don't entirely agree that a memorable pattern is vulnerable to attack. What is easy to remember for one person may be difficult for another. I can't remember chess moves, football scores or bridge hands but I can remember routes. Everyone is different. The old Data General root password was DE2LA6. Took me ages to remember that: then I was told, it was a football score: Detroit 2, LA 6. Is it a memorable pattern? Yes to someone interested in football scores from a game that was played 40 years ago. Anyone else, I don't think so. Another example of something memorable is words of a nursery rhyme where you and your siblings changed all the words and syntax and had a laugh about it. Nobody else knows these words except you and your siblings: is that vulnerable to attack? I don't think so (except from your siblings).
