[rant] Password Hell

[Gothicshark]

Internet Security has gotten stupid, I usually can remember 4 12didgit passwords with out writing them down, only companies like yahoo are forcing me to change my password every two months, and I can't use the same one I have used before, this has gotten to the point where I just can't keep all the passwords straight.

I have the generic password for things I don't care about 8 digits been the same since 1997.

I have 3 variations of that one at 12 digits long, which I usually use for Email, Video game servers, and my Credit cards.

I have one just for my bank to express my love for banks.

But Yahoo and Google have had 20+ passwords each in the last 2 years. It has gotten that when they ask me for a password I reset it. Because hell if I know what it is.

[Deleted]

Just write them all down on a bit of paper and keep it near your computer. No one is physically going to break into your house to steal your password.

[Kalyyn]

I just like how my bank has let me keep the same 4 digit pin number for almost a decade, but then every gaming service is like "Your 53-letter password is 5 seconds old! You need to change it RIGHT FUCKING NOW!"

[Deleted]

I just like how my bank has let me keep the same 4 digit pin number for almost a decade, but then every gaming service is like "Your 53-letter password is 5 seconds old! You need to change it RIGHT FUCKING NOW!"

Try to bruteforce them and see why.

[Sephius]

I'm just tired of websites informing me that I NEED a capital letter or a number in my password or else it's not going to be secure....and then saying that it only needs to be 6 characters long.

sdhsdryhsdfhsdgadfgiafdofdjaeaweajgsrhdfhdf = INSECURE, U GETTIN HACK'D
Bobby1 = SECURE, U OK, BRO

><

Your lack of understanding of internet security is why you have to change it so often.

It's 100000x easier for a program to crack an account from a random string of letters like kjdfkjdfjgnvndfkv934034904390. It's all random. it's jumbled.

When you have a password like "Frank2apple2Nightcap3" Or something, it's much harder for a prgram to guess because a program cannot recognize patterns phrases or words. Meaning it's going to guess 34994389349843 before it can guess the word Button.

[Deleted]

Yahoo and other web services now, seriously? I only had that annoying shit at workplaces, Windows domains where you must change it every odd month and can't reuse the last 2... The only rational solution, which many people used, is writing the password on a note and post it to the monitor.

[Butler to Baby Sloths]

Try to bruteforce them and see why.

A "normal" modern quadcore PC will take something like 100 Quintillion years to brute-force a 53 character passphrase.

- - - Updated - - -

Your lack of understanding of internet security is why you have to change it so often.

It's 100000x easier for a program to crack an account from a random string of letters like kjdfkjdfjgnvndfkv934034904390. It's all random. it's jumbled.

When you have a password like "Frank2apple2Nightcap3" Or something, it's much harder for a prgram to guess because a program cannot recognize patterns phrases or words. Meaning it's going to guess 34994389349843 before it can guess the word Button.

Wrong, it'll run through a dictionary first, and find "button" within about a millionth of a second.

[-aiko-]

When you have a password like "Frank2apple2Nightcap3" Or something, it's much harder for a prgram to guess because a program cannot recognize patterns phrases or words. Meaning it's going to guess 34994389349843 before it can guess the word Button.

Incorrect. Most brute force programs will use a dictionary, because most people have you know, words in their passwords.

On topic it is getting extremely annoying. The network we have at work forces us to change our passwords twice a month. It won't let us use anything even remotely similar than our previous ones...I'm running out of ideas.

[Gothicshark]

I know what you Mean, my I don't care about password is the name of something that is alpha numeric. ie Front242 <-not my password but it would be secure.
My Secure password is sort of like (veriation1: 1469Front$242 Veriation2: 1469Front4242 Veriation3: 1469front$242 Veriation4: 1469front4242 <-not my secure password but it would work. and shows the simple technique to keep passwords while meeting different rule sets.

oh and my Bank password is like a day with a person with tourettes: (Bleep)U1Nthe(Bleep)DyeBankDie I really like banks.

So when Yahoo says I have to change my passwords, I have used every possible variation of all my passwords. I'm now listing ingredients on the side of food packages, ie 666MonosodiumGlutamate!

[Kalyyn]

So why aren't we using passphrases? They're a lot easier to remember than random strings of numbers/letters, and they're vastly more secure. Yet the only service I've encountered to use them is my school website.

[Gothicshark]

I should point out the software trying to brute your passcode, will start with this list.

1. password
2, 123456
3. 12345678
4. abc123
5. qwerty
6. monkey
7. letmein
8. dragon
9. 111111
10. baseball
11. iloveyou
12. trustno1
13. 1234567
14. sunshine
15. master
16. 123123
17. welcome
18. shadow
19. ashley
20. football
21. jesus
22. michael
23. ninja
24. mustang
25. password1

[Vasti]

I'm just tired of websites informing me that I NEED a capital letter or a number in my password or else it's not going to be secure....and then saying that it only needs to be 6 characters long.

sdhsdryhsdfhsdgadfgiafdofdjaeaweajgsrhdfhdf = INSECURE, U GETTIN HACK'D
Bobby1 = SECURE, U OK, BRO

><

I hate this too. But rather than argue about it, I have 1 password that fits most if not all the requirements they generally ask and just use variations of that for different websites/services.

At one point I was considering just adding a number at the end. So that if I need to reset it and can;t reuse old passwords I'd just increase the number by 1
(e.g. Password-00 --> Password-01 --> Password-02)
It is stupid but I'll manage.
I'll just remember the important ones by heart and ask for a reset or use a simple stupid one for all the non-important crap.

[Ishayu]

Solutions to this are popping up like the iCloud Keychain or the frankly age-old KWallet from Linux.

A password wallet is a program that stores all your programs in an encrypted form. It usually uses asymmetric encryption, where your password is the private key and the wallet sends out your public key. This means that any website can give you any password, and when you supply your password to the browser it actually goes through your wallet first, decrypts the real password and sends that instead, meaning you will have thousands of passwords across the web for hackers to get at, but only 1 password to remember.

Unfortunately it hasn't been standardized. For example the iCloud keychain only works with Safari, so if you decide to have something which is not an Apple device, you can't really use it because the passwords it generates for you are impossible to remember without the wallet.

[Gothicshark]

So why aren't we using passphrases? They're a lot easier to remember than random strings of numbers/letters, and they're vastly more secure. Yet the only service I've encountered to use them is my school website.

I tend to make pass-phrases into passwords. ie

1WorkH3r3

[Butler to Baby Sloths]

I tend to make pass-phrases into passwords. ie

1WorkH3r3

That isn't really a passphrase. A passphrase would be something like "I live and work here and it sucks balls, even the passwords here are stupid".

[prwraith]

want to really fuck with those brute force programs? Use alt code and accented letters

[Fiana]

It's really easy to remember complex and secure passwords.

a) They should be meaningful so you won't forget it.
b) They should be generated based on website/service.

You need to choose a password base. Something easy to remember. For example "4yourMom$"
Now just add the name of the site/game in the beginning of this password.
"wow4yourMom$" "facebook4yourMom$" "d34yourMom$"
If you must change the password to something different, just add number in the end of the website "wow24yourMom$".

If you want additional security, you can add a more tricky way to calculate your password. For example "facebook" is 6 letters long so you should use number 6 before the password base (or in the beginning of the password - "6facebook4yourMom$"), or, for example sixths letter on the keyboard after first letter of the website (f-g-h-j-k-l-;-').

Choose a secure, easy to remember base and an algorithm you like to obfuscate the website part and your password will be secure enough for absolutely every website, and you'll never forget it.

[deadman1]

That isn't really a passphrase. A passphrase would be something like "I live and work here and it sucks balls, even the passwords here are stupid".

that is what I do, but I make them into "passwords" by taking the first letter or two of the words in the phrase then randomly toggling the case of different letters, and then adding symbols and numbers randomly throughout.

[Fiana]

Must be using that new counting system.

I used different word initially, but changed it later and forgot to adjust numbers

[Kalyyn]

Since we're on the subject of password no-no's, I've got a little story to share. Knew a guy who played a shaman. For the sake of anonymity, let's call him shocklol (and honestly that's pretty close to his actual character name.) Well, one day, Shocklol decided to have a buddy of mine do something on his account. Buddy comes online later that day, and absolutely cannot resist telling me something magical: Shocklol's username was shocklol, and his password was also shocklol.

Now I couldn't stand Shocklol, so this seemed like an opportunity to me. This was back in BC when Blizzard security was pretty loose, so I started getting on about once every other morning, stripping shocklol naked, deleting his hearthstone, and leaving him in the middle of Azshara or some other awful fly-over zone, as far as I could from any sort of civilization. I did this for almost a month before he finally changed his password. Got to listen to him going on about being hacked pretty much daily.

So one day I try it again, and can't get in. He's finally changed his password. But it took me all of 5 minutes to figure out that he'd just changed it to shocklol1. That was the last time I ever logged in to his account, and I decided to make it count. I bought as many pieces of wolf meat as I could off the auction house using his money. I think filled every empty slot in his bags and back with wolf meat. All said and done, he had about 400g worth of wolf meat, which is a shitload by BC values.

Let that be a warning to any of you using stupid passwords.