FabSwingers.com > Forums > The Lounge > Passwords
Passwords
Jump to: Newest in thread
| |||
| |||
"What's your password OP? " All Uppercase no spaces 
| |||
"Following from a previous thread, thought I would remind people about password safety. Passwords used to be guessed, literally, and a more complicated password makes it harder to guess. This is easily demonstrated as follows. Imagine your password has to be a combination of upper case, lowercase, numbers and special characters (!@£$ etc). 1) A password that is 1 character long is a 1 in 82 chance to guess 2) A password that is 2 characters long is a 1 in 6724 chance to guess... 3) A password that is 8 characters long is a 1 in 2044140858654976! Seems like a lot, but a computer can guess that 8 character password in about 8 hours. But the thing is, they already guessed it, and stored those guesses in a massive file. And so now, instead of guessing your password, they steal all the passwords in their encrypted format by hacking your apps and websites, and just look it up against a pre-cracked list. Takes seconds, if they can get hold of your encrypted password. And password breaches happen all the time. Case in point: My Fitness Pal Date: February 2018 Impact: 150 million user accounts In February 2018, diet and exercise app MyFitnessPal (owned by Under Armour) exposed around 150 million unique email addresses, IP addresses and login credentials such as usernames and passwords stored as SHA-1 and bcrypt hashes. The following year, the data appeared for sale on the dark web and more broadly. The bad news: I bet you already have had your password breached by someone. Go check, if you are on iPhone, go into SettingsPasswordsSecurity RecommendationsDetect compromised passwords. Yeah, Apple buy these lists too, and use them to inform you you are on them. Be horrified how many places have lost your data. On my list, Google, my daughters school, Cineworld.... The good news: When they have 150million accounts to look at, they will basically use other pre-prepared lists of people of influence, rich people, famous people, important people...and you will probably get overlooked..hopefully. What you can do: Well, creating, and storing these frankly mind boggling enormous lists of password cracks is expensive, and the longer your password is, the harder it is for someone to crack it in advance and the more data they need to pay Amazon or Microsoft to store it. So just make them so long that they can't afford to do it (yet). But long passwords are hard to remember, so you're stuck between a rock and a hard place, right? Wrong, because the game has changed from guessing, to stealing it and comparing it, the ONLY thing that matters is length (phnarr) Th1$is4HARDp4$$w)rd - seems great, and it is very hard to crack, and sufficiently long that not many criminal gangs can pay for the compute and storage to hold it, but you know what's better? MargaretThatcheris100%sexy - it's slightly longer, and so easy to remember you will never need to write it down. Plus it's approximately 6723 times harder to crack than the one above... a list of 9 character long passwords increase the 8 hours to 3 weeks. Up to 10 characters and its 5 years. 11 characters, 400 years.... Remember these times come down every week, but if you are using a 15 character password, that's currently 15billion years of computer to guess them all.... TLDR: Use LONG passwords of at LEAST 12 characters that are EASY to remember, forget about complex character substitution. Never re-use them" Good tips  | |||
| |||
| |||
| |||
| |||
| |||
| |||
What are your thoughts on suggested passwords though service such as Google and Apple? I use these, do I have good protection, I think I do as they are all different, long, random and I don't need to remember them.
It would be good to know if i have too much confidence in those password services | |||
| |||
| |||
"Where possible, use a two factor authentication. Eg a text sent to your phone with a one time code you have to enter to verify you're trying to log in." If you have this option, please do use it. Sometimes it's optional to setup, but it's a further layer whereby even if you do have your password compromised, you are still safe unless they have specifically targeted you and have knobbled where the 2nd factor is sent to... | |||
"All good advice
What are your thoughts on suggested passwords though service such as Google and Apple? I use these, do I have good protection, I think I do as they are all different, long, random and I don't need to remember them.
It would be good to know if i have too much confidence in those password services "Personally, I use these for burner sites where I don't expect to want to log in regularly or again for speed. They suggest very good passwords on the whole, but suffer from the "can't remember what it is" factor, so if you lose your phone, maybe you just lost your passwords to everything... Even your password manager needs a password... And often they are hidden behind thumbprint or facial recognition so you rarely use them. Need to set them up on a new phone? Hope you remember what the password was 2 years ago when you last actually typed it... | |||
| |||
| |||
"All good advice
What are your thoughts on suggested passwords though service such as Google and Apple? I use these, do I have good protection, I think I do as they are all different, long, random and I don't need to remember them.
It would be good to know if i have too much confidence in those password services
Personally, I use these for burner sites where I don't expect to want to log in regularly or again for speed. They suggest very good passwords on the whole, but suffer from the "can't remember what it is" factor, so if you lose your phone, maybe you just lost your passwords to everything... Even your password manager needs a password... And often they are hidden behind thumbprint or facial recognition so you rarely use them. Need to set them up on a new phone? Hope you remember what the password was 2 years ago when you last actually typed it..." | |||
"All good advice
What are your thoughts on suggested passwords though service such as Google and Apple? I use these, do I have good protection, I think I do as they are all different, long, random and I don't need to remember them.
It would be good to know if i have too much confidence in those password services
Personally, I use these for burner sites where I don't expect to want to log in regularly or again for speed. They suggest very good passwords on the whole, but suffer from the "can't remember what it is" factor, so if you lose your phone, maybe you just lost your passwords to everything... Even your password manager needs a password... And often they are hidden behind thumbprint or facial recognition so you rarely use them. Need to set them up on a new phone? Hope you remember what the password was 2 years ago when you last actually typed it..."Are password managers any good? | |||
 | |||
