Lt Belenko Posted March 26, 2010 Share Posted March 26, 2010 Even though the letter on the hack indicates there was never any danger of PW's being lost here's my 2 pennys worth: My company is real strict on passwords. Must contain minimum: 1 UPPER 1 lower 1 number 1 special !@#$%^&*-=+_ avoid ()/ \. I replace some letters in my phrases with numbers S=5, o=0 a=@ etc 8-10 characters long Hacking computers can run the entire dictionary in zip**** milliseconds. Avoid words, use things like phrases. As a trigger for a phrase Think favorite line of favorite song or movie. Something you see in the room etc. "Battlefront.com Home of Superior Wargames" Using these rules this becomes: bFc_h05wG!. Something you could never EVER forget but totally complex a hacking computer could never find it. No birthdays, no pet names, no "PASSWORD" for password - dumbass, keyboard and qwerty are pretty hackable too. Yeah, we all have 25-100 PWs. Don't use the same PW on your PBEM files as your 401(k) - dumbass. But it is OK to group a few: all gaming sites the same, all PBEM games the same, all news sites the same, all knitting/sewing sites the same, all dating sites the same, all porno sites the same.The important ones: each bank different, each email different, all bill paying sights the different, paypal, ebay, amazon etc. There are other kinds of protection available too: If you don't move into the 21Century of PW schemes: You're screwed! 0 Quote Link to comment Share on other sites More sharing options...
Redwolf Posted March 27, 2010 Share Posted March 27, 2010 Things like these are completely useless in this day and age. "Strong" passwords like these do not change anything about the fact that today passwords are stolen from a keyboard logger, by a breakin into the server or by listening. Brute-forcing passwords that are not directly in the dictionary but reasonable variations on the other hand is out of fashion. Almost everything that takes a password these days doesn't allow a flood of attempts so there's no brute-forcing. Of course IT departments are 10-15 years behind and actually require all this upper/lower/digit/special char nonsense, thereby forcing the user to take one of two actions: 1) write that complicated password down everywhere, electronically and on paper and 2) re-use the same password for everything from spoken phone "secret words" to the CIA database at work or, most common 3) both. 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.