Jump to content
Posted 12 November 2012 - 01:20
Posted 12 November 2012 - 01:26
Posted 12 November 2012 - 01:29
Posted 12 November 2012 - 01:33
Posted 12 November 2012 - 01:39
Posted 12 November 2012 - 02:08
Posted 12 November 2012 - 02:35
OR JUST JAM ON YOUR KEYBOARD For sensitive accounts, Mr. Grossman says that instead of a passphrase, he will randomly jam on his keyboard, intermittently hitting the Shift and Alt keys, and copy the result into a text file which he stores on an encrypted, password-protected USB drive. “That way, if someone puts a gun to my head and demands to know my password, I can honestly say I don’t know it.”
Posted 12 November 2012 - 02:50
The problem is that most people have too many accounts and hard to remember all the passwords. They choose the easy way is to have the same password for pretty much all accounts. The way I have all passwords different for each account, but it's still easy to remember all.
Just create one complex password (mix lower case, upper case, numbers, special character ... etc...). Then you can add the last two letters (or 3 up to you) based on the account. Pick one logic, so you won't forget.
Eg. my password is sAmpL3pa55.
So if I have account with Hotmail, and I pick the first and last letter, so my password now is sAmpL3pa55hl
For newegg, I have sAmpL3pa55ng
... and so on.
This is the easy logic to have different password for each account you own, and you still have the strong passwords.
Posted 12 November 2012 - 03:18
the problem with that is that attackers actually take this into account as well, and if you look at the recent high profile cracks a lot of users do append the site's name (or a derivative thereof) onto a "general" password and it's no better because the pattern is trivial to figure out. now, part of it could be mitigated if everyone actually used sane password storage practices, but that seems to be quite a rarity.
Posted 12 November 2012 - 04:06
Posted 12 November 2012 - 04:09
I think people are being a little paranoid here. There are over 6 billion people in the world. There is security in just the shear number of people who use computers. No one cares about an individual person unless your really important. As long as you make your passwords reasonably hard to guess there should be nothing to worry about.
Posted 12 November 2012 - 05:58
This is the most widely repeated advice on passwords, and it's completely wrong. "correct horse battery staple" is about as secure as "xkcd" because - guess what - crackers use this newfangled thing called a dictionary.
The best password advice I've seen to-date is this https://www.grc.com/haystack.htm