Passphrases over passwords
-
I've begun to use pass phrases - several words, with spaces if possible - makes it easier to remember and it makes them difficult to crack. Especially if I use a sentence with a number occurring naturally along with punctuation. On top of that I use Norwegian phrases.
-
Yes, I certainly think that pass phrases are the way to go and I'll be using them in the future. My example is probably the exception to the rule.
-
According to Passfault, my password for here would take 33 years to crack. It says there are 1000 trillion passwords in the pattern. I suppose I should look for a more secure password. If I add a number at the end it says it would take 44 centuries to crack and there are 132 quadrillion passwords in the pattern. Of course how would we know that's true?
-
But, but... Wouldn't a multi-language dictionary attack crack any passphrase... ?
-
@ecuadorian said:
But, but... Wouldn't a multi-language dictionary attack crack any passphrase... ?
Within what time?
All passwords can be cracked - but the key is to make them so time-consuming it's virtually impossible. See the XKCD cartoon I embedded. It explains the pass phrase entropy. -
[off:3pqnnh45]When you open Sketchup, it phones home. How secure is that?[/off:3pqnnh45]
-
@mitcorb said:
[off:glmffd5e]When you open Sketchup, it phones home. How secure is that?[/off:glmffd5e]
It checks for software updates. What is your security concern against phoning home?
-
I was just wondering in general how secure that channel might be, not necessarily Sketchup, but any software that uses this method.
-
I thinks it's a fine idea to use pass phrases instead of passwords, but we need to get website security on board as well. Many limit the length of password you can use, 6-18 characters or so. 18 characters isn't bad, but I've some limited to 12 or less.
-
And what is your certitude of this site http://passfault.com/ is not made by little astucious clever unfair people ???
Very practical for recover some of them without effort!
Make a data base with them and launch this list first so some times won in brute force for research to break secret paswords!
So don't test your own passward but a variation!
And even with that it's more easy to find some thing than from nothing!
-
Pilou is right to be skeptical (about things on the internet). It's unlikely that that site fools people to believe their passwords are secure (therefore the algorithm is enough comprehensible). But:
• I wouldn't submit my real passwords to check them (only analogue patterns).
• And I wouln't use online password generators (even if they are not evil, what if they are once cracked themselves? What if the served passwords are reproducible after it was cracked?) -
@escapeartist said:
I thinks it's a fine idea to use pass phrases instead of passwords, but we need to get website security on board as well. Many limit the length of password you can use, 6-18 characters or so. 18 characters isn't bad, but I've some limited to 12 or less.
I recently sent a frustrated email to my bank - they limited the password to a-z,A-Z,0-9 ... a banking site! FFS!
-
Ah, banks.
They already have your money.
[off:a2hfkqdz]I just finished my second bite back of one which tried to screw me out of the full, if modest, value of a checking account. Then with their new charges they put the account into negative territory and threatened collection which they said would ding my credit rating. The federal Office of the Comptroller and then their later morph took my form letters and the banks came around, the last time with a call form a special rep of the CEO, acknowledging the mistake....right.[/off:a2hfkqdz]
-
and the code of your credit card is not 4 numbers ?
-
Here's an interesting thought about your ID... and how we've all been sucked into way of thinking that is counter productive, and less secure as a result...
http://www.ted.com/talks/lang/en/david_birch_identity_without_a_name.html
For example, why does your bank card need your name, branch code and account number on it ?
This is only useful to a thief trying to steal your identity... but it's of no use to any one taking your card details for a legitimate transaction...
-
I keep hearing about identity theft in the US. Never heard of it down here (fingers crossed).
Maybe it's because here you always have to show your original citizen ID (called "cédula") when doing transactions, and some banks even digitize your fingerprint when cashing a cheque? Our ID card has more security features than a passport...
-
passfault didn't work for me. How does it return the result? does it take 550 years to return the answer? Or am I just not seeing it?
-
Hmm, its working now.
here's a hint for the landscape architects, use scientific plant name pass phrases:
rhaphiolepis indica killed xylosma congestum
Time To Crack:
9.262673711748022e+25 centuries
Total Passwords in Pattern:
280,000,000 DecillionAlso, adding the double spaces in there really pumped up the crack time.
Advertisement