Rules for setting passwords

[spudbynight]

Why are there so many companies employing moronic password rules.

Mrs spud just managed to require me to reset my Apple ID. I need a new password that must contain a capital, must not contain the same char three times and I think three other criteria

I use mnemonics for all my passwords. I find it really hard to remember passwords that involve case sensitive letters or special characters.

Apple are not the only drongos who do this.

/end rage

 

[Van Hellseek]

Annoys me in CPx too.

Although I appreciate the importance.

 

[arknor]

yea i hate caps and some make you include symbols aswell its beyong a joke and should be opt out for people dont dont pick retarded passwords anyway

like my email pass is something like
dj339b2493
surely more than secure enough? does it really need to be
Dj339b2493*-

 

[Soundood]

totaly agree with you, any sites that ask me for capital/number/no three letter/and add special characters, i try to avoid.

any i cant, i just use 'forgoten password' function each time i have to visit

 

[arknor]

totaly agree with you, any sites that ask me for capital/number/no three letter/and add special characters, i try to avoid.

any i cant, i just use 'forgoten password' function each time i have to visit

stupid thing is some of them when they auto assign you a password after you do a recovery dont even follow the websites own rules

 

[spudbynight]

totaly agree with you, any sites that ask me for capital/number/no three letter/and add special characters, i try to avoid.

any i cant, i just use 'forgoten password' function each time i have to visit

It is a new thing with Apple - my old password didn't follow their new rules.

 

[Scougar]

I think the criteria determining whether your password is weak or strong is a joke. Capital letters etc, when we've made it so most things are now lower case (the internet etc).

I REALLY hate the one's that say it has to be between 8 and 12 chars (for example). crazy. You've just wiped out a vast swathe of possible passes with something so close to each other. I'd rather have a higher minimum but a much higher maximum. Like 10 min, 30 max.

I certainly have a 'system' that makes it easier for me to remember, but with more than 30 places requiring passwords (prob more like 50+), I can't get it right all the time, especially with auto-save passes lol.

 

[Van Hellseek]

Got a link for that xkcd comic? Just wondering what the mouseover is for it.

 

[Begbie]

In work we are given the passwords not allowed to make our own, you can imagine what happens here so you don't forget them! Very secure.

Got a link for that xkcd comic? Just wondering what the mouseover is for it.

Reverse google search

Won't let me do it at work

 

[Pawnless Endgame]

I normally use a made-up word (to prevent dictionary attacks) and append it with a few numbers before or after, as close to 16 characters as poss.

 

[Van Hellseek]

Reverse google search

Won't let me do it at work

Mouseover =

"To anyone who understands information theory and is in an infuriating argument with someone who does not (possibly involving mixed case), I sincerely apologise."

 

[PermaBanned]

But since the 'person' trying to guess your password doesn't know anything about it (i mean, they can assume certain things but it's not a given) the only really important thing is the actual number of digits.

Well, that and the storage encryption.

 

[Azza]

I usually use a phrase combined with some numbers & unique characters for websites that are important, email log in, shopping etc.

Like say for amazon / kindle log in it would be something like, "ilikereadinglotsofawesomebooks *number & special character sequence* *then name of site (if it can be used)*"

or I'll abbreviate the phrase so for the above it would be "ilrloab *numbers etc* *name*"


For other stuff or if a website want's like how spudbynight is describing I just use KeePass to generate something.

 

[Energize]

xkcd

Incredibly vulnerable to a dictionary attack.

 

[daz]

Incredibly vulnerable to a dictionary attack.

If you say that there are 50,000 words in a "standard" dictionary then you have 50,000^4 combinations in a 4 word combination, that's 6.25 x 10^18, but I get your point that most people are probably going to use a very small vocabulary of words in something like this.

 

[Meridian]

The most retarded site I've seen is the one that wouldn't allow a password longer than ten digits (sadly I can't remember who it was). Seriously - when the longer the better is what counts.

M

 

[Uhtred]

i use the diceware method for my passwords. Others laugh at me for how ridiculously long they are and don't realise that it's incredibly easy to memorise.

 

[Marky]

I've begun to use the program "1Password" which generates a super difficult password for each site I'm on and remembers it. It works pretty well

 

[Arnie]

Newb question: if the site has proper protection against brute-force login attempts, isn't the complexity of the password pretty much a moot point?

 

[ubersonic]

I just put a © in my passwords /shrug