Rules for setting passwords

Statistically, I'd wager that there is a much higher likelihood of the website's user database getting stolen and decrypted (Sony, anybody?) than somebody randomly trying to bruteforce your account. Or somebody getting your account through a keylogger/malware.

Either you're in the tinfoil brigade or you have an overinflated opinion of your importance to the hacking community if you think there are people out there trying to crack your passwords on a regular basis... :rolleyes:
 
Well normally I use a mnemonic or similar and add some numbers to the end.

Commodore Amiga User Group South East England 1988

becomes

caugsee1988

or similar (rushes to change password on OcUK)
 
I don't use Barclays because their password rules stop me using my usual banking password and I can't remember the one they force me to use, although I do know it is a random string of expletives as they hack me off so much at the pointless hoops they expect people to jump through.

However just by answering simple questions like DoB I can log on via a password reset, security is therefore pretty minimal.
Ironic really.

For Apple I have to remember that my usual password now has a capital in front of it.
I can't imagine why apple think they need more obsurification than my bank, they could just delete any stolen Apps for one thing.

I can't use a password manager as I'm on too many devices.
 
bitslice said:
I don't use Barclays because their password rules stop me using my usual banking password
Click to expand...

do barclays still do the ****py three random letters from your password rubbish?

i hate sites like that because i just end up numbering the columns on a piece of paper and writing the passwords verticaly down the peice of paper and leaving it pinned to my wall.....
 
Our password rules are quite strict:

Changes every 30 day
Can't be the same as the last 12
Can't have the same character in the same place as the last
Must have 1 numeric value
More than 7 characters
Must be a mix of upper case and Lower case
... that's all I can think of but I'm sure there's more...

oh two numerics next to each other isn't permitted..


Casue and effect.. people understandably write them down and store them near their desk :p
 
I use very long and difficult passwords, and keep them noted down on a bit of paper at home and also on a memory stick i always have with me.

Example is something like ~ndjf%7493@#q5a0
 
I just use keepass, and use a ridiculously long password that I've had for years (and completely memorised) as my master password for the file.

Example: gf4p2hk/@r9*6723d7&^wef
 
daz said:
If you say that there are 50,000 words in a "standard" dictionary then you have 50,000^4 combinations in a 4 word combination, that's 6.25 x 10^18, but I get your point that most people are probably going to use a very small vocabulary of words in something like this.
Click to expand...

6.25x10^18 is feasable to break, 64-bit was brute forced a long time ago.
 
Last edited:
daz said:
If you say that there are 50,000 words in a "standard" dictionary then you have 50,000^4 combinations in a 4 word combination, that's 6.25 x 10^18, but I get your point that most people are probably going to use a very small vocabulary of words in something like this.
Click to expand...

Thing is, how do you know what sort of password someone has? Generally, people just have a single word with a combination of letters/numbers at the end. Very few people are going to follow the xkcd example and have multiple words, one after the other.
 
daz said:
If you say that there are 50,000 words in a "standard" dictionary then you have 50,000^4 combinations in a 4 word combination, that's 6.25 x 10^18, but I get your point that most people are probably going to use a very small vocabulary of words in something like this.
Click to expand...

Best advice is to build a real world mnemonic, for example the 4 pubs walking from my house to town - smithyvictoriaalbertgreyhound or street names on a route I know well (e.g. to the pub ;))
could be morrisnelsonclewsalbertmarsh and if I forget all I need to do is check google maps.

I prefer OTP for anything sensitive though (e.g. banking).
 
I use keypass as well, think the main thing is to have a different password for each site.

Had a bit of a facepalm moment when trying to do some matched betting, one of the sites (might have been skybet?) required the password to be 6-10 numbers and only numbers.
 
You must log in or register to reply here.
Back
Top Bottom