1. Welcome to TalkBass 2014! If you're new here, we just went through a major site upgrade. Please post all concerns and bugs to the Forum Usage Issues forum. We will be monitoring that forum. Thank you for all of your feedback.

    The TB Android app is working, you may need to uninstall/reinstall. The iPhone app is now updated and should work after you upgrade. TalkBass is responsive to any screen size, so we recommend using your mobile browser for full functionality.

    Please read the TalkBass 2014 FAQ for lots of great info on the new software.

How to create a strong password...

Discussion in 'Off Topic [BG]' started by Stumbo, Feb 4, 2014.

  1. Stumbo

    Stumbo Wherever you go, there you are. Supporting Member

    Joined:
    Feb 11, 2008
    Likes Received:
    3
    This is a Kaspersky Security test screen I was able to access as a subscriber while logged onto their support site

    http://blog.kaspersky.com/password-check/

    Try various characters besides letters/numbers to increase your security.

    After you enter a test password an analysis will display.
  2. kanonfodr

    kanonfodr Supporting Member

    Joined:
    Jan 10, 2009
    Likes Received:
    1
    Hmmm...my formula generates a password that would take 3 months to be brute-forced at the minimum. One of them was listed as 3 centuries...yay!!

    Peace,
    Greg
  3. 1958Bassman

    1958Bassman

    Joined:
    Oct 20, 2007
    Likes Received:
    0
    11 letters, 10,000+ centuries and it actually has an easy pattern..
  4. blastoff99

    blastoff99 Supporting Member

    Joined:
    Dec 17, 2011
    Likes Received:
    0
    Well, that was sobering. Something that is like-my-password-but-not-my-password could be brute-forced in two days by the Mac.

    Guess I'll rethink this - right now.
  5. jp58

    jp58

    Joined:
    Dec 9, 2009
    Likes Received:
    0
    Yeah, looks like my passwords could all be cracked in a few days. I don't have anything on here worth spending two days on though.
  6. Selta

    Selta

    Joined:
    Feb 6, 2002
    Likes Received:
    2
    Disclosures:
    Uncompensated endorsing user: EBMM
    I don't even think they should bother with the single home computer as a baseline. Most brute forces are done in a BotNet, so IMO that one should be the top line.
    I use a different password for every site/login I have. If a site doesn't allow at least 15 characters, special characters/high ANSI, I don't register. I like how a theoretical, simple password of mine still shows as 10,000 centuries on the botnet and Tianhe-2.
    I wish more sites would move to dynamic two factor authentication though. Still no where near perfect, but a small step in the correct direction.
    If anyone is really interested in Cryptography, there's some movement being made on program obfuscation recently:
    https://www.simonsfoundation.org/quanta/20140130-perfecting-the-art-of-sensible-nonsense/
  7. Stumbo

    Stumbo Wherever you go, there you are. Supporting Member

    Joined:
    Feb 11, 2008
    Likes Received:
    3
    Are you using a password manager?
  8. MJ5150

    MJ5150 Terrific Twister Supporting Member

    Joined:
    Apr 12, 2001
    Likes Received:
    14
    Someone hacked my password the other day. I had to get a new dog.

    -Mike
  9. Pilgrim

    Pilgrim Supporting Member

    Joined:
    Jul 8, 2004
    Likes Received:
    4
    Hmmm. I see why my university changed their password requirements.

    My old 8-character PW with alphabetic characters and numbers would only take 24 minutes for a home PC to break. Adding a special character to it bumped the cracking time to 8 days.

    But using a 14-letter all-alphabetic conversational phrase which is easy to remember gave me a PW that would take 344 centuries to break! However, changing one or two letters makes a big difference in the time. (Hint: unusual words like "bandersnatch" really add time.)

    That's good cause for reflection.
  10. Selta

    Selta

    Joined:
    Feb 6, 2002
    Likes Received:
    2
    Disclosures:
    Uncompensated endorsing user: EBMM
    Yes. I use KeePass (http://keepass.info/) , and for my extra paranoid self, I keep the password file and key file in separate TrueCrypt containers (http://www.truecrypt.org/) that are themselves encrypted. Still not secure, but it'd be pretty difficult for most people to get to my credentials. Nothing is saved to the cloud, or within my browsers etc. KeePass is only run when I need the username/password, then closed, and the TrueCrypt containers dismounted.
    KeePass has a sweet password generator too that I sometimes use.

    Edit:
    Found a flaw already. They didn't include common rainbow table elements. If you put in 1a2b3c4d5e6f7g8h9i10j it says "4 years" for a BotNet. However, most rainbow files include that and permutations of that as well and would be cracked in most likely hours.
  11. mellowinman

    mellowinman

    Joined:
    Oct 19, 2011
    Likes Received:
    41
    Here is my old password:

    mimbiczu4%X9281yulabobnomnX429beagLehrblstN!rmle*yrmamazupadupa?lvRb0y853$

    I was having trouble remember it, so I decided to go back to

    password12345
  12. icks

    icks

    Joined:
    Jul 12, 2001
    Likes Received:
    0
    Kids with text-message vocabulary will increase their password easily

    my name ' laurent ' is hack in 1 sec but " £@ur3nT " is better
  13. jasper383

    jasper383 Supporting Member

    Joined:
    Dec 5, 2004
    Likes Received:
    0
    Simple three word nonsense phrases can be very effective.

    Using a site like this one:
    https://howsecureismypassword.net/

    A password like Maury Jackal Eleven would take a quintillion years to crack.
  14. wild4oldcars

    wild4oldcars

    Joined:
    Jan 22, 2012
    Likes Received:
    26
    2 seconds... great :rollno:
    but my other one is 44 years. not too bad
  15. SoComSurfing

    SoComSurfing Mercedes Benz Superdome. S 127. R 22. S 12-13.

    Joined:
    Feb 15, 2002
    Likes Received:
    0
    Odd. My formula of a combo of capital letters, lowercase letters, and numbers. When I substitute a number with a special character, it goes from 8 centuries to 2. I wouldn't have expected that. Another combo in that formula goes from 7 to 1.
  16. SteveC

    SteveC Supporting Member

    Joined:
    Nov 12, 2004
    Likes Received:
    5
    What are they doing with all the "test" passwords people are entering?
  17. 1958Bassman

    1958Bassman

    Joined:
    Oct 20, 2007
    Likes Received:
    0
    That's what I wondered. However, if someone goes to that site and their computer already has a keystroke logger, or if that site uses one, we're all screwed in the event that we decide to use some of the best new passwords.
  18. DwaynieAD

    DwaynieAD

    Joined:
    Nov 20, 2010
    Likes Received:
    6
    average home computer in 4 seconds. hell yeah
  19. DwaynieAD

    DwaynieAD

    Joined:
    Nov 20, 2010
    Likes Received:
    6
    forget the last letter in each of those nonsensical words and it gets better
  20. Phil Smith

    Phil Smith Mr Sumisu 2 U Supporting Member

    Joined:
    May 30, 2000
    Likes Received:
    2
    Disclosures:
    Developer: iGigBook Sheet Music Manager
    A brute force attack assumes there's no limit to the wrong attempts i.e. no lockout feature. Once you introduce a lockout feature, the brute force attack isn't effective at all.

Share This Page