How good is your password?

User avatar
Ted Myers
4StarLounger
Posts: 493
Joined: 30 Oct 2010, 02:12
Location: England UK

Re: How good is your password?

Post by Ted Myers »

StuartR wrote:
20 Apr 2023, 19:10
Ted Myers wrote:
20 Apr 2023, 12:15
A very interesting thread, but no one has posted where they test their passwords. I use https://www.security.org/how-secure-is-my-password/
You should never put a real password on one of these sites
This is the first time anyone has spoken of this.
All my passwords use all characters available, all over 16 items, no passwords are repeated. I have MFA on every one possible and use Google Authenticator App.
If it wasn't for bad luck I'd have NO luck at all.
Windows 11 Home 23H2 Laptop

User avatar
StuartR
Administrator
Posts: 12577
Joined: 16 Jan 2010, 15:49
Location: London, Europe

Re: How good is your password?

Post by StuartR »

Ted Myers wrote:
21 Apr 2023, 15:41
StuartR wrote:
20 Apr 2023, 19:10
Ted Myers wrote:
20 Apr 2023, 12:15
A very interesting thread, but no one has posted where they test their passwords. I use https://www.security.org/how-secure-is-my-password/
You should never put a real password on one of these sites
This is the first time anyone has spoken of this.
All my passwords use all characters available, all over 16 items, no passwords are repeated. I have MFA on every one possible and use Google Authenticator App.
That sounds pretty secure
StuartR


User avatar
ChrisGreaves
PlutoniumLounger
Posts: 15498
Joined: 24 Jan 2010, 23:23
Location: brings.slot.perky

Re: How good is your password?

Post by ChrisGreaves »

PJ_in_FL wrote:
20 Apr 2023, 23:58
And when past time viewing a.k.a "The Light of Other Days" by A. C. Clarke, becomes a reality, the bad guys will just watch as you type.
:clapping: :cheers: :chocciebar:

I tell you what, though, that site that Ted recommended is about as fast as the speed of light.
I had only typed the first character of my password "ejvbqrxdp3rbi705547510npagvfaanjeb0blicodvihemg3rbikjvbqrxdp3rbikjvbqrxdp", and the site told me INSTANTLY that the password was weak:-
Untitled.png
Cheers, Chris :evilgrin:
You do not have the required permissions to view the files attached to this post.
An expensive day out: Wallet and Grimace

User avatar
jonwallace
5StarLounger
Posts: 1118
Joined: 26 Jan 2010, 11:32
Location: "What a mighty long bridge to such a mighty little old town"

Re: How good is your password?

Post by jonwallace »

PJ_in_FL wrote:
20 Apr 2023, 23:58

And when past time viewing a.k.a "The Light of Other Days" by A. C. Clarke, becomes a reality, the bad guys will just watch as you type.
I think you mean by Bob Shaw...
John

“Always trust a microbiologist because they have the best chance of predicting when the world will end”
― Teddie O. Rahube

User avatar
RonH
SilverLounger
Posts: 2057
Joined: 02 Mar 2010, 16:53
Location: An Aussie in Norway

Re: How good is your password?

Post by RonH »

MFA as advised by Hans ... how can this be cracked :scratch:

My important links eg banking/other finance/email connect etc rely on MFA where access can require knowledge of my 'social number', password and a single use code sent each time to my mobile. Plus on banking I also have a second app that has to be accessed to send another code before any transaction can be made.

This all seems very secure?
CYa Ron
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.

User avatar
ChrisGreaves
PlutoniumLounger
Posts: 15498
Joined: 24 Jan 2010, 23:23
Location: brings.slot.perky

Re: How good is your password?

Post by ChrisGreaves »

BobH wrote:
19 Apr 2023, 18:28
... but I found that 12 characters was about as many as I wanted to have to type. ...
Honest question: Why are you typing them? Why not copy/paste from a stored document on your computer?
I have used the odd site that disallows in-pasting of a password, but now I think of it, there are fewer of these nowadays.
It's as if web site designers have realized that security is better served by immensely long and complex passwords at the risk of your passwords document being found on your powered-off computer overnight?

Storing my passwords in a document named "passwords.doc" is, of course, silly, but if I store passwords in "8oybhtgqrqr8oybht70554751ZEPVIi EkabmbN.pagv" where "pagv" is registered as being mapped to MSWord documents seems reasonably secure to me (on a laptop with 500,000+ files)

To locate that document by brute force a hacker would need access to my laptop, either by stealth, or by physical presence (sitting at the keyboard), so the passwords document is more secure than any other file on your system, right?

Cheers, Chris
Last edited by ChrisGreaves on 05 May 2023, 23:06, edited 1 time in total.
An expensive day out: Wallet and Grimace

User avatar
StuartR
Administrator
Posts: 12577
Joined: 16 Jan 2010, 15:49
Location: London, Europe

Re: How good is your password?

Post by StuartR »

RonH wrote:
01 May 2023, 05:56
MFA as advised by Hans ... how can this be cracked :scratch:
MFA is much more secure than just using a password, but it can be cracked in lots of ways. You can find a good list of ways to circumvent all kinds of authentication mechanisms in NIST publication SP 800-63B, look at section 8.1

The weakest factor is a text message sent to your mobile phone. This factor was deprecated by NIST a long time ago because it was being hacked so often. The common ways to do this are:
  • Trick you into telling the scammer the PIN when it has been to your phone
  • Hack into the phone network of a poor country, then send SS7 messages telling the worldwide network that your phone is roaming to that country (this one is very common)
  • Create a fake login page that looks just like the one from your bank. When you log in they use the information to immediately log in to your real bank, then disconnect you and carry on using the now logged in session
StuartR


User avatar
RonH
SilverLounger
Posts: 2057
Joined: 02 Mar 2010, 16:53
Location: An Aussie in Norway

Re: How good is your password?

Post by RonH »

Thanks Stuart for convincing me that I must resort to keeping dosh under the mattress :laugh:
CYa Ron
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.

User avatar
stuck
Panoramic Lounger
Posts: 8127
Joined: 25 Jan 2010, 09:09
Location: retirement

Re: How good is your password?

Post by stuck »

RonH wrote:
01 May 2023, 07:52
...I must resort to keeping dosh under the mattress :laugh:
NB doing that makes the mattress feel a bit lumpy but you soon get used to it.

User avatar
BobH
UraniumLounger
Posts: 9218
Joined: 13 Feb 2010, 01:27
Location: Deep in the Heart of Texas

Re: How good is your password?

Post by BobH »

I love the sound of crinkling cash in the morning!

Stuart, I use Roboform to store pw's. As I understand it, they are encrypted before leaving my computer and being stored in (presumably) their cloud. Two questions: 1) Do you know if they use key encryption and if so what they use for a key that would be unique to me? My master pw, perhaps?; 2) Is there any way to verify that the pw's are, in fact, encrypted before sending?

I misspoke. I have a third question: 3) If rf uses key encryption and the key is my master pw, wouldn't that make retrieving prior pw's impossible after changing a master key?
Bob's yer Uncle
(1/2)(1+√5)
Intel Core i5, 3570K, 3.40 GHz, 16 GB RAM, ECS Z77 H2-A3 Mobo, Windows 10 >HPE 64-bit, MS Office 2016

User avatar
StuartR
Administrator
Posts: 12577
Joined: 16 Jan 2010, 15:49
Location: London, Europe

Re: How good is your password?

Post by StuartR »

One method for this would be to encrypt everything with your password and re-encrypt it when you change passwords. Another method is to encrypt it all with a long secret key and then encrypt that key using your password. That makes password changes easier.

Roboform has regular external security audits which are (I think) published.
StuartR


User avatar
RonH
SilverLounger
Posts: 2057
Joined: 02 Mar 2010, 16:53
Location: An Aussie in Norway

Re: How good is your password?

Post by RonH »

stuck wrote:
01 May 2023, 15:25
RonH wrote:
01 May 2023, 07:52
...I must resort to keeping dosh under the mattress :laugh:
NB doing that makes the mattress feel a bit lumpy but you soon get used to it.
No worries, the lumps will match my ageing frame :sad:
CYa Ron
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.

User avatar
BobH
UraniumLounger
Posts: 9218
Joined: 13 Feb 2010, 01:27
Location: Deep in the Heart of Texas

Re: How good is your password?

Post by BobH »

Thank you, Stuart!
Bob's yer Uncle
(1/2)(1+√5)
Intel Core i5, 3570K, 3.40 GHz, 16 GB RAM, ECS Z77 H2-A3 Mobo, Windows 10 >HPE 64-bit, MS Office 2016

PJ_in_FL
5StarLounger
Posts: 1090
Joined: 21 Jan 2011, 16:51
Location: Florida

Re: How good is your password?

Post by PJ_in_FL »

jonwallace wrote:
30 Apr 2023, 23:02
PJ_in_FL wrote:
20 Apr 2023, 23:58

And when past time viewing a.k.a "The Light of Other Days" by A. C. Clarke, becomes a reality, the bad guys will just watch as you type.
I think you mean by Bob Shaw...
The novel by Stephen Baxter and Clarke was about a new technology that allowed people to view the past, and the subsequent societal impacts, mostly negative, that came from this technology. With this technology, anyone anywhere could be under observation at any time. So much for privacy! Corruption also was reduced. Hmmmm..... Maybe this wouldn't be so bad after all!

The short story by Bob Shaw of the same name was about "slow glass". Totally different concept, but a also a very dark story of people stuck in the past mentally. A character in the story has slow glass "windows" in his house that had recorded his now deceased wife and son, so he'd spend much of his time looking at the house and see their image in the slow glass windows.
PJ in (usually sunny) FL

User avatar
jonwallace
5StarLounger
Posts: 1118
Joined: 26 Jan 2010, 11:32
Location: "What a mighty long bridge to such a mighty little old town"

Re: How good is your password?

Post by jonwallace »

PJ_in_FL wrote:
01 May 2023, 16:48

The novel by Stephen Baxter and Clarke was about a new technology that allowed people to view the past, and the subsequent societal impacts, mostly negative, that came from this technology. With this technology, anyone anywhere could be under observation at any time. So much for privacy! Corruption also was reduced. Hmmmm..... Maybe this wouldn't be so bad after all!

The short story by Bob Shaw of the same name was about "slow glass". Totally different concept, but a also a very dark story of people stuck in the past mentally. A character in the story has slow glass "windows" in his house that had recorded his now deceased wife and son, so he'd spend much of his time looking at the house and see their image in the slow glass windows.
I stand corrected, and thank you for a potential read.
John

“Always trust a microbiologist because they have the best chance of predicting when the world will end”
― Teddie O. Rahube