Use longer passwords instead of complicated ones?
-
- Administrator
- Posts: 79521
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Use longer passwords instead of complicated ones?
Best wishes,
Hans
Hans
-
- 4StarLounger
- Posts: 570
- Joined: 30 Oct 2010, 02:12
- Location: England UK
Re: Use longer passwords instead of complicated ones?
I just used my password manager to create a 16 character password.
-
CKTOb54EeyiwmE1j
I altered it to prevent confusion when entering it in my Android Phone to:-
CKT£b54Eey@wmE&j
-
CKTOb54EeyiwmE1j
I altered it to prevent confusion when entering it in my Android Phone to:-
CKT£b54Eey@wmE&j
If it wasn't for bad luck I'd have NO luck at all.
Windows 11 Home 24H2 Laptop
-
- PlutoniumLounger
- Posts: 16270
- Joined: 24 Jan 2010, 23:23
- Location: brings.slot.perky
Re: Use longer passwords instead of complicated ones?
This brings up the age-old question of how to remember these longer passwords. I know of two tricks:-
(1) Use place or people names from your youth; “Crawshawbooth” in Lancashire and “Boodarockin” in Western Australia come to mind. Then switch one (or two) adjacent letters on the QWERTYkeyboard: Use”M” instead of “N”, or “0” in place of “O” to fool some of the people who might be watching you log in (or unlock a template or …)
(2) Use repetition. I can remember 3-character strings such as "fjl" and "vsj", so "fjlvsi" could be a password, but "fjlvsifjlvsifjlvsifjlvsi" is four times as long yet just as memorable.
Cheers, Chris
If it isn't one thing it's another, and very often both. E.F.Benson
-
- Administrator
- Posts: 79521
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Re: Use longer passwords instead of complicated ones?
Many people use "tricks" such as o > 0, i > 1, e > 3 and s > 5, but that doesn't really fool advanced algorithms anymore.
Best wishes,
Hans
Hans
-
- 4StarLounger
- Posts: 570
- Joined: 30 Oct 2010, 02:12
- Location: England UK
Re: Use longer passwords instead of complicated ones?
I find it easier and saves time if the chance of inputting a character can have another that looks similar, especially when adding them to a phone as I havn't mastered copy from pc + paste to phone.
If it wasn't for bad luck I'd have NO luck at all.
Windows 11 Home 24H2 Laptop
-
- PlutoniumLounger
- Posts: 16270
- Joined: 24 Jan 2010, 23:23
- Location: brings.slot.perky
Re: Use longer passwords instead of complicated ones?
Agreed. I was looking at the human side of remembering long passwords.
I've believed in longer passwords at least since the 62-element character set (a-z, A-Z, 0-9) was allowed. Each character multiplies the time-to-crack by a factor of 62, and I reasoned that even if the most powerful (to date) computer was turned loose, an extra (say) 62x62x62 level of time is significant.
If it all took 238,328 times as long (the price of those extra three characters), then either "they" would need 238,328 times as many computers OR "they" could only crack at 1/238,328 the number of passwords they currently crack, loosely speaking.
In my example above "fjlvsi" is 238,328 times more expensive to crack than "fjl", and while "fjlvsifjlvsifjlvsifjlvsi" is 56,800,235,584 times more expensive to crack than "fjlvsifjlvsifjlvsi", it needs no more effort on the part of the human to memorize.
Cheers, Chris
If it isn't one thing it's another, and very often both. E.F.Benson
-
- Administrator
- Posts: 12819
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
Re: Use longer passwords instead of complicated ones?
The recommendation in NIST SP 800-63B-4 isChrisGreaves wrote: ↑05 Oct 2024, 11:23This brings up the age-old question of how to remember these longer passwords. I know of two tricks:-
...
NIST.SP.800-63B-4.2pd.pdf wrote: 765 Verifiers SHALL allow the use of password managers. Verifiers SHOULD permit claimants
766 to use the “paste” functionality when entering a password to facilitate their use.
767 Password managers have been shown to increase the likelihood that users will choose
768 stronger passwords, particularly if the password managers include password generators
StuartR
-
- 5StarLounger
- Posts: 798
- Joined: 29 Jan 2010, 13:30
Re: Use longer passwords instead of complicated ones?
I use a combination of all the postcodes (=zipcodes for Non UK residents) plus upper and lower case. I don't know how secure they are against a password cracking algorithm but when I use them, I get a 'Strong' rating.
Silverback
Silverback
-
- UraniumLounger
- Posts: 9564
- Joined: 13 Feb 2010, 01:27
- Location: Deep in the Heart of Texas
Re: Use longer passwords instead of complicated ones?
Am I doing this wrong? I use Roboform to generate passwords. I can control their length and allow the use of capitals and special characters. I use a different password for every need. I store them in Roboform which uses cloud storage so that I can access them from all platforms. I don't even try to remember them.
What's wrong with this practice?
What's wrong with this practice?
Bob's yer Uncle
Dell Intel Core i5 Laptop, 3570K,1.60 GHz, 8 GB RAM, Windows 11 64-bit, LibreOffice,and other bits and bobs
(1/2)(1+√5) |
-
- Administrator
- Posts: 79521
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
-
- SilverLounger
- Posts: 2142
- Joined: 25 Jan 2010, 02:12
Re: Use longer passwords instead of complicated ones?
Better yet, start migrating to using passkeys. See Passwordless authentication and Should you use passkeys instead of passwords.
Joe
-
- Administrator
- Posts: 12819
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
Re: Use longer passwords instead of complicated ones?
I use Roboform for most sites, but passkeys where they are available. Here is an example of a generated password following my Roboform rules.
-4@D4uKXE£$QyJUZR#%7tqBs^eeY
-4@D4uKXE£$QyJUZR#%7tqBs^eeY
StuartR
-
- UraniumLounger
- Posts: 9564
- Joined: 13 Feb 2010, 01:27
- Location: Deep in the Heart of Texas
Re: Use longer passwords instead of complicated ones?
Does Eileen's Lounge support passkeys?
Can password managers (like Roboform) store them and provide them appropriately for website credential checking?
I wish there were standard for web page authors. Two things I'd like to see in that standard are 1) the date last updated, and 2) whether site supports passkeys. Maybe you can suggest other standards.
If browsers were written (or modified) to look for the standards and display them in a consistent manner - and not display pages that are not compliant, perhaps web designers would be encouraged to adopt the standards.
Can password managers (like Roboform) store them and provide them appropriately for website credential checking?
I wish there were standard for web page authors. Two things I'd like to see in that standard are 1) the date last updated, and 2) whether site supports passkeys. Maybe you can suggest other standards.
If browsers were written (or modified) to look for the standards and display them in a consistent manner - and not display pages that are not compliant, perhaps web designers would be encouraged to adopt the standards.
Bob's yer Uncle
Dell Intel Core i5 Laptop, 3570K,1.60 GHz, 8 GB RAM, Windows 11 64-bit, LibreOffice,and other bits and bobs
(1/2)(1+√5) |
-
- Administrator
- Posts: 12819
- Joined: 16 Jan 2010, 15:49
- Location: London, Europe
Re: Use longer passwords instead of complicated ones?
Roboform can store passkeys..
Eileen's Lounge does not support passkeys.
Eileen's Lounge does not support passkeys.
StuartR
-
- UraniumLounger
- Posts: 9564
- Joined: 13 Feb 2010, 01:27
- Location: Deep in the Heart of Texas
Re: Use longer passwords instead of complicated ones?
Thank you, Stuart.
Bob's yer Uncle
Dell Intel Core i5 Laptop, 3570K,1.60 GHz, 8 GB RAM, Windows 11 64-bit, LibreOffice,and other bits and bobs
(1/2)(1+√5) |