Bay 12 Games Forum

Please login or register.

Login with username, password and session length
Advanced search  
Pages: 1 [2] 3 4 5

Author Topic: Password annoyances.  (Read 13204 times)

lordcooper

  • Bay Watcher
  • I'm a number!
    • View Profile
Re: Password annoyances.
« Reply #15 on: April 23, 2012, 11:12:34 pm »

I use 'password' because nobody would guess I'd be dumb enough to.
Logged
Santorum leaves a bad taste in my mouth

SirAaronIII

  • Bay Watcher
  • Western Romanticist
    • View Profile
Re: Password annoyances.
« Reply #16 on: April 23, 2012, 11:14:47 pm »

I use "incorrect" so when I forget, I just mash random letters and the website will remind me.
Logged
"I want to watch the sun setting below the horizon, thinking about my significance in this world. That's my dream."

lordcooper

  • Bay Watcher
  • I'm a number!
    • View Profile
Re: Password annoyances.
« Reply #17 on: April 23, 2012, 11:16:44 pm »

I use "incorrect" so when I forget, I just mash random letters and the website will remind me.
No you don't.
Logged
Santorum leaves a bad taste in my mouth

SirAaronIII

  • Bay Watcher
  • Western Romanticist
    • View Profile
Re: Password annoyances.
« Reply #18 on: April 23, 2012, 11:18:09 pm »

I mean for other things.
Logged
"I want to watch the sun setting below the horizon, thinking about my significance in this world. That's my dream."

GalenEvil

  • Bay Watcher
    • View Profile
    • Mac-Man Games
Re: Password annoyances.
« Reply #19 on: April 23, 2012, 11:47:54 pm »

a roommate of mine used *password* for his initial login on his computer... I thought he was a lot better with his security than that. He was getting ready for work when I got onto his computer, but still heard his annoyingly loud sound he put for when he logs on. He comes rushing out of his room, shoves me away from his computer, then changes his password >.> Took me about an hour to get back into it after he left for work lolz :D
Logged
Fun is Fun......Done is Done... or is that Done is !!FUN!!?
Quote from: Mr Frog
Digging's a lot like surgery, see -- you grab the sharp thing and then drive the sharp end of the sharp thing in as hard as you can and then stuff goes flying and then stuff falls out and then there's a big hole and you're done. I kinda wish there was more screaming, but rocks don't hurt so I guess it can't be helped.

Starver

  • Bay Watcher
    • View Profile
Re: Password annoyances.
« Reply #20 on: April 23, 2012, 11:52:03 pm »

My password is an entirely made up word with >=10 characters in it, which I probably won't ever forget since I've been using it for years. That's at least 3610 possibilities with the information I've given so far. Good luck figuring it out before the sun burns out and collapses on itself.

But...

Quote
My password is
Quote
My password
Quote
password

If that means that you use the same password for (ohidunno) eBay, Amazon, YouTube, Google (if those two aren't the same these days), etc, etc, then when someone gets to know your one password then (even if you use different login names, because that's even easier to reveal under the same circumstances) they've got your eLife, man....

Well, it's a good enough chance that I wouldn't advise it.  Sony network data being compromised and then many people's same-passworded registered GMail accounts, remember..?

Not to say that I haven't re-used parts of passwords (but each version modified for the target) but I also haven't done "abc123eBay", "abc123Amazon", etc, either.

My passwords all look something like a1OAiVU9.

You are a god among men though for memory.

Well, if my advice, when I was in a previous job where I was needed to tell people worldwide to choose better passwords upon the forced-refresh[1] is to think of a song title that you can remember, or a few lines from a book.  Take the initial letters of the title, lyrics or paragraph that you're sure you can remember and then apply your own morphing algorithm on it.  Switch the 3rd and 5th characters, "1337-5p34k" every other 'oh'/'zero' (or every other, other one, or 1st/2nd/3rd in every three, or 4th out of every 5 letters that can be morphed), or make up your own morphing routine (not A=1, B=2).  Think about reasons why whatever little changes (at least one rule) can be made to mean something to you, inside (e.g. "I always said 'three' as 'free', so instead of '3' in place of an 'E', I'm putting an 'F'"), so that you can just remember this, and the current lyrics/whatever that you're using.

It's more complex to describe than to do, honest folks.


And as far as remembering the passwords, here was my BIG tip: You'll often get a countdown until you are required to change your password.  Depending on the primary server that pesters you about this, a combination of "you have X more logins" or "you have Y more days".  Don't ever give in early and change your password at the end the Friday before you go off on your two-week vacation, because you're almost certainly going to want to call up the support people on the Monday you finally get back and get it reset again.  If you're going to be in and out of the system a lot, on that troublesome Friday, then do it first thing and then get your practice in multiple times by locking your desktop even when turning to chat with a colleague/whatever, if necessary..  At least to see if that works for you, the first time...


But obviously, that was my advice for these systems with the extremely sensitive (don't want to lose, don't want to leak!) data.  I'm not suggesting that the forum password you use here should be anything like as secure.  Online banking, yes.  Online shopping sites are also a good idea to have at least a modicum of the above (Correct Battery Horse stuff aside, which I though was a good idea too, when I first saw that XKCD, but I've still got My System working for me happily).  The stuff where you only lose reputation, at worst, should be angled to be whatever you value your reputation to be.  For several job-searching sites (where there's little change, if any, of anyone linking this diatribe with the accounts being used... not even being accessed on any machine that I access this forum with!), my passwords are loosely based upon body-parts with a pseudo 1337-ish conversion put upon them.  And I remember which body part is which because of the order I signed up with the sites (including one that I no longer use).  And, no, it's not the list in "Dem bones, dem bones, dem... dry bones". ;)

My forum password, as it happens, is much simpler.  Between a dozen and two-dozen characters (I don't wish to give you that much of a headstart, to some opportunist, by stating exactly which length) of somewhat tamer alphanumeric+punctuation nature.  Not unguessable if you know my mind and perhaps have already cracked other low-priority passwords of mine, but you'd really have to know what was going through my mind at the time to get a head-start, unless you're able to bash the server (or get a copy of it to bash onto) with a good old Brute Force method.  Having used JohnTheRipper myself[3], and knowing at least some of its full possible range of permutations, I think that would eventually get into it.  If you were able to do it in a covert/offline way and not activating any deadlocking or exponentially-increased timelocking of the account in the process, of course, if that's implemented on this particular system.



Anyway, kids, remember: Even if you're certifiably paranoid, They might still actually be out to get you for real!

And: http://www.darthsanddroids.net/episodes/0710.html

Of course, you could always try to use "********" as every password. ;)


[1] We had a lot of legacy data of deeply personal nature to the people being recorded.  We didn't want someone digging up an old copy of our server backups/archives or actual old-server-HDDs (despite all the precautions we took to not just safeguard the data from loss, but to prevent it ever being leaked... two sides of the "data security" coin) and managing to crack someone's old password and then trying it (or a "standardpassword+highernumbersuffix" variant) on the current system and succeed...  And that's why we insisted that passwords changed, but only had "cannot use any previous password" settings globally across all the different server platforms, not "and don't change 'Foo12' to 'Foo13', you fool!"...

[2] Also, don't ever use "Remember my password for me" options (in the places that our roll-out policies hadn't blocked it in the first place), because you'll never get any practice with it for when you are working on a different machine... Never mind the less-than-total safety of such a record should the machine get 'borrowed' over a weekend.

[3] The legitimate target of the hash-breaking[4] used a TV character name that was within the top 100 of the long, long 'frequency sorted password dictionary' list that had been recommended by the JtR download-site at the time.  Too easy.

[4] Or "re-hash with a common set of salts and check for synchronicity", rather.
Logged

Trapezohedron

  • Bay Watcher
  • No longer exists here.
    • View Profile
Re: Password annoyances.
« Reply #21 on: April 24, 2012, 12:23:27 am »

I am also this. Right now, I'm juggling between 4 random code passwords.
Logged
Thank you for all the fish. It was a good run.

G-Flex

  • Bay Watcher
    • View Profile
Re: Password annoyances.
« Reply #22 on: April 24, 2012, 12:26:02 am »

I use 'password' because nobody would guess I'd be dumb enough to.

Trust me. They would. It's the most commonly used password there is.
Logged
There are 2 types of people in the world: Those who understand hexadecimal, and those who don't.
Visit the #Bay12Games IRC channel on NewNet
== Human Renovation: My Deus Ex mod/fan patch (v1.30, updated 5/31/2012) ==

Moghjubar

  • Bay Watcher
  • Science gets you to space.
    • View Profile
Re: Password annoyances.
« Reply #23 on: April 24, 2012, 12:30:16 am »

Ah, passwords.  Passwords are fun!  I have plenty of 20+ character passwords that I don't even know what they are, but I know how to type them.

I use geometric memory and music for my passwords. I draw combinations of triangles and squares, I make symbols, I draw things like ships and fish.  There are practically never any words, and theres always a number here and there.

For music, I pick a tune (usually gaming music), think of the main theme, map notes to approximate keyboard letters and then play it across the keyboard from left to right (using pauses to reset as appropriate). 

My main problem is websites that give me limits on password size. UGH!
Logged
Steam ID
Making things in Unity
Current Project: Demon Legend
Made This too (publisher abandoned ) Farworld Pioneers
Mastodon

Starver

  • Bay Watcher
    • View Profile
Re: Password annoyances.
« Reply #24 on: April 24, 2012, 12:36:22 am »

Close to what I've found, having just broken out one of my JtR 'dictionary' files.

Sorted by decreasing occurrences:
12345
abc123
password  <-- there you are
computer
123456
tigger
1234
a1b2c3
qwerty
123
xxx
money
test
carmen
mickey
secret
summer
internet
service
   <-blank line!
canada
hello
ranger
shadow
baseball
donald
harley
hockey
letmein
maggie

...etc


At the bottom of the list (sorted alphabetically, presumably, after being clumped together with all other "found only once" passwords, in the original survey) is:
zhongguo

But this is an old list (early 1990s), and the farmed targets were probably university students on their first ever mainframe systems.  These days there may be other distributions, as well as names of reality TV stars that were hardly out of nappies when the above was compiled.


I use geometric memory and music for my passwords. I draw combinations of triangles and squares, I make symbols, I draw things like ships and fish.  There are practically never any words, and theres always a number here and there.
And then you occasionally find yourself on a Dvorak keyboard! ;)
Logged

Cheeetar

  • Bay Watcher
  • Spaceghost Perpetrator
    • View Profile
Re: Password annoyances.
« Reply #25 on: April 24, 2012, 12:37:42 am »

Who is giving computer scientists the idea that,

Forcing people to make unrememberable passwords, is a good idea?

You might be confusing 'a few people you talked to' with 'every single computer scientist ever'. Don't worry, this is a common mistake I'm sure.
Logged
I've played some mafia.

Most of the time when someone is described as politically correct they are simply correct.

lordcooper

  • Bay Watcher
  • I'm a number!
    • View Profile
Re: Password annoyances.
« Reply #26 on: April 24, 2012, 12:42:49 am »

Who is giving computer scientists the idea that,

Forcing people to make unrememberable passwords, is a good idea?

You might be confusing 'a few people you talked to' with 'every single computer scientist ever'. Don't worry, this is a common mistake I'm sure.

You seem to be confusing the few people you've spoken to with everyone ever.
Logged
Santorum leaves a bad taste in my mouth

Moghjubar

  • Bay Watcher
  • Science gets you to space.
    • View Profile
Re: Password annoyances.
« Reply #27 on: April 24, 2012, 12:49:22 am »

And then you occasionally find yourself on a Dvorak keyboard! ;)

Hooray for never having had that problem ever.  Though Dvorak does interest me, perhaps one day.
(Would also just remap keys if I absolutely had to make it work, assuming its not a space-keyboard or something it should work).
Logged
Steam ID
Making things in Unity
Current Project: Demon Legend
Made This too (publisher abandoned ) Farworld Pioneers
Mastodon

Ehndras

  • Bay Watcher
  • Voidwalker
    • View Profile
Re: Password annoyances.
« Reply #28 on: April 24, 2012, 12:52:44 am »

My 'secure' password is a 19-character mixture of capital, lowercase letters, and numbers arranged in a specific pattern I designed when I was younger. Oddly enough, the original 'algorithm' that determined this was my old Maple Story PIN number, heh.

But aye, I agree, annoying passwords are annoying.

As an insurance broker who opens corporations/LLCs, works with travel, taxes, and other assorted services, I have a box full of index cards full of passwords for over 60 different websites I need to use on a semi-regular basis, most of which are set to regularly reset their passwords, either by proxy or company standards.

4 of my most important passwords went null today; WebMVR, Progressive, Flatiron Capitol Premium Financing, and my company's main email. I raged.
Logged
Quote from: Yoink
You're never too old to enjoy flying body parts.  
Quote from: Vector
Ehndras, you are the prettiest man I have ever seen
Quote from: Dorsidwarf
"I am a member of Earth. I enjoy to drink the water. In Earth we have an internal skeleton."

FuzzyZergling

  • Bay Watcher
  • Zergin' erry day.
    • View Profile
Re: Password annoyances.
« Reply #29 on: April 24, 2012, 12:53:35 am »

I use the same password with some random stuff at the end for each different thing I need a password for.
Why? Because I just don't care.
Logged
Pages: 1 [2] 3 4 5