So this morning I was resetting my passwords since the primary one was about to expire. E-mail changed, no problem. Disk drive encryption, no problem. Corporate password ... problem. They ask "three questions" and if you don't get the exact, original speeling or Case wrong, you can't change it. Regardless, the old password worked and I called up the help desk who got me to a place to replace the three questions. Only this time, I answered, "one", "two", and "three" which reminds me of: "What do you mean, an African or a European swallow?" Bob Wilson
Yeah be real careful with your security question answers, gotta be exact, or no entry for you. I read lately, one really bullet-proof method for devising a password: use four simple but disparate words, strung together. Supposedly very hard to crack. For example: dogfarmcarfan
A pass phrase instead of a password. Learned about them on xkcd. I think they need spaces between the words, otherwise a computer can brute strength break them about as quickly as a typical password today.
"dog" and "fart" are too contiguous: try again, lol. (Think I subconsciously was thinking dogfart though...) (Our Shiba sometimes let's one go, then does his Shiba sideway glance trick.)
I've never though of using spaces in a password. Just Googling now: apparently spaces not allowed often?
I've known lots of people like that, but never me. Some characters like , and ( )= etc could be used instead of spaces. I know that using numbers to represent letters is easily cracked with hack algorithms, BTW.
My bank requires capital letters, small letters, numbers, and symbols.... And spaces if you want. What happened to the simple (before hacking) days of just using our birthday?
The trouble is.......... All IT people are soulless nebbishes who NEVER &*(%^%E##@!@! talk to each other (or anybody else!!) We use passphrases at big phone, but about one in every 4 IT people out in the real world will bounce my password change if I attempt the same strategery because it fails one of their buzz-kill "rules" (special characters, spaces, dictionary words, etc) Fortunately, I have a rolling system that seems to work, can be changed every 90 days, and meets about 90 percent of the password rules out there. One of these days I suppose I'll use a manager, but having to remember 1,438 different passwords seems to be a great tripwire for detecting the Alzheimer's. My credit is frozen and my checking account is protected by abject poverty - so I'm not really all that worried about privacy, but I do rotate my passwords regularly and keep them as robust as the character limits (another rule that varies) allow. All except my PC login. Think they'll ever guess it's H8Cl1nt0n! ??? (my 1994 'go-to' password!! It's served me well for over a decade!!)
Do you still remember your military "number"? Up here they use Social Insurance Number, it's basically hardwired now, know it better than my grandkids names. One trick I found, for aiding short term memory at least: mutter the number, it sticks better. I was a checker for quite a while: I'd need to retain a number for a minute or two. Was always muttering away, lol.
My military ID # is the same as my SSN without the dashes. We always used to say: "Whataya goona do? Take the dashes out of my Social Security Number???"
It's interesting how you can remember a long number better, with dashes or spaces. Breaks it up into mental meals.
You just made me hungry. I'm jumping in my Prius and headed to McDonald's. Later, gators. merged back to back posts as usual I love those "mental meals." I don't get fat.
The better systems use an RSA token: The six numbers change every minute. So you reuse the same prefix/suffix with the number and it makes a unique, one-time-only, password. Bob Wilson
And then my client's preferred login method involves a smart card. Looks just like a chip credit card, and is in fact similar technology. I really just use a password manager for everything, and then store the answers to the security questions in there, too. Most of my passwords, I've never even seen, I just copy and paste them out of the manager, it generates them. KeePass is my password manager of choice, largely because it handles password management in a local file, which I keep on my server and my phone.
Just create a phrase and use it. Not very hard to do: I can't stand my ex-wife one bit! Icsmx-w1b! Easy to remember, easy to enter. Lots of entropy.
But this condensed version suffers the same low entropy problem as the 'hard to remember' version in the cartoon.
Why? It's 80 bits. And you cannot make a four word password on most systems. I use pass phrases like this all the time. They're very easy to remember.
