Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Results 1 to 6 of 6
Like Tree2Likes
  • 1 Post By TheGAME1264
  • 1 Post By Ronald Roe

Thread: Passwords

  1. #1
    Senior Member bleau canon's Avatar
    Join Date
    Mar 2011
    Location
    Appalachia Blue Ridge Mts.
    Posts
    586
    Member #
    27201
    Liked
    176 times

    Passwords

    I watched a short program tonight on an Atlanta news station about passwords. The commentator said that one way hackers can't get past anything you have password protected is to use phrases that you can remember

    I changed one of mine tonight to: mypetroosterisspoiled. No way can I forget that one.

    It does sound promising though.
    Bleau
    "Give the gift of life, Adopt a child, And an Animal"

  2.  

  3. #2
    Unpaid WDF Intern TheGAME1264's Avatar
    Join Date
    Dec 2002
    Location
    Not from USA
    Posts
    14,485
    Member #
    425
    Liked
    2783 times
    This is why I hate mainstream media coverage of anything. Hackers can get past any password that you come up with through sheer brute force. Eventually, as they go through all of the various alphanumeric combinations they can guess at a password, provided that the login page doesn't limit attempts (and most don't). There is no such thing as a hack-proof password, no matter what the news tells you. In fact, many PCI compliance check providers will make you change your password every 2-3 months and not reuse one that you had before for this specific reason (mind you, I hate the non-reusing function as it requires the storing of a password in such a way that it can be guessed at).

    Now...does that mean you shouldn't use a phrase for a password? No, that's not what it means. Using a phrase makes guessing that much more difficult. However, don't use a phrase by itself. I try to create strong passwords whenever possible, and I'm working on a site right now that actually makes strong passwords a requirement. My strong passwords are usually mixed case and include at least one number and a symbol. To make it easier to remember, I try to work a 2 (to/too) or a 4 (for) into the equation as well for easy recollection. Something like this:

    Goin2DaBeach!

    or

    BlueJay$4Life

    Again, it's not foolproof (and by the way, I don't use either of those as passwords so don't bother trying to hack me using them). But it's a lot better and much tougher to guess than a lowercase phrase.
    If I've helped you out in any way, please pay it forward. My wife and I are walking for Autism Speaks. Please donate, and thanks.

    If someone helped you out, be sure to "Like" their post and/or help them in kind. The "Like" link is on the bottom right of each post, beside the "Share" link.

    My stuff (well, some of it): My bowling alley site | Canadian Postal Code Info (beta)

  4. #3
    Senior Member Ronald Roe's Avatar
    Join Date
    Mar 2011
    Location
    Oklahoma City
    Posts
    3,141
    Member #
    27197
    Liked
    959 times
    In the Air Force, the running gag is that we have to create passwords we'll never remember, but by god, you better not write them down. DoD standard passwords require at least:
    - 18 characters
    - 2 uppercase
    - 2 lowercase
    - 2 numbers
    - 2 special characters
    - no repeating characters
    - no phrases

    And yes, many of the systems actually bump the password against a dictionary and stop you from even doing what Adam does with his with the numbers. Secret and Top Secret level systems even check to make sure you're not making a pattern on the keyboard.

    I can't use it for work, but for my personal passwords, I use Lastpass, which even has a generator that will spit out DoD compliant passwords.
    Ron Roe
    Web Developer
    "If every app were designed using the same design template, oh wait...Bootstrap."

  5. #4
    Unpaid WDF Intern TheGAME1264's Avatar
    Join Date
    Dec 2002
    Location
    Not from USA
    Posts
    14,485
    Member #
    425
    Liked
    2783 times
    So the most popular page on the Air Force website is the page to get your password reset?
    Ronald Roe likes this.
    If I've helped you out in any way, please pay it forward. My wife and I are walking for Autism Speaks. Please donate, and thanks.

    If someone helped you out, be sure to "Like" their post and/or help them in kind. The "Like" link is on the bottom right of each post, beside the "Share" link.

    My stuff (well, some of it): My bowling alley site | Canadian Postal Code Info (beta)

  6. #5
    Senior Member Ronald Roe's Avatar
    Join Date
    Mar 2011
    Location
    Oklahoma City
    Posts
    3,141
    Member #
    27197
    Liked
    959 times
    Yep. Only problem there is that the "page" is usually someone's physical office. As a matter of security, passwords can only be reset by an administrator, and it usually takes about 24 hours to make it happen. A lot of the non classified stuff has gone to a token-and-pin-based (chipped card that doubles as our military ID card, plus a 6-8 digit pin) single sign-on, so it's only the classified or FOUO applications that require actual passwords anymore. It's getting better, but we have a long way to go.
    TheGAME1264 likes this.
    Ron Roe
    Web Developer
    "If every app were designed using the same design template, oh wait...Bootstrap."

  7. #6
    Unpaid WDF Intern TheGAME1264's Avatar
    Join Date
    Dec 2002
    Location
    Not from USA
    Posts
    14,485
    Member #
    425
    Liked
    2783 times
    I agree. You should change the pin policy. Get a physical pin, draw blood, and sign a piece of paper with your bloody finger to get your password set. Much better pin policy.
    If I've helped you out in any way, please pay it forward. My wife and I are walking for Autism Speaks. Please donate, and thanks.

    If someone helped you out, be sure to "Like" their post and/or help them in kind. The "Like" link is on the bottom right of each post, beside the "Share" link.

    My stuff (well, some of it): My bowling alley site | Canadian Postal Code Info (beta)


Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT -6. The time now is 04:01 PM.
Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com