How breakable is your password?
Discussion
otolith said:
Those presumably are times for brute force cracking a stolen hash on fast equipment. You obviously can't brute force the front door of a system in that manner.
Exactly. Also most people are stupid and share passwords across sites. Eventually it will get leaked from a s
tty site that has 0 concept of infosec and stored the passwords in plain text and now all their accounts are compromised.My normal personal password is 13 characters, upper and lower with special characters. Very easy for me to remember and I would hope unique and pretty secure.
Issue is work need my PW to change every couple of months so like many I use the same short phrase and just change the number on the end.
I've now started using the passwords generated by my phone and facial recognition for everything personal and unimportant, ie. websites etc
Issue is work need my PW to change every couple of months so like many I use the same short phrase and just change the number on the end.
I've now started using the passwords generated by my phone and facial recognition for everything personal and unimportant, ie. websites etc
Sheepshanks said:
21TonyK said:
Issue is work need my PW to change every couple of months so like many I use the same short phrase and just change the number on the end.
Does work not require a second factor?
) mine was the same as Tony and needed changing every three months. They also had rules about not repeating characters which just about ruled out every name/date combo from my immediate family My typical choice on the above table scores quite highly
It's interesting how various work password demands have changed recently. One has gone from upper/lowercase+numbers to a PIN (minimum 6 digits so almost inevitably a birthday
), while another has gone to all lower/no numbers with a minimum they don't tell you (
) but no passwords from a list of known ones which means swear words seem to be out. Blasphemy seems ok though. 
And the least important/likely to be hacked (CPD site) has gone 2FA.
), while another has gone to all lower/no numbers with a minimum they don't tell you () but no passwords from a list of known ones which means swear words seem to be out. Blasphemy seems ok though. And the least important/likely to be hacked (CPD site) has gone 2FA.
LastPoster said:
Mine didn’t and although not at present ( I’m currently resting ) mine was the same as Tony and needed changing every three months. They also had rules about not repeating characters which just about ruled out every name/date combo from my immediate family
My typical choice on the above table scores quite highly
When my wife was in the Civil Service they had to change password every month to something with letters and numbers and they found half the staff were using the month and year! ) mine was the same as Tony and needed changing every three months. They also had rules about not repeating characters which just about ruled out every name/date combo from my immediate family My typical choice on the above table scores quite highly
Microsoft recommends not enforcing password change intervals (but using MFA).
Sheepshanks said:
21TonyK said:
Issue is work need my PW to change every couple of months so like many I use the same short phrase and just change the number on the end.
Does work not require a second factor?Given the over zealous application of GDPR in house I'm suprised the rest is so relaxed.
snuffy said:
21TonyK said:
Issue is work need my PW to change every couple of months so like many I use the same short phrase and just change the number on the end.
That's wrong thinking on their part. Most organisations have stopped that because it's nonsense to enforce that type of thing.https://www.ncsc.gov.uk/collection/passwords/updat...
otolith said:
snuffy said:
21TonyK said:
Issue is work need my PW to change every couple of months so like many I use the same short phrase and just change the number on the end.
That's wrong thinking on their part. Most organisations have stopped that because it's nonsense to enforce that type of thing.https://www.ncsc.gov.uk/collection/passwords/updat...
Do you change your front door key (and lock of course) every 2 months? Of course not. Why would you? You'd only change it if a) you'd lost your key (c.f. forgetting your password) or b) someone stole it (c.f. someone has learned your password) or c) the lock/key broke.
And yet, for years, it was recommended that you do just this with passwords. Thankfully, almost all organisations have stopped this nonsense. You had to conclude that any place still doing it is really not up to their job.
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff