Best Practice For Passwords Updated

Forum Moderators: open

Message Too Old, No Replies

Best Practice For Passwords Updated

engine

11:51 am on Aug 9, 2017 (gmt 0)

Passwords can't yet be avoided, so it's always good to get advice on the best tips and tricks. It seems the author of the original advice from fourteen years ago, Bill Burr, from the National Institute of Standards and Technology, now regrets the advice as computer password cracking systems are now so good that they can anticipate some of that advice and crack passwords much easier and faster. The advice included asking people to use characters, such as 0 instead of O, etc., which has now become commonplace. In addition, the advice was to change passwords frequently.

Nowadays, the computer systems can crack passwords so easily that changing password every 90-days will have little effect when it can be cracked in a matter of hours or days.

[theverge.com...]

Advice today suggest using combinations of random words, which is easier for humans to remember, but much more challenging for computer systems.

lawman

4:46 pm on Aug 9, 2017 (gmt 0)

Combinations of random words? Good luck with that, Most sites won't accept a password that doesn't involve you hopping up and down on one leg while juggling golf ball, a bowling pin, and a chain saw.

lucy24

4:50 pm on Aug 9, 2017 (gmt 0)

In other words:
[xkcd.com...]
although this one is funnier:
[xkcd.com...]

engine

5:52 pm on Aug 9, 2017 (gmt 0)

hehehe, thanks Lucy.

Yeah, there's an old joke that springs to mind on passwords.

"Sorry, your password has been in use for 60 days and has expired - you must register a new one."

flower

"Sorry, too few characters."

pretty flower

"Sorry, you must use at least one numerical character."

1 pretty flower

"Sorry, you cannot use blank spaces."

1prettyflower

"Sorry, you must use at least 10 different characters."

1blastedprettyflower

"Sorry, you must use at least one upper case character."

1BLASTEDprettyflower

"Sorry, you cannot use more than one upper case character consecutively."

1BlastedPrettyFlower

"Sorry, you must use no fewer than 25 total characters."

1BlastedPrettyFlowerShovedUpYourRearIfYouDon'tGiveMeAccessRightNow!

"Sorry, you cannot use punctuation."

1BlastedPrettyFlowerShovedUpYourRearIfYouDon'tGiveMeAccessRightFingNow

"Sorry, that password is already in use."

Lots of services do ask for special characters, which I understand the reasoning behind. Make use of them and add them to the words and phrases you choose.