Model Boat Mayhem

Please login or register.

Login with username, password and session length.
Pages: [1]   Go Down

Author Topic: How safe are your passwords?  (Read 1986 times)

fatcat123

  • Guest
How safe are your passwords?
« on: October 03, 2011, 08:34:07 pm »

Just saw this site mentioned on 'The Gadget Show' on Ch5.

Very useful for selecting the passwords you use for your computer etc.

http://howsecureismypassword.net/

Dan  :-))
Logged

bobk

  • Guest
Re: How safe are your passwords?
« Reply #1 on: October 03, 2011, 08:52:35 pm »

I remember on BBC News Nick Helm's winning joke at the Edinburgh Fringe . . .
"I needed a password of eight characters so I picked 'Snow White and the Seven Dwarves' ."

I loved that one !
Logged

Craig Dickson

  • Guest
Re: How safe are your passwords?
« Reply #2 on: October 03, 2011, 09:08:55 pm »

The issue I have with online passwords for accessing sites that may contain my card details and bank details, is that before long I forget which long (ultra secure) passwords I created!

As much as there are plenty of websites suggesting bullet proof passwords, Iíve yet to see one that gives a bullet proof method of storing them securely.

However if I was to suggest only one tip to make your password or sign on more secure it is this:
NEVER have your password comprised only of numbers. It takes only a smart computer program to find your access number in seconds. Always include NON numerical characters in your password.

Cheers
Craig
Logged

RaaArtyGunner

  • Guest
Re: How safe are your passwords?
« Reply #3 on: October 04, 2011, 02:00:39 am »


However if I was to suggest only one tip to make your password or sign on more secure it is this:
NEVER have your password comprised only of numbers. It takes only a smart computer program to find your access number in seconds. Always include NON numerical characters in your password.Cheers
Craig

As well as upper/lower case and other keyboard symbols.
Logged

Tug-Kenny RIP

  • Full Mayhemer
  • *****
  • Offline Offline
  • Posts: 7,670
  • Location: Newport. S Wales
Re: How safe are your passwords?
« Reply #4 on: October 04, 2011, 10:00:33 am »


I agree with Craig in that mine is safe for 3 Trillion years of hacking. However, it is recorded on someone else's computer anyway.   %)

Ken

Logged
Despite the high cost of living   .......... It remains popular

johno 52-11

  • Full Mayhemer
  • *****
  • Offline Offline
  • Posts: 297
  • Model lifeboats built to perform
  • Location: Dudley "The Blackcountry" West Midlands
    • lifeboat Models
Re: How safe are your passwords?
« Reply #5 on: October 04, 2011, 11:27:33 am »

Firstly I never trust a site that offers to check your password it could be a malicious site that is harvesting your entry to add to an attack dictionary?

A password that follows the 8 from 4 rule is recommended.

That is a password of 8 characters or more with at least one from each of the character sets lower case alpha, upper case alpha, numbers and symbols.

This gives 96^8 or 7.2 quadrillion possibilities and 2 years ago would take 23 years to crack.

The problem is that if we apply Mooreís Law to the power of a PC that is down to 12 yearís

The other way of improving the speed at which passwords can be cracked is to use high end graphics cards.

But the biggest risk to your password is not how good it is but how secure is the machine you are entering it on. A bit of hidden malware that has a key logger and no matter how strong your password is the bad guys will always get it.
Logged

malcolmfrary

  • Full Mayhemer
  • *****
  • Offline Offline
  • Posts: 5,783
  • Location: Blackpool, Lancs, UK
Re: How safe are your passwords?
« Reply #6 on: October 07, 2011, 10:26:43 am »

Your password can be as complicated as you like, and this is OK for access to the contents of your machine, but bear in mind that if it is for a web service, it will be held at the other end because that is where the verification takes place.  If as and when the other end gets hacked, as happened with hotmail a couple of years ago, the hackers, or those to whom they sold the information, have full use of your long and complicated password.  I got the hint when I got some non delivery reports from addresses that I hadn't sent to for years past, plus a polite inquiry from Martin asking why I thought he needed chemical substances to enhance his person.  Best security is to change more often, then the stolen information becomes useless.
Logged
"With the right tool, you can break anything" - Garfield

dreadnought72

  • Full Mayhemer
  • *****
  • Offline Offline
  • Posts: 1,898
  • Wood butcher with ten thumbs
  • Location: Airdrie, Scotland
Re: How safe are your passwords?
« Reply #7 on: October 07, 2011, 12:11:41 pm »

Best security is to change more often, then the stolen information becomes useless.

So true. When I worked in IT a couple of years ago, I met many people who had been using the same password for 10-15 years. Changing it every couple of months might seem a pain, but it really is worth it.

Andy
Logged
Enjoying every minute sailing W9465 Mertensia

johno 52-11

  • Full Mayhemer
  • *****
  • Offline Offline
  • Posts: 297
  • Model lifeboats built to perform
  • Location: Dudley "The Blackcountry" West Midlands
    • lifeboat Models
Re: How safe are your passwords?
« Reply #8 on: October 07, 2011, 04:16:36 pm »

Your password can be as complicated as you like, and this is OK for access to the contents of your machine, but bear in mind that if it is for a web service, it will be held at the other end because that is where the verification takes place.  If as and when the other end gets hacked, as happened with hotmail a couple of years ago, the hackers, or those to whom they sold the information, have full use of your long and complicated password.  I got the hint when I got some non delivery reports from addresses that I hadn't sent to for years past, plus a polite inquiry from Martin asking why I thought he needed chemical substances to enhance his person.  Best security is to change more often, then the stolen information becomes useless.

If you are still using Windows XP or Vista on your computer then a complicated password may not be as secure as you think. The problem is that Microsoft in there efforts to make thing backwards compatible with Windows 95 and 98 store the hash of the password in two different forms. The one that is used for 95/98 compatibility is weak because of the algorithm that is used and with the right software and a little knowledge a password can be cracked in as little as 20 minuets. To stop XP or Vista storing the weak password there are two things you can do. Enter a password of 15 characters or more and you will get message that it is not compatible with 95/98 or there is a registry entry NoLMhash that can be turned on that will stop it storing the weak LM hash.

Web sites that follow good security practices should not store your password but store the hash of your password. They should then use a system called challenge response to get the hash of your password and compare that with the hash that is stored. That way if someone hacks the site they only get the hash of the password and would have to go away and try and crack it and if itís strong that would take quite a bit of time.

Your email attack was probably due to a piece of address book stealing malware than a hack of your account. There was a virus that went around some time ago that would take the address book from outlook and then spoof an email to look like it came from one of the addresses in the address book and send it to all the other contacts in the address book. This worked on the probability that some of the contacts in the address book probably knew each other and would open the email thinking it had come from the sender when actually it came form someone else. The reason this is possible is that the protocol behind email was designed before melware was thought of. 


Logged

malcolmfrary

  • Full Mayhemer
  • *****
  • Offline Offline
  • Posts: 5,783
  • Location: Blackpool, Lancs, UK
Re: How safe are your passwords?
« Reply #9 on: October 07, 2011, 05:29:24 pm »

Quote
Your email attack was probably due to a piece of address book stealing malware than a hack of your account. There was a virus that went around some time ago that would take the address book from outlook and then spoof an email to look like it came from one of the addresses in the address book and send it to all the other contacts in the address book. This worked on the probability that some of the contacts in the address book probably knew each other and would open the email thinking it had come from the sender when actually it came form someone else. The reason this is possible is that the protocol behind email was designed before melware was thought of. 
No.  Hotmail suffered a publicised hack that I read about just after the incident that resulted in a large number of their user accounts information being pilfered from their servers.  Your information is not just held on your machine.  This information was used to "send" , seemingly from those accounts so that the messages would appear to come from a trusted source.  The sting would have been in the recipient clicking the link, and the result of visiting a dodgy site. 
Should Google and friends get their way, all of your information will be held centrally, the box that you "own" will just be for accessing that information, like a dumb terminal.  Just how you get in touch with them and/or get your information back when your chunk of internet goes down or there is an accounts muck-up is not explained, because the universal assumption is that it won't happen because it can't.
Logged
"With the right tool, you can break anything" - Garfield
Pages: [1]   Go Up