Comments on: How strong is your password?

By: Mark Mathson

Mark Mathson — Wed, 20 Jun 2007 20:02:43 +0000

“…the weakest link in our security chain is the common stuff we tend to overlook.”

I couldn’t agree more. It can be difficult to teach someone the importance of using a ’strong’ password. It comes down to education, and systems such as the one Wordpress.com and other sites implement to suggest using stronger passwords.

By: Martin Wright

Martin Wright — Thu, 14 Jun 2007 21:37:25 +0000

If you need to get a strong password you can use for uniquely generated, strong passwords.

Thanks
Martin

By: Around the web | alexking.org

Around the web | alexking.org — Sun, 10 Jun 2007 15:18:32 +0000

[...] How strong is your password? [...]

By: Chemistry in password » Â§hÂªÂ®dz Ã¸f mÃ°Ã¯ LÃ¯fÂ£

Chemistry in password » Â§hÂªÂ®dz Ã¸f mÃ°Ã¯ LÃ¯fÂ£ — Fri, 08 Jun 2007 13:09:36 +0000

[...] look at this post’s comments and found this: I figured the chemical formula approach, coupled with a very [...]

By: Willem

Willem — Fri, 08 Jun 2007 00:27:34 +0000

what’s the use of strong passwords when your no using an encrypted transport (like SSL). The WP installation from WP.org should have an integrated SSL solution instead of those plugins etc. Most of them are not that easy to install. Lots of bloggers blog ‘on the road’ and are vulnerable to sniffing.

Back on the strong password topic; try using passphrases. Those are generally longer than 8 to 10 characters, and pretty easy to remember

By: Titel

Titel — Thu, 07 Jun 2007 22:01:03 +0000

The degree of vulnerability of automated systems is not given by technology, but by human error. Successful crackers rely on social engineering instead of brute force; technology is simply much more powerful than people.

I believe it’s wrong to look only at the password’s complexity and say when it is secure and when not. If the user doesn’t change the password for years, it’s just as bad as an easy to guess password. If the password is written on a post-it on the screen or under the keyboard, it’s useless. If the password is “password”, the user should pack the computer and send it back to the store.

A good password is one that: is difficult to memorize (not a word, not a number, definitely not something in the dictionary), is changed periodically, is not written down in clear. For their own convenience, people make the mistake of choosing easy to remember passwords, but these are also easy to guess or easy to be remembered by others who happen to take a glimpse at the password written down in your Moleskin. Make it hard for others to accidentally learn your password; you’ll be typing it every day, and you’ll learn it in a few days, but others should not be able to reproduce it even after staring at it for 10 seconds.

Try this: 8 lowercase characters and no vowels (more difficult to learn, unable to pronounce), having symbols on alternating sides of the keyboard (so you can type them fast with both hands). Examples: t8zj2yqk, wj4nv9qh, mrj1yvp3. Yeah, they don’t make sense, and that’s the point. Type them 20-30 times over 2 or 3 days, and you’ll be surprised how easy they come back to mind.

Want to write your password somewhere in plain sight but hidden from untrained eyes? Write a block of 8 lines, 8 characters per line - also numbers and consonants. Write your password on the sixth column, from the bottom up. Don’t tell anyone what those letters and numbers are, why you carry them in your wallet, and how the block should be read.

Voila!

By: Jenny

Jenny — Thu, 07 Jun 2007 21:12:55 +0000

I need to think about this too on some stuff. I tend to choose stuff that’s easy for ME to remember. I guess I could be setting myself up for disaster.

By: David Bradley

David Bradley — Thu, 07 Jun 2007 19:48:23 +0000

I figured the chemical formula approach, coupled with a very simple algorithm, like reverse the formula would basically be unforgettable and produce relatively complex passwords that would generally not succumb to bruteforce attacks, unless someone has a chemical dictionary to hand of course. But, then you could always pick a compound like vancomycin tack on its molecular weight to several significant figures and then apply your algo. e.g start with C66H75Cl2N9O24 add the molecular weight, 1449.2536 without the decimal point and apply your personal system, chop of the ends, reverse it, remove the numbers and put them at the front, whatever…

By: Mario

Mario — Thu, 07 Jun 2007 19:19:31 +0000

I did several internal assessment over password strength in my company and usually at least 30-40% of the passwords are too weak (things like you name, you surname, you company ID and so on)….
Passwords ARE the weak point. I also run penetration test and the other source of weakness are the software maintenance. You cannot do a lot against unpatched vulnerability, but the lack of update is often the key to break system security….
So, a check to your password is a good point to start….

By: Jason

Jason — Thu, 07 Jun 2007 18:56:37 +0000

Chemical compositions … why haven’t I thought of it before?!?!?!

After having my password hacked in high school (back in 1994 …) I started using phrases at least 14 characters in length made up of names, the greek alphabet, numbers and, in some cases, punctuation marks. To keep things secure, these passwords are changed every month and never used twice.

So far, I’ve only forgotten one password ….

By: David Bradley

David Bradley — Thu, 07 Jun 2007 17:10:24 +0000

I thought of a neat way to create memorable passwords if you are a scientist (or actually anyone else for that matter)

http://www.sciencetext.com/pas.....tists.html

Anyone care to create such a password for a complex compound and test it with the strength meter?

By: Mark Ghosh

Mark Ghosh — Thu, 07 Jun 2007 16:39:26 +0000

I do assume, but I thought “someone guessed my not-at-all secure password to this blog” said it all.

By: Lloyd Budd

Lloyd Budd — Thu, 07 Jun 2007 16:36:26 +0000

You assume what Matt’s problem was. What if at the time it was insecure for some other reason