passwords

Topic: passwords (Read 1655 times) previous topic - next topic

passwords

October 24, 2014, 08:48:59 PM

wondering if there are any opinions out there on password strength techniques.

length , type of characters, ect and what the limitations there might be.

I was thinking one day it would be cool to write a macro on an Excel doc where "if the user" of the file entered the exact "time" shown" on his pc, that would ultimately be the "password"

any other creative unbeatable password construction styles out there ?

looking to build one that cant be ran through a program to discover it.

passwords

Reply #1 – October 24, 2014, 09:09:12 PM

My dad once wrote a program that required a password that must be entered while hitting not only the correct letters, but they must be typed to the beat of a song. Even if you know the password it would do you no good without knowing the tune, and being coordinated enough to "play" it on the keyboard.

passwords

Reply #2 – October 24, 2014, 11:01:39 PM

XKCD sums it up nicely!
http://xkcd.com/936/

passwords

Reply #3 – October 24, 2014, 11:19:32 PM

Quote from: JeremyB;439701

XKCD sums it up nicely!
http://xkcd.com/936/

it's too bad that users don't want to setup 20+ character passwords, so systems can't be configured to require ONLY a minimum length. Because users want short passwords, we are required to have apps look for uppercase, special character, etc in passwords.

passwords

Reply #4 – October 25, 2014, 12:14:26 AM

Quote from: Seek;439702

it's too bad that users don't want to setup 20+ character passwords, so systems can't be configured to require ONLY a minimum length. Because users want short passwords, we are required to have apps look for uppercase, special character, etc in passwords.

Yeah, my employer requires 14 characters with 2 upper case, 2 lower case, 2 numbers, and 2 special characters. Essentially mandating that users write down their password some place. A slightly longer minimum requirement would eliminate all that other .

I imagine it's too difficult to set up some OR gates for PW requirements such that you no longer have to use special characters or numbers if your PW meets a certain minimum character limit.

passwords

Reply #5 – October 25, 2014, 08:23:54 AM

other than key fobs, are there "conditional" password possibilities like I mentioned.
as of lately in order to protect a doc I have been using the file name of the actual document. I usually have a revision number within the file name as well but instead of using the rev number for the file, for password purposes it will always be the next higher numerical value. example : "est Oh TWC Canton South Gen and DC Plant 102214 jsc R11"
just sharing ideas about this.

I have no idea of the strength for the example I show, are there stronger methods?

passwords

Reply #6 – November 02, 2014, 06:18:42 AM

Much.

You can purchase a hardware security module developed by very, very, smart people which regularly regenerates key pairs and implement one or a combination of security modules like mag cards, smart cards, key fobs, biometrics, RFID, etc, etc, etc...

For most of us mere mortals, a non idiotic 8+ random character or 4+ random word password is fine. If you're paranoid, you can throw in numerics and special chars. Usually you can even go all out and throw some unicode in there (§,¿,÷,©,etc). You can make your fence as tall as you want. A random password generator may defy all odds and strike the nail on the head first try. No password - nor any security measure - is unbeatable, but 'breaking' a password is useless - Brute force these days relies on tables of pre-hashed passwords. If your password is not likely to be included in these tables, you're probably solid.

'Course if the encryption sucks or is non-present, it's all for naught anyway. A forty foot high fence won't protect your house too well if it's only a 4 foot section.