SitePoint Sponsor

User Tag List

Page 3 of 3 FirstFirst 123
Results 51 to 67 of 67
  1. #51
    Non-Member
    Join Date
    Nov 2010
    Posts
    174
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Stormrider View Post
    I use totally random characters for mine, 20 characters or so when the website allows. I don't actually know what any of them are... I use a password manager to generate and then store them.
    I also use a password manager and also a password generator. The best way I think.
    Still the cartoon ... quite simple algorithms to improve security.

  2. #52
    Life is not a malfunction gold trophysilver trophybronze trophy
    TechnoBear's Avatar
    Join Date
    Jun 2011
    Location
    Argyll, Scotland
    Posts
    6,207
    Mentioned
    264 Post(s)
    Tagged
    5 Thread(s)
    Not really relevant, but I had to share this.

    Nick Helm has won an award for the funniest joke at the Edinburgh Fringe with "I needed a password eight characters long, so I picked Snow White and the Seven Dwarfs".

  3. #53
    SitePoint Member
    Join Date
    Jun 2006
    Location
    LinkChannels.com
    Posts
    12
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Aleksejs View Post
    And what about passwords that are used to unlock password manager?
    well you just need to memorize just one master password for your password manager.
    LinkChannels Web Directory - Human-edited web directory.
    ArticleWheel - Article Submission Directory

  4. #54
    SitePoint Guru
    Join Date
    Oct 2006
    Location
    Queensland, Australia
    Posts
    852
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I choose passwords based on the sensitivity of the information they protect. For most website such as forums, I typically use 1 of about 3 passwords. At most, if I haven't visited a site in a long time, I know it's going to be one of those 3. The passwords aren't easy to guess, but they're optimized for convenient typing. That doesn't mean I choose seqential keys, but rather I limit the amount of hand movements and contorting wrist twists I have to perform to type the password.

    For more sensitive stuff like bank, paypal, web facing servers, domain registration, etc, I always use a slightly longer and harder to guess password, and only ever use the password for that single service. I can remember most of my passwords off the top of my head, but I do keep a copy of them in case I ever forget one.

  5. #55
    SitePoint Member
    Join Date
    Aug 2011
    Posts
    13
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I also use a password generator. and sometimes I use simple passwords and replace some of the letters with numbers for examble a 2 instead of Z, 5 instead of S and so on.
    Do you guys think that makes any different? I don't know much about password security

  6. #56
    SitePoint Member jerxe's Avatar
    Join Date
    Aug 2011
    Posts
    11
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The cartoon is almost complete and offers a good clue on how to set up your password but don't forget if you have a good dictionary you may broke that very easy.

  7. #57
    SitePoint Member
    Join Date
    Aug 2011
    Posts
    13
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    alright, thanks

  8. #58
    SitePoint Member jerxe's Avatar
    Join Date
    Aug 2011
    Posts
    11
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by mortimerGER View Post
    I also use a password generator. and sometimes I use simple passwords and replace some of the letters with numbers for examble a 2 instead of Z, 5 instead of S and so on.
    Do you guys think that makes any different? I don't know much about password security
    Replacing some letters with numbers is used by very young users, dinosaurs may use other type of methods to secure their passwords :P

  9. #59
    SitePoint Wizard silver trophybronze trophy Stormrider's Avatar
    Join Date
    Sep 2006
    Location
    Nottingham, UK
    Posts
    3,133
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    The cartoon points out that replacing letters with numbers isn't very secure - it's easy to try variations on dictionary words in this manner that it isn't really suitable IMO. I use totally randomly generated passwords with letters, numbers and special characters.

    The most important factor in password security is length. The second most important is using different types of character - eg symbols, number, lower and uppercase letters. After that I guess its making sure it isn't based on a dictionary words.

  10. #60
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    It pisses me off everytime I have to sign up for a site and found out my long password which can be between 32 and 64 (by default) is too long, or some of the characters are invalid. That is bad, very bad!

    If one is handling passwords correctly, length and characters contained with the password should be a non-issue. Example, a password should be able ot have an SQL injection attack within, but handled right it won't do a darn thing.

    Code php:
    <?php
     
    $username = some_db_escape( $_POST['username'] );
    $password = hash( $_POST['password'] ); # Secured!
    
    $sql = some_db_query( 'SELECT WHERE username=$username AND password=$password' );

    After hashing, the password will be a fixed length and the default encoding hexadecimal contains a fixed set of characters. The value is no longer a security threat to your application.
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  11. #61
    SitePoint Author silver trophybronze trophy
    wwb_99's Avatar
    Join Date
    May 2003
    Location
    Washington, DC
    Posts
    10,633
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    And if you were properly using your DB with prepared/parameterized queries, you would never have this sql injection vector.

    Also, in 2011, most sites really don't need to hold passwords at all -- OpenID is here. Why would you want to take on the onus of owning the credentials?

  12. #62
    SQL Consultant gold trophysilver trophybronze trophy
    r937's Avatar
    Join Date
    Jul 2002
    Location
    Toronto, Canada
    Posts
    39,262
    Mentioned
    60 Post(s)
    Tagged
    3 Thread(s)
    Quote Originally Posted by wwb_99 View Post
    OpenID is here.
    your faith in technology is touching

    rudy.ca | @rudydotca
    Buy my SitePoint book: Simply SQL
    "giving out my real stuffs"

  13. #63
    Non-Member
    Join Date
    Apr 2011
    Location
    no fixed address
    Posts
    851
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Too many posts in this thread for me to read all of them so my apologies if this discussion on calculating password strength has already been posted.

  14. #64
    SitePoint Author silver trophybronze trophy
    wwb_99's Avatar
    Join Date
    May 2003
    Location
    Washington, DC
    Posts
    10,633
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by r937 View Post
    your faith in technology is touching

    Fair point, but why is it bad? It is a pretty solid feature when implemented properly. And actually makes quite a bit of sense in modern distributed architectures -- authentication becomes a service, users get single sign on and I get out of the business of storing other people's secrets.

  15. #65
    SitePoint Member
    Join Date
    Sep 2011
    Posts
    7
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Simple rules I use. Take first three numbers of your birth date, and last three number of the year for example. And in the middle put some sentence which you will remember for sure like "you will never guess this pass". So your password would look like f.e. 056you will never guess this pass979 for someone who is born on 05. 06. 1979. I guess you get the point...

  16. #66
    SitePoint Member
    Join Date
    Nov 2011
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The characters must be between 12 to 16 and that must be settled in a way so it could be different and unique in a way so it should be difficult to be theft.

  17. #67
    SitePoint Member
    Join Date
    Nov 2011
    Posts
    10
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I also use a mixture of special characters, numbers and upper and lower case letters . It is easy to remember if you make passwords from the words that you remember easily. One should not use the complete word , which they oftenly use . But ,use some part of it in their passwords .


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •