The Virtues and Vicissitudes of Passwords

[DavidSnider]

Where did you get "inzlsybkueuxkuxzjlwbbhbol" from? All the password generators I've see are bit wize and mind foolish.

https://www.lastpass.com/features/password-generator

 

[Algr]

Interesting. The first thing it told me was "phydnaphotor".

Edit: Unfortunately most sites will not let you use "ierfairedwainjugstimerylverticarypionictuciansangl" as a password because it contains no numbers, special characters, or squirrel sounds.

 

[DavidSnider]

Interesting. The first thing it told me was "phydnaphotor".

Edit: Unfortunately most sites will not let you use "ierfairedwainjugstimerylverticarypionictuciansangl" as a password because it contains no numbers, special characters, or squirrel sounds.

Then you just pad them all with with !1, they still aren’t cracking it

 

[Algr]

Prisencolinensinainciusol

Oh no — pwned!
This password has been seen 3 times before.

 

[aeth3r]

Use fingers randomly in keyboard when create your password. That is your algorithm and can't cracked by hashcat or unknown specifically hash algorithms created by unknown creators. Define your hash with your neural random functions.

 

[vela]

The problem I have with password managers is that I don't believe the claim that "You'll never have to type the password in yourself." What if I need to log in from a different device?

It sounds like you made up your mind about password managers without ever having used one or even looked into them.

These days, the only places I have to type in a password manually are on web pages where, for some reason, pasting into a password field is disabled. For these cases, I typically use a password that consists of several words chosen by random.

It isn't humanly possible to write down Il|1¡iO0りˆ^`' on a piece of paper and then type it back correctly a year later.

If you were using a password manager, you wouldn't have to write it down on paper and type it back in.

Even case sensitive passwords are a major issue. We are all taught to reflexively change lower case letters to upper case at the beginning of a sentence and in many other places. It is not natural for us to think of them as separate objects. This is what my analogy pic with the burning resistor is about.

When I'm typing a password, I'm not thinking I'm typing a sentence and therefore have to capitalize the first letter and include punctuation.

 

[Vanadium 50]

Use fingers randomly in keyboard when create your password.

Nonsense.

What people think of as "random" is not. For example, if you ask people to write down a string of random digits, consecutive digits will differ far more often than if they were random.

If you want a random password, use a random password generator. Faster, easier, and more secure than making up something on your own.

 

[Vanadium 50]

It sounds like you made up your mind about password managers without ever having used one or even looked into them.

This. Maybe even This++.

These days, the only places I have to type in a password manually are on web pages where, for some reason, pasting into a password field is disabled

This can often be worked around. For example, Treasury Direct thinks its more secure to use a virtual keyboard - but that of course provides an incentive to keep passwords short. There is a Grease Monkey script that makes this work just like a regular password.

 

[aeth3r]

Nonsense.

What people think of as "random" is not. For example, if you ask people to write down a string of random digits, consecutive digits will differ far more often than if they were random.

If you want a random password, use a random password generator. Faster, easier, and more secure than making up something on your own.

You're right. That can react only for experienced computer users. I thinked this because for increase entropy in cryptography. Random password generators is generally safe only for trusted developers and that passwords are third-party data. I'm sensing only with hands without patternly typed and lingustic words, dates, numbers and symbols on keyboard. Are higher uncertainty and more chaotic %100 safier system can possible without hands?

 

[Algr]

It sounds like you made up your mind about password managers without ever having used one or even looked into them.

That's quite an assumption. I have trouble getting iCloud to sync. Sometimes it does, sometimes I have to text records to myself. I don't know why. Passwords that I have written down and used suddenly stop working for no reason, and I have to call and spend hours on the phone getting into my account. Security questions don't work because I was one letter off on how a street name from my childhood was spelled. The stuff we have now doesn't work reliably. I get locked out of stuff too often now, and it consumes so much time fixing it. Why assume that some new replacement will be reliable when so much that is out their now is not?

Do you know what has been reliable for me? Fingerprint scanners. And they got rid of them. ::Eyeroll::

BTW: If these corporate experts are so good, why are their records always leaking?

 

[aeth3r]

That's quite an assumption. I have trouble getting iCloud to sync. Sometimes it does, sometimes I have to text records to myself. I don't know why. Passwords that I have written down and used suddenly stop working for no reason, and I have to call and spend hours on the phone getting into my account. Security questions don't work because I was one letter off on how a street name from my childhood was spelled. The stuff we have now doesn't work reliably. I get locked out of stuff too often now, and it consumes so much time fixing it. Why assume that some new replacement will be reliable when so much that is out their now is not?

Do you know what has been reliable for me? Fingerprint scanners. And they got rid of them. ::Eyeroll::

BTW: If these corporate experts are so good, why are their records always leaking?

Mostly leaked datas is providing by malwares or web security vulnerabilities. This is because of it providing web and software vulnerability or directly server database breaching. It's not related for password or random password generators. The password generators still to useful for block crackers possibilities.

 

[Algr]

Mostly leaked datas is providing by malwares or web security vulnerabilities. This is because of it providing web and software vulnerability or directly server database breaching.

Lots of passive voice to avoid saying "The people who screwed up are telling us how to fix the mistakes they keep making." Maybe it is all true, and there are no better alternatives, but I resent the implication that the situation is all my fault for having human-level information processing capabilities.

 

[DavidSnider]

Lots of passive voice to avoid saying "The people who screwed up are telling us how to fix the mistakes they keep making." Maybe it is all true, and there are no better alternatives, but I resent the implication that the situation is all my fault for having human-level information processing capabilities.

Nobody said there aren’t better alternatives. People are saying what the best practices are for the situation we are currently in.

Your posts don’t seem all that interested in why these are suggested. It sounds like you just want to vent about how bad software is. Trust me, nobody is going to argue with this, especially software engineers.

 

[DavidSnider]

In every other aspect of life it is just understood that there is a trade off between convenience and security but for some reason computers have to be magic.

 

[berkeman]

This thread has had a long and happy life, and is now locked. It will take the correct pa$$word to unlock it for any further discussion...