Jump to content

Not a fan of the forced 12 character passwords

Usmovers02

By Usmovers02
in Site Support

 Share

Recommended Posts

Arthmoor Grand Master

Arthmoor

Posted
Posted

+1 for KeePass. I've been using it ever since the second Bethesda hack (and first Nexus hack in between) and I regret nothing about that decision.

 

If someone gets physical access to my PC, I'm far more screwed than what may happen to my accounts as a result of that. Mainly because they're not gonna be able to do it without me being here in the first place.

Link to comment
Share on other sites
HadToRegister Grand Master

HadToRegister

Posted
Posted

 

 

Hmmm, two articles from 2016, one from 2015, another from 2017, and one from February 2019.

One that says that a hacking tool has been tested on Keepass 2.30

 

KeepPass is currently at version 2.43

 

 

Link to comment
Share on other sites
StormWolf01 Grand Master

StormWolf01

Posted
Posted (edited)

Ok, so while I know that it's not that easy to remember alpha-numerical sequences, the longer than they get.... it's easier to get used to if you make the passwords something that you're already accustomed to.

Like say, for example if I usually used a password of 1234Nexus (you guys are more than welcome to try that out with this account, you won't get very far). Changing it up to 1234Nexus1234 isn't that much harder to remember.

And at least it's not like some places where you have to use randomly generated passwords like 17A12m32aeg or some such.

 

Now also please keep this in mind. Would you rather protect your valuables with a little 1.5 inch lock that you can crack apart with a pair of pliers, or would you rather put a bigger, hefty lock that's a lot harder to break?

And is gonna make them actually work for it, if they really, really wanna get past it?

 

 

Now, here's something else to think about, that makes things for a true pain in the rump. I've worked for several companies where there were ROUTINE mandatory PW changes. One company it was every 4 months. Quarterly. One company, it was Monthly. Another company, it was BI-WEEKLY. And at that second company, after my crew left for their shift, I had to go around and look for those little posty notes on/in the desks and monitors and run them thru a shredder.

Oh the fun times. (Ok that last line was sarcastic). At the third job mentioned, thankfully, that was somebody else's job, and they took the heat for it.

Edited by StormWolf01
Link to comment
Share on other sites
Guest deleted34304850

Guest deleted34304850

Posted
Posted

i'm currently working on a project to replace passwords with 'pass phrases'. you can go from a minimum of 8 characters up to a maximum of - currently 100 characters.

sounds crazy, but its quite secure.

this is an interesting insight couple of years old now, but look at the times its taken to crack traditional passwords; https://www.useapassphrase.com/

this is an insight into how having a longer length passphrase really elongates estimated time to crack it; https://support.symantec.com/us/en/article.tech149400.html

 

what can i say, i do this for a living, so i find it interesting.

Link to comment
Share on other sites
Striker879 Grand Master

Striker879

Posted
Posted

Ok, so while I know that it's not that easy to remember alpha-numerical sequences, the longer than they get.... it's easier to get used to if you make the passwords something that you're already accustomed to.

Like say, for example if I usually used a password of 1234Nexus (you guys are more than welcome to try that out with this account, you won't get very far). Changing it up to 1234Nexus1234 isn't that much harder to remember.

And at least it's not like some places where you have to use randomly generated passwords like 17A12m32aeg or some such.

 

Now also please keep this in mind. Would you rather protect your valuables with a little 1.5 inch lock that you can crack apart with a pair of pliers, or would you rather put a bigger, hefty lock that's a lot harder to break?

And is gonna make them actually work for it, if they really, really wanna get past it?

 

 

Now, here's something else to think about, that makes things for a true pain in the rump. I've worked for several companies where there were ROUTINE mandatory PW changes. One company it was every 4 months. Quarterly. One company, it was Monthly. Another company, it was BI-WEEKLY. And at that second company, after my crew left for their shift, I had to go around and look for those little posty notes on/in the desks and monitors and run them thru a shredder.

Oh the fun times. (Ok that last line was sarcastic). At the third job mentioned, thankfully, that was somebody else's job, and they took the heat for it.s

 

 

The key to having a password that is composed of random characters that is also twelve or more characters long is to use a phrase as the mnemonic.

 

Let's take an example. The phrase "Sugar and spice makes everything nice" would help you remember the password S&smen (not twelve characters long but it does illustrate the idea). The ampersand adds complexity and it has a capital letter (also increasing complexity).

 

It's surprising how long a password created using this method is still easy to remember. The WPA2 pre-shared key I use on my home router is 31 characters long and yet the phrase I have as a mnemonic is no trouble for me to remember. I have a 22 character password for my Administrator account and a different 19 character one for my regular log-in, each using a completely different phrase as a mnemonic. I like mnemonic phrases that are personal and unique to me as opposed to the one I used in the example.

 

When the notice came out about needing us to switch to longer complex passwords it mentioned that we would be prompted by a certain date if we hadn't changed it. The date went by and more than a week passed and I wasn't prompted. When I finally decided to change it anyway I think I discovered why I wasn't forced to change mine ... the old one was 13 characters and included numbers and puctuation.

Link to comment
Share on other sites
StormWolf01 Grand Master

StormWolf01

Posted
Posted

Agreed, phrases are definitely good and easy to remember. Amazon actually recommended that to us too, back when I worked for them.

 

I hadn't seen the notice that the new PW system was being implemented. I don't think I'd actually been back here for very long at all when that happened.

So I'm not sure if mine came late or not. I just remember having to change it.

Link to comment
Share on other sites
Arthmoor Grand Master

Arthmoor

Posted
Posted

I had to change a couple of my accounts to use phrases because the random stuff I had KeePass kick out was too much of a pain to enter on my phone when needed. KeePass indicates those accounts with the passphrase on them are composed of a lot more bits and are thus far more secure.

 

That doesn't mean I'm gonna suddenly switch everything to use the same passphrase though cause if someone DOES manage to bust it then everything using it falls quickly. So most of my logins are random strings of garbage 30+ characters long.

Link to comment
Share on other sites
  • 4 weeks later...
sebbysebbseb Newbie

sebbysebbseb

Posted
Posted

I just like to add my 2 cents and say I think 12 characters is overkill and would much prefer to get that down back to a realistic number. We have numbers and capitalization of at least 1 letter is required as well.

I almost, almost decided to quit Nexus in frustration at the sight of it.
After loading up the PC and I get Blizzard and Uplay asking for a password which are both different, then it asks for a verification code then I had to sign into my emails for one of them and one into my phone app for the other then I went to sign into nexus and boom, 12 characters it wanted.

I can't wait for the future when A.I. are advance enough so we don't need to log into every different site.

Link to comment
Share on other sites
Arthmoor Grand Master

Arthmoor

Posted
Posted

 

 

I think 12 characters is overkill and would much prefer to get that down back to a realistic number

And I think most people would prefer we not let Nexus become a tempting target for hackers by pretending it's still 2005.

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...