[sadpanda]

Quote:

Originally Posted by Cannabis

If you go check you'll see it confirmed on password checking software apps, it's pretty common knowledge that for many years most server password software only counted 8 characters. Once those are unlocked you're in, even if the person setting the password specifies more. Actually it's still that way today, the majority of platforms have 8 significant characters and no more.

With all due respect that's complete nonsense. Perhaps some old amateurish sites might've, for whatever stupid reason truncated passwords to 8 characters, but nobody in their right mind does, especially not in 2016, especially not when they'd be destroyed by media fire if their intentionally-pathetically-weakened system was exposed, and passwords generally aren't stored in plaintext but as one-way cryptographic hashes (so, usually 128-256 bits in length) so there's no reason to truncate them because they're using too much disk space or anything as they're all already only 16-32 bytes. But yes it's still sad that in 2016 some people are using MD5, and not even with a salt at that, and in this day and age there is absolutely zero excuse for that. For serious password stores see bcrypt, scrypt, or even better Argon2.

[Cannabis]

Yeah no shit, that's all really wrong. It's been a long time since I talked about or worked on equipment and wanted to spam a post on lotteries and how to make them, without refreshing wtf I was thinking, to get my mind off something else I was hassling over.

Actually - I kind of realized that was almost certainly wrong as stated but I was stoned and wanted to post to the thread on lotteries, to distract myself from what was really going on around me, so after f****g it up several times maybe even worse than it was as posted, I hit 'Enter'

I'm gonna go change it to something that makes more sense.

Quote:

Originally Posted by sadpanda

With all due respect that's complete nonsense. Perhaps some old amateurish sites might've, for whatever stupid reason truncated passwords to 8 characters, but nobody in their right mind does, especially not in 2016, especially not when they'd be destroyed by media fire if their intentionally-pathetically-weakened system was exposed, and passwords generally aren't stored in plaintext but as one-way cryptographic hashes (so, usually 128-256 bits in length) so there's no reason to truncate them because they're using too much disk space or anything as they're all already only 16-32 bytes. But yes it's still sad that in 2016 some people are using MD5, and not even with a salt at that, and in this day and age there is absolutely zero excuse for that. For serious password stores see bcrypt, scrypt, or even better Argon2.

Sorry about that. I knew I was prone to getting it proof-read for me the hard way lol but I figured I'll just come in and clean it up.

[Cannabis]

Just to clear something up sadpanda: password length doesn't actually improve your security, it's like putting a baseball bat in the corner, in a REAL bad neighborhood. You TELL yourself, you're helping your chances but the fact is, you're either gonna go out and get trounced, or you're gonna get let alone: because the people who are gonna be f***n with you aren't going to be doing what you want when you want. They're gonna be doing what they want, when they want.

Just trying to sound ultra tragically hip like I'm some kind of spook or operator like those guys I saw in the movies.

But it's a well known fact. Matter of fact I can not only prove it - way beyond any doubt - I can do it using the passwords of every single person, who comes to this site.

Watch, I'm gonna show you.

In no particular order I'm gonna explain:

what I'm about to show you was true before I retired in '09.

what I'm about to show you was true when said in '13

what I'm about to show you is true today globally.

https://arstechnica.com/security/2013...16-characters/

This is Microsoft's guy saying it but it's one of those truths you take a test question on in network security school. BASIC network security school.

Here's the sum up:

Quote:

Microsoft says that most attacks on accounts cannot be defended by password length, and the company adds that password cracking is hardly its biggest problem.

Quote:

“Criminals attempt to victimize our customers in various ways and we’ve found the vast majority of attacks are through phishing, malware infected machines, and the reuse of passwords on third-party sites—none of which are helped by very long passwords,” a Microsoft spokesperson told Ars.

Now: I already told you I can prove it using the password of every single person who comes to this site. But I was kind of bullshooting you a long a little because I'm actually going to prove it using the passwords of every single human being alive.

Because every single human being alive, along the way in their day, runs in to multiple, global financial and data security companies, who let people sign in using only 8 characters.

Banks,
Financial institutions,
Government complexes,
Global internet corporations,

these fields are predominated by companies whose passwords involve as little as 8 characters.

And there's no way, anybody could ensure, therefore ultimately I guess insure, those accounts were trustworthy

unless
they
could

P
R
O
V
E
it.

They PROVE: EVERY single DAY: that the story about 8, 10, 12, 16 character passwords being untrustworthy is - functionally - urban legend.

If what you allege were really true, we'd all know about the stories released to the press: about how, a lot of peoples' shorter passwords are getting hacked; while others in the same database weren't.

The world's financial
military,
law enforcement
and global database security professionals prove - it's vapor ware, the claim of longer passwords enhancing networks' security.

If it weren't vaporware, the bank wouldn't issue an option for Obama and Michelle, the Governors of States, the Chairman of the Fed, Warren Buffet and Bill Gates,

the option of choosing an 8/10/12 character password.

They just wouldn't. Plus we know that analysis is correct,

*because they DO issue them and there IS no such thing as an underground of celebrity stalkers, who crack powerful peoples' passwords because they used an 8 or 10 character pass code.

Bloviating bullshooting, lying bloggers, can make themselves seem like they're geniuses.

They'll scream about how you just can't possibly argue with their spaghetti graphs, and their lists of statistics, and claim you're just anti science, if you don't believe that bullsh** story.

But there's only one muthaf***a on earth or in space, who can be trusted, not to lie to you, about what's really happening.

And that's to just check with what's really happening.

-----------------
It SEEMS to be a VERY compelling argument. If a longer phrase is just as easy to type, why not use it?

The answer is because consumers consistently, accidentally lock themselves out, using longer phrases and pass codes.

The problem compounds itself when people are given the option to use many long pass phrases or codes, and they don't know how to index the phrases, based on something that won't change over time, so they start using a favorite phrase everywhere.

The problem is exacerbated in another kind of situation: personal security.

People are legendary for forgetting how to even walk well when under heavy stress, losing high heels, tripping and splitting open their faces or spraining the sh** out of their wrist, simply because there was a loud noise, or some kind of sudden temporary, frightening distraction.

Hurriedly typing some long string into a pass code station over and over because one is stressed, because Mr Jenkins in 268 just flatlined, is the stuff they're trying to avoid.

Having somebody get away with some heinous sh*t,
because one was shaking while trying to type in

!"Abracadabra" Shouted The Paige! isn't charming.

It's a sign someone in charge of passwords, didn't get the message.

Longer passwords lead to accidental lockouts.

Longer passwords don't lead to greater network robustness.

Longer passwords do lead to problems past the time lost on the lockouts themselves, and can lead to there being some kind of real problem.

More examples like Mr Jones kicking the bucket aren't needed; there are other cases where it's simply impractical to enter long passwords.

Many password consoles are outside. You're not going to be wanting to type in some sonnet from Longfellow when 4 other people are trying to get in out of the driving rain.

Ok so:

Science, is when you take your mathematical data and your statistics and your claims, and you compare them to reality, and you then honor reality: not try to claim reality doesn't understand wtF's really real.

Nonsense is when you take your mathematical data and your statistics and your claims, and you compare them to reality, and you then issue a statement declaring that reality doesn't understand itself. And that if it did understand itself, it would agree with the consensus.

Nothing persuades like an obviously comprehensive & detailed understanding of what's being discussed.

This post hasn't got anything to do with whether a particular individual should put a long, or short pass phrase, in a particular place.

When you're at home, you can do whatever you want.

When you're at work, you're gonna be constrained not only by the technologies available but their applicability in the environment.

Furthermore you should be constrained about the chance of revealing that you might be some kind of wise ass hacker type, the locals can't stand the sight of;

not just because of the reliance on overly comfortable footware, - but due to somebody having gotten their hands on one of the company credit cards and made them have to go through a bunch of needless bullsh*t.

Also the zany headgear.
Maybe, that too.

[if you're not really sure where the sarc: on/off tags go in this don't worry, I'm not sure I could tell, and I wrote it. If it troubles you, you're probably not mature enough for this thread, even if you're 80. The length of your password doesn't get you in, here: it's whether the password you have, can stand being exposed to spooky dark web sh** and not break.]

This isn't going to be the end because I have been reviewing the way the thread's been going and I think there's something I can explain about why I wrote the first post, the way I did.

Also, When I started the thread I was really doing it to distract myself from something I had going on, that was getting my goat.

While that hasn't really gotten ironed out, I did indeed start thinking about several relevant things so what people have to read, doesn't turn out to be purely old fogey-ware;

talking 'bout how back way back when,
when the wires were made outta wood,
and how in the summer time, they'd dry out:
and you couldn't get no pitchers & news no more outta the wires,
cause they was froze up.

And how them men,
would go along in a wagon under the wires,
with a wagon pulled by a horse;
with a big barrel of mineral water and a sprayer,
with a long handle in the back,
to wet the wires,
and make em conduct ether net again.
And also some of that bona fide 'old timey' music
what the people down to the Pandora, sing's into the can:

https://www.youtube.com/watch?v=YZtgZ5fHOuU

[Cannabis]

I saw sadpanda talking somewhere about the Dark Web and I was kinda wanting to use that phrase.

I was wishing I wasn't retired so I could go to work tomorrow and confide to somebody that I'd

''spent the night 'on the Dark Web' with

'some other Anonymous People' who are also

'interested in the cultivation techniques and terpene profiles' of

'hybridized, high-potency, hydroponic marijuana' for

'The Dark Marketplace',

so we could

'help finance our mutual pact,'

involving

'the vow we made to each other many years ago'
over the internet,

to

'overgrow the government',

and

'overgrow the world.''

And just see what they said when I casually dropped that sh** on em right there around the donuts and communal coffee station.

[Cannabis]

And then I thought... hey I work for the police department. I better keep that shit

'on the 'Down Low.'

LoL.

(Spoiler: I don't really work for the police dept.)

[PaulieWaulie]

This is what I do, and it works great, as long as your the type to trust their network!

Its a program called 1password, you have just 1 master password for it, and then create login and password profiles for each of your accounts. It has a key generator and you choose how many characters (up to 30) plus how many symbols and numbers. I have it generate a different password for each account that is crazy complex. Looks like this (WxYDRZ3UVHkvrMGHU3L8). It is synced up with your browser so you just one click the account in the program and it loads the site and logs you in. I realized how bad my security was after I actually entered all my accounts (had close to 60 logins on all kinds of sites) and I could never remember the password so was constantly answering security questions that were 10 years old and I couldn't get right. I would try to use the same password but each one has slightly different requirements so my password evolved from basic to include a capital letter and then a number. Pretty soon I was always getting them mixed up especially if I hadn't used that site in a while. Now my online "life" is secure and organized and I don't play the guessing and reseting game.

Like I said this is a good option as long as you trust this company, its network and servers and cloud to not get hacked. There business is password security so I would think hackers would pick a easier target or site of which there is aplenty.

[brown_thumb]

I just keep a text file with all my monikers and passwords.

[St. Phatty]

So ... if you have a 'JBG' in your password, does that stand for Jamaican Bat Guano, or Johnny B. Gomez ?

If you use the initials of pro athletes in your password, that's a start.

I keep my backup password file in a Van down by the River


I don't think I'd want to remember my primary passwords. Too complicated.

[brown_thumb]

JBG...

https://www.youtube.com/watch?v=ZFo8-JqzSCM

[stoned-trout]

So I guss12345678 just won't cut it huh?...Yeehaw