FA+
Shop
Why are you using crappy passwords?
9 years ago
Yeah, yeah, i know. Until this afternoon, I was using crappy passwords too.
What's a crappy password?
It's a password that's way too easy to guess. Or a password that's way too easy to brute-force dictionary search. Or a password that has very little randomness in it. Or a password that's your one standard password that you use across every site you can think of because after using it for 10 years, you can type it in in 0.83 seconds while passed out blind drunk.
Password crackers have gotten too good, and password breaches too common, to get away with using crappy passwords. The recent FA attack has put out a great big treasure trove of passwords for folks to get cracked with.
I've come to the conclusion that the only real answer is a password manager. It's a program that lets you record your passwords and enter them automatically so you don't have to remember that this site has a password of uo1bh5@&gg1 this week. It'll even let you generate a strong password, stronger than you can do yourself. It'll sync your passwords across devices and operating systems.
Yeah, the good ones cost money. It's worth it to harden yourself against the consequences of crappy passwords.
What's a crappy password?
It's a password that's way too easy to guess. Or a password that's way too easy to brute-force dictionary search. Or a password that has very little randomness in it. Or a password that's your one standard password that you use across every site you can think of because after using it for 10 years, you can type it in in 0.83 seconds while passed out blind drunk.
Password crackers have gotten too good, and password breaches too common, to get away with using crappy passwords. The recent FA attack has put out a great big treasure trove of passwords for folks to get cracked with.
I've come to the conclusion that the only real answer is a password manager. It's a program that lets you record your passwords and enter them automatically so you don't have to remember that this site has a password of uo1bh5@&gg1 this week. It'll even let you generate a strong password, stronger than you can do yourself. It'll sync your passwords across devices and operating systems.
Yeah, the good ones cost money. It's worth it to harden yourself against the consequences of crappy passwords.
After the Manhattan Project, security types audited everything. They found that the most common combination for the safes used by scientists was 235, as in Uranium.
If you don't wanna use a password manager, you can do something like chose a phrase, take the Xth character (first, second, last, whatever) of each word, change some to symbols, add numbers, and make that your password.
nuff s41d
And then there's the sites that won't let you use the last N passwords you've used...
It's simply impossible for a human to remember all that, differently for each site. Computers are good at remembering, so let them do it. Pick one really good password for your password manager's master password, enable two-factor authentication if you can, and go from there.
They mixed language bafflegab that in a couple weeks I'll probably remember. Probably.
I tend to keep my passwords long and complex in a physical journal now. Which is bizarre, that was what you used to have to do before remembered passwords was a thing. Seems like having them written down physically is more secure these days.
oh, also, to folks making new passwords. Remember that longer passwords are better. Hackers will revert to brute force crackers where other methods fail.
For example, a password only using lower case characters that is 6 characters long has 300 million combinations (assuming you're not using full words)
while a 12 character long password has 95 thousand trillion combinations.