Comments on: How to Set More Secure Passwords

By: Quick Tip: Replacing the Apple TV Remote: Apple «

Quick Tip: Replacing the Apple TV Remote: Apple « — Wed, 22 Dec 2010 23:30:35 +0000

[...] to use the Apple Remote app with your Apple TV, since it’ll make it much easier to use long, very strong passwords. If you’re using an account management app on your iOS device like 1Password or SplashID, [...]

By: John K.

John K. — Thu, 16 Dec 2010 03:39:54 +0000

I like the password hashers the best. One tool that few people seemed to have picked up on, is a password chart, see: http://www.passwordChart.com. It creates a small hashed password table that you can print out and leave in plain sight. You simply translate your password into the complex hashed password.

By: David Roberts

David Roberts — Wed, 15 Dec 2010 19:29:58 +0000

Apologies – the site did not come up with the comment.

deltarho.org.uk

The HMACPass3 page does not fully reflect the latest version – I prefer updating code.

By: David Roberts

David Roberts — Wed, 15 Dec 2010 19:18:25 +0000

“All of the suggestions above require you to set a master password. It’s always a good idea to make this as tough to crack as possible”

Have a look at HMACPass3 at the above site.

Regards

David Roberts

By: Dave Sawyer

Dave Sawyer — Tue, 14 Dec 2010 20:43:59 +0000

The problem with hashing tools and whatnot is when you need to login from a different machine. The prefix or suffix is a good idea – provided the sites only store a salted hash, not your password. I have 3 levels of master password and use the lowest for sites where I really don’t care if the password were to become known. If someone gets my password to read the NYT, do I care? They may even figure out the “NYT” at the end could be substituted with “CNET”, but they won’t get to my bank account, paypal, etc. Every so often we hear of brain-dead sites that store passwords in the clear or as unsalted hashes so be sure they don’t get your *good* password. What about phishing sites that exist simply to ask you to create a login and password :-) e.g. “join our site and we’ll donate $1 to fight cancer.”

By: Yves

Yves — Tue, 14 Dec 2010 12:39:35 +0000

Excellent advice.

I wouldn’t favor the rule-based approach. Because once any password is disclosed, there is a chance that the rule be guessed and the whole cards castle falls apart.

By: Eric

Eric — Tue, 14 Dec 2010 11:13:06 +0000

Seems to me that cracking and uniqueness are separate but related problems. If a site is so poorly secured that it allows password hashes to be obtained and thus cracked, then it probably has other problems and it should not be trusted for any purpose. But sometimes a one-off event like an insider might allow hashes or (if the site is really bad), clear text passwords to be spilled. In that case, uniqueness will help since revealing that password won’t compromise the rest of a person’s passwords.

But even in those two conditions, complexity is useless. A poorly secured site does not deserve to be visited, never mind be given a complex password. Uniqueness likewise does not require complexity. Therefore we should drop the idea that complexity makes us more secure.

By: Simon Mackie

Simon Mackie — Tue, 14 Dec 2010 10:25:10 +0000

I’d use a password manager in this case, and just get it to generate a new password each time.

By: Mojo

Mojo — Tue, 14 Dec 2010 10:05:37 +0000

Unfortunately, these techniques won’t work for “sites” that require passwords to be changed every n days – like logging on at work. Our company requires your logon password to be changed on a regular basis, and the new password to not be “similar” to the list of your previous passwords – password hell!

By: links for 2010-12-13 | Stratepedia Blog

links for 2010-12-13 | Stratepedia Blog — Mon, 13 Dec 2010 20:10:48 +0000

[...] How to Set More Secure Passwords Sound advice from Web Worker Daily for creating unique passwords that are tough to crack. (tags: security passwords) [...]