# More Secure Passwords



## Dragoneer (Sep 9, 2005)

This is just a reminder: do not keep simple passwords. Simple one word passwords such as "key" or "lanyard" are NOT a good idea. Single word passwords are easy to guess and take minimal effort to crack.

More secure forms of passwords use a mixture of letters, numbers and special characters.

Bad: verb
Better: verb911
Best: verb_911_

When considering your password: NEVER choose anything related to you. If your furry character is a husky, and your password is "husky" or "malamute" then you're inviting trouble.

Pick a word that is both unfamiliar and different from those that you would normally take. Change the spelling if you have to. While nobody loves reading "omg teh l33t" in common text, using l33t spelling-structure in a password *IS* more secure.


----------



## Tikara (Sep 9, 2005)

Good call, Prey. *salute*


----------



## Pico (Sep 10, 2005)

Actually, the best passwords are 10+ characters long, made up of a /random/ string of numbers, upper and lowercase letters, and special characters.  Most people complain that a password like this is easy to forget, but I just write mine on a sticky note and keep it in a drawer (no one looks around my desk, and if they did they wouldn't know what to do with a note with a bunch of gibberish on it anyway, haha).

Example:
28@Hdi9Knfhu#4% or a similar password would be a lot more difficult to crack than the examples you presented.

Also, I forgot to mention that a completely numeric password or ANY word by itself (even something made up) would be just as bad as a verb by itself.


----------



## Dragoneer (Sep 10, 2005)

Pico said:
			
		

> Example:
> 28@Hdi9Knfhu#4% or a similar password would be a lot more difficult to crack than the examples you presented.


Completely random characters, numbers and symbols are much more secure, yes. But they can be a frustrating as hell to enter in. Easy to remember with the right mnemonics, but...


----------



## Pico (Sep 10, 2005)

Preyfar said:
			
		

> Completely random characters, numbers and symbols are much more secure, yes. But they can be a frustrating as hell to enter in. Easy to remember with the right mnemonics, but...



Hmm, I don't have any trouble at all typing mine, and I automatically memorize them after using them a lot.  To me, the extra time it takes to type in the passwords initially is definitely worth the added security, especially for sites that contain my credit card info, for example.  Granted, FA isn't as important as those, but going by previous incidences, it's still a good practice.


----------



## Litre (Sep 10, 2005)

If bored people can remember 50+ places of Pi, then 10 or so letters/numbers/etc wouldn't be much of a problem.


----------



## Karou WindStalker (Sep 10, 2005)

Another suggestion is to make the password a mirrored version of what you would 'normally' use as a password..

Say you'd use 'h4rr`/ p0773r' .. then use 'r3770p /`rr4h' .. or something similar.

*translates the 1337 version of their password into hexadecimal, then uses that as the password, after doing a few calculations to get it to 16 didgets*


----------



## Dragoneer (Sep 11, 2005)

Karou WindStalker said:
			
		

> Say you'd use 'h4rr`/ p0773r' ...


Oh my god. l33t Harry Potter passwords. I've officially seen it all now. I can just see somebody using "pROF_Zn4p3_ist3h1337" as their password. =P


----------



## noxal (Sep 12, 2005)

Preyfar said:
			
		

> This is just a reminder: do not keep simple passwords. Simple one word passwords such as "key" or "lanyard" are NOT a good idea. Single word passwords are easy to guess and take minimal effort to crack.
> 
> More secure forms of passwords use a mixture of letters, numbers and special characters.
> 
> ...



Dude, you guys as admin should be able to force secure passwords. Make sure no dictionary words are in there, require minimum length, stuff like that.


----------



## Dragoneer (Sep 12, 2005)

noxal said:
			
		

> Dude, you guys as admin should be able to force secure passwords. Make sure no dictionary words are in there, require minimum length, stuff like that.


I'd love it if Jheryn could implement that. I'd rather have all the bugs and kinks worked out of the system first, then a better system for passwords implemented.

That may seem backwards in logic, but passwords are a vulnerability for every site on the web while coding flaws don't have to be.  But yeah, I'd have a letters + digits or special character configuration.


----------



## AquaPhin (Sep 12, 2005)

Preyfar said:
			
		

> noxal said:
> 
> 
> 
> ...


i agree. hey your avie kicks ass! can we be friends?


----------



## Suule (Sep 13, 2005)

Preyfar said:
			
		

> noxal said:
> 
> 
> 
> ...



You know... as for users it's only thier fault for using insecure passwords. While for admin I think a randomly generated password for the admin panel each day would be good. It would drasticly improve safety.


----------



## Dragoneer (Sep 13, 2005)

AquaPhin said:
			
		

> i agree. hey your avie kicks ass! can we be friends?


Uh, if... a friendship somehow manages to blossom via chatting, I... don't see a reason why not.


----------



## Dragoneer (Sep 13, 2005)

Suule said:
			
		

> You know... as for users it's only thier fault for using insecure passwords.


That's what it boils down to, really. People still take "password" as their password, even when told NOT too hundreds and hundreds of times over.

Anybody who takes incredible common or overused passwords, or their character's species, and use them as a password are inviting trouble. If you're not using a characters and numbers, or an alternating scheme (e.g. 1a2b3c4d) as a password you're making it all that much more easier for trouble to come knocking.


----------



## Suule (Sep 13, 2005)

I'd kindly ask then for FA to do a little "Password generator" button for the 'sign up' page to generate a set of 8-16 random character password that one can use for their accounts as a secure one.


----------



## Dragoneer (Sep 13, 2005)

Suule said:
			
		

> I'd kindly ask then for FA to do a little "Password generator" button for the 'sign up' page to generate a set of 8-16 random character password that one can use for their accounts as a secure one.


http://www.us-webmasters.com/Random-Password-Generator/

Sort of like this? Free site that generates random passwords on refresh.


----------



## Suule (Sep 13, 2005)

Sort of. But knowing people they would be too lazy to click on a link next to password field saying "FOR GENERATING A SECURE PASSWORD USE THIS SITE"

Cause you know... clicking on a link, then copy/paste and such burns 1000 calories!


----------



## Dragoneer (Sep 13, 2005)

Suule said:
			
		

> Sort of. But knowing people they would be too lazy to click on a link next to password field saying "FOR GENERATING A SECURE PASSWORD USE THIS SITE"
> 
> Cause you know... clicking on a link, then copy/paste and such burns 1000 calories!


To be honest... I don't think having a password generator will encourage people to use more secure passwords. That's one of the reasons the net has the problems it does. People continually A) think security isn't needed B) refuse to install security patches or update their browser C) tend to think taking that extra step will reduce their experience because it "works fine already".

B) is the primary reason we have massive DDOS problems on the web today. If people downloaded the patches... oi.


----------



## AquaPhin (Sep 14, 2005)

Preyfar said:
			
		

> AquaPhin said:
> 
> 
> 
> ...


i thank you. i do need a friend and your just the person i needed. if you want please email me at aquaphin_2@yahoo.com if you have any questions for me or if you want me to do anything for you


----------

