this post was submitted on 21 Nov 2024
974 points (98.0% liked)

memes

10368 readers
2590 users here now

Community rules

1. Be civilNo trolling, bigotry or other insulting / annoying behaviour

2. No politicsThis is non-politics community. For political memes please go to [email protected]

3. No recent repostsCheck for reposts when posting a meme, you can only repost after 1 month

4. No botsNo bots without the express approval of the mods or the admins

5. No Spam/AdsNo advertisements or spam. This is an instance rule and the only way to live.

Sister communities

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 130 points 14 hours ago* (last edited 14 hours ago) (4 children)

Some millionaire in my office: "Hey, Sanctus, what's my password for my computer again?"

Me, who can barely afford to fix my car: fights the urge to use a letter opener as a weapon

[–] [email protected] 103 points 13 hours ago (4 children)

That’s a really long password no wonder they forgot it.

[–] [email protected] 4 points 5 hours ago (1 children)

Well, I know what my next password will be! (Please don't hack me)

[–] [email protected] 1 points 28 minutes ago

With or without brackets?

[–] [email protected] 31 points 12 hours ago (2 children)
[–] ayyy 24 points 12 hours ago (1 children)
[–] [email protected] 14 points 11 hours ago
[–] [email protected] 2 points 7 hours ago (1 children)

Depends, if you treat the individual letters sure but if you look at the words as the atom of information most password crackers wouldn’t take long.

[–] [email protected] 4 points 6 hours ago (1 children)

There are ~100 symbols on the US keyboard, many not permitted in a lot of online passwords (stupidly).

There are 11 words in the "passphrase". Fight, letter, open, urge, weapon are not in the 100 most common English words. Urge is not in the 1000 most common English words (let alone fights vs fight, or opener vs open).

I think it would be a fairly strong password. You can reduce the entropy a bit by predicting likely next words in a sequence, but that would be defeated by adding some non sequitur(s). "fights the urge to use a letter opener as a scooter" or something.

Capitalization, intentional typos, spaces or not, ending punctuation? There a for sure ways to improve it as a password while still keeping the easy to remember, easy to type aspect. Overall it's a great strategy to teach people for making passwords.

[–] [email protected] 2 points 3 hours ago (1 children)

Sure just if fully given in this way it’s basically the same as an 11 character password. And more damning is it’s not really random. I’d use this as a case of more education on longer passphrases aren’t always longer entropy on their own if they are non random phrases is all. And there’s a lot of different word lists out there. I’d give this a go on my system and see if a guided run with the knowledge of how things were built can brute force it.

The big thing is a secure passphrase or password should be resistant to attacks even if there is perfect knowledge of how it was generated. In this case all lower case English words in a non random phrase works against that.

[–] [email protected] 1 points 25 minutes ago* (last edited 19 minutes ago)

Sure just if fully given in this way it’s basically the same as an 11 character password.

Only of the attacker knows whether it's a password or phrase. I'd argue that passwords are far more common and that's what a cracker would focus on first.

should be resistant to attacks even if there is perfect knowledge of how it was generated

As far as I know there still is no way to create actual randomness. You'll still have some pseudo-random number generator and a hopefully unguessable seed. If you have "perfect knowledge" about that, cracking the password is almost trivial.

[–] [email protected] 4 points 10 hours ago

Got me, haha. Thanks for the laugh.

[–] [email protected] 2 points 8 hours ago* (last edited 8 hours ago) (1 children)

Those do make good passwords though. Had a company switch from 10 characters including special, caps, numbers lower upper requirements to 15+ with no requirements because it still would end up being harder to crack. Started using phrases where you could even put spaces, but in all lower case for me if was much quicker to type

Tangerine$45 is much harder for me to type than whatthefuckamidoinghere

I think it's because I have to pause to think shift 4, then hit 4 and remember if my fingers are still by the 4.

All just examples but the standard keys... Are all automatic for me because of use.

[–] [email protected] 1 points 49 minutes ago* (last edited 48 minutes ago)

My most secure password is a full phrase of over 40 characters, plus punctuation.

[–] [email protected] 3 points 8 hours ago

"Sorry, that's above my pay-grade."

[–] [email protected] 11 points 11 hours ago (1 children)

Your password is "giveMeFuckingRaise!1!1"

[–] [email protected] 11 points 10 hours ago

"Oh yeah, no wonder I keep forgetting it"

[–] [email protected] 11 points 11 hours ago* (last edited 11 hours ago) (3 children)

I don’t blame anyone for forgetting their password—it’s a dumb system, having to memorize 100 separate 16-digit randomly generated base64 codes that change once a month. However, I do blame them for not using a password manager, and I do blame them for making their problems other people’s problems.

[–] [email protected] 4 points 10 hours ago (1 children)

Ours isn't like that at all. They dont even have to change it every three months. The insecurity is crazy here and they still can't remember the same password they've had since before I started working here.

[–] [email protected] 4 points 4 hours ago

Forcing password changes too frequently is actually a security risk, as it encourages bad practices like re-use, iteration, keyboard walks and writing the passwords down.

There are reasonable limits to impose on this, and educating users with demonstrations such as haveibeenpwned have been highly effective in my experience.

[–] [email protected] 2 points 9 hours ago

However, I do blame them for not using a password manager

Managing the passwords in your password manager becomes a job in and of itself when you've got enough of them floating around. My office is on year two of trying to do automatic password rotation for the myriad of service accounts in our systems. Anything that's not Active Directory integrates is a headache. And even the ones that are have to constantly stay ahead of the Microsoft Updates curve or run into security problems of all sorts.

It would be cool if everything could be SSO, but you need to have a certain amount of faith in your OS to accomplish that.

[–] [email protected] 2 points 10 hours ago

I was against you until password manger. good save. I login to dozens of systems every day, I remember 2 passwords, all others are 16 character gibberish.