Random Thoughts - Part Deux [NO POLITICS]

[Andrew025]

Quote:

Originally Posted by p1l0t

I HATE when they make change your password every 6 months and you cant use the last 14... I just do the recovery email everytime I login

Sent from my SM-G920P using Tapatalk

I have to do that... But luckily it's only the last 8 or so. So I just change one of the numbers in it...

[nextcar]

And I hate it when my best puns of the day are deleted just because they are in a spam thread!

[finch1750]

Quote:

Originally Posted by p1l0t

I HATE when they make change your password every 6 months and you cant use the last 14... I just do the recovery email everytime I login

Sent from my SM-G920P using Tapatalk

Yeah, it can really be annoying. My biggest gripe is it doesnt tell you the requirements when changing so you sit there trying to guess what your new one must contain

[p1l0t]

Quote:

Originally Posted by Andrew025

I have to do that... But luckily it's only the last 8 or so. So I just change one of the numbers in it...

14 times so you can go back to the old one

Sent from my SM-G920P using Tapatalk

[Sarlacc]

Quote:

Originally Posted by finch1750

Ease of user always compromises security it seems. But people are too lazy to log in or remeber different passwords

Well put.

Quote:

Originally Posted by p1l0t

I HATE when they make change your password every 6 months and you cant use the last 14... I just do the recovery email everytime I login

Sent from my SM-G920P using Tapatalk

Quote:

Originally Posted by Andrew025

I have to do that... But luckily it's only the last 8 or so. So I just change one of the numbers in it...

Yeah, and the "rules" on password security keeps changing. This is about current, I think:
Never use the same password for more than one site/service.
Passwords should be at least 14 characters long.
Substitutes such as "Pa$$w0rd" has no value.
If using real words, make it a phrase with several or many words.
And change all your passwords often.

If you can't be bothered to do all this, and take one or more shortcuts; more and more of your life is at risk.

This escalation can't continue much longer, the wetware is failing to keep up.
Personal passwords will have to be replaced by something else. Probably not fingerprints, voiceprints, retina scans, facial recognition or DNA; since all of those have severe issues.

Anyway, while we wait, here's what I do. Roughly.
Every time I start changing passwords (once or twice a year) I take a specific part of the current password as a starting point (seed) for the new one. The seed becomes a phrase which has never been written down by anybody, because it makes no sense at all, but is easy to remember. ("looping blue butterfly sandwiches on snowflakes") And then, for each site, I add parts of the site description or name to the passphrase to make unique. ("quarrels ft86 looping blue butterfly and snowflake sandwiches").
Since I know what the seed is, it's easy to remember both new and old passphrase when transitioning.
And it's a pain in the ass.

[Andrew025]

Quote:

Originally Posted by Sarlacc

Well put.









Yeah, and the "rules" on password security keeps changing. This is about current, I think:
Never use the same password for more than one site/service.
Passwords should be at least 14 characters long.
Substitutes such as "Pa$$w0rd" has no value.
If using real words, make it a phrase with several or many words.
And change all your passwords often.

If you can't be bothered to do all this, and take one or more shortcuts; more and more of your life is at risk.

This escalation can't continue much longer, the wetware is failing to keep up.
Personal passwords will have to be replaced by something else. Probably not fingerprints, voiceprints, retina scans, facial recognition or DNA; since all of those have severe issues.

Anyway, while we wait, here's what I do. Roughly.
Every time I start changing passwords (once or twice a year) I take a specific part of the current password as a starting point (seed) for the new one. The seed becomes a phrase which has never been written down by anybody, because it makes no sense at all, but is easy to remember. ("looping blue butterfly sandwiches on snowflakes") And then, for each site, I add parts of the site description or name to the passphrase to make unique. ("quarrels ft86 looping blue butterfly and snowflake sandwiches").
Since I know what the seed is, it's easy to remember both new and old passphrase when transitioning.
And it's a pain in the ass.

I do basically the same thing for most sites.
I only make a very small change for my work password because it's already pretty ridiculous how often you need to change it and no way is it humanly possible to guess (and would take a lot of time and be practically impossible to brute force due to login fail attempts+the physical access you would need).

[p1l0t]

Quote:

Originally Posted by Sarlacc

Well put.









Yeah, and the "rules" on password security keeps changing. This is about current, I think:
Never use the same password for more than one site/service.
Passwords should be at least 14 characters long.
Substitutes such as "Pa$$w0rd" has no value.
If using real words, make it a phrase with several or many words.
And change all your passwords often.

If you can't be bothered to do all this, and take one or more shortcuts; more and more of your life is at risk.

This escalation can't continue much longer, the wetware is failing to keep up.
Personal passwords will have to be replaced by something else. Probably not fingerprints, voiceprints, retina scans, facial recognition or DNA; since all of those have severe issues.

Anyway, while we wait, here's what I do. Roughly.
Every time I start changing passwords (once or twice a year) I take a specific part of the current password as a starting point (seed) for the new one. The seed becomes a phrase which has never been written down by anybody, because it makes no sense at all, but is easy to remember. ("looping blue butterfly sandwiches on snowflakes") And then, for each site, I add parts of the site description or name to the passphrase to make unique. ("quarrels ft86 looping blue butterfly and snowflake sandwiches").
Since I know what the seed is, it's easy to remember both new and old passphrase when transitioning.
And it's a pain in the ass.

Yeah but where is the $ymbol?


Sent from my SM-G920P using Tapatalk

[Sarlacc]

Quote:

Originally Posted by p1l0t

Yeah but where is the $ymbol?


Sent from my SM-G920P using Tapatalk

Unless you use really obscure symbols which are hard to type, such as ♥♀♫ (and many password algorithms will not accept those), they don't do anything. The length and the uniqueness are the important things.
Password algorithms insisting on special characters and numbers are outdated and serves no purpose other than being annoying.

Edit: I forgot to mention, my passphrases are in a language used by half a million sheep herders on the west coast of Norway (we call ourselves Nynorskfolket. Our enemies use less flattering descriptions.), and contains words not listed in any dictionary.

[Andrew025]

My password

🍆💦

[Andrew025]

The questions get more dumb every day... I swear to God...

[Ultramaroon]

Quote:

Originally Posted by Sarlacc

Edit: I forgot to mention, my passphrases are in a language used by half a million sheep herders on the west coast of Norway (we call ourselves Nynorskfolket. Our enemies use less flattering descriptions.), and contains words not listed in any dictionary.

What's your take on PW management apps? I have a Hungarian passphrase locking fifty completely random password strings at work.

[finch1750]

Quote:

Originally Posted by Andrew025

The questions get more dumb every day... I swear to God...

Well thats pretty hard when the semi-enclosed wheelwell is full of vape cloud. Got to rememeber WRX owners have different sets of worries

[Andrew025]

Quote:

Originally Posted by finch1750

Well thats pretty hard when the semi-enclosed wheelwell is full of vape cloud. Got to rememeber WRX owners have different sets of worries

I almost thought you were serious...

[p1l0t]

Quote:

Originally Posted by Sarlacc

Unless you use really obscure symbols which are hard to type, such as ♥♀♫ (and many password algorithms will not accept those), they don't do anything. The length and the uniqueness are the important things.
Password algorithms insisting on special characters and numbers are outdated and serves no purpose other than being annoying.

Edit: I forgot to mention, my passphrases are in a language used by half a million sheep herders on the west coast of Norway (we call ourselves Nynorskfolket. Our enemies use less flattering descriptions.), and contains words not listed in any dictionary.

Oh I would be happy to do without but most sites require it.

Sent from my SM-G920P using Tapatalk