Comments on: The Ultimate Guide for Creating Strong Passwords http://www.thegeekstuff.com/2008/06/the-ultimate-guide-for-creating-strong-passwords/ Guides, HowTos and Tips for Technology Geeks Thu, 09 Feb 2012 11:52:28 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: Smitha GS http://www.thegeekstuff.com/2008/06/the-ultimate-guide-for-creating-strong-passwords/comment-page-1/#comment-158736 Smitha GS Tue, 20 Dec 2011 11:23:35 +0000 http://www.thegeekstuff.com/?p=30#comment-158736 All your tips are very useful. For a beginner like me, its a boon from the God Himself :) All your tips are very useful. For a beginner like me, its a boon from the God Himself :)

]]> By: Baruch http://www.thegeekstuff.com/2008/06/the-ultimate-guide-for-creating-strong-passwords/comment-page-1/#comment-144833 Baruch Thu, 24 Nov 2011 23:53:53 +0000 http://www.thegeekstuff.com/?p=30#comment-144833 Excellent, thorough article. Thanks. However, I'd like to make a few comments... 1. The better the password, the harder it is to remember. At some point a person is faced with the choice of risking forgetting the password, or writing it down. 2. I doubt whether many people use a unique password for each site. I use one general, fairly easy one for access to free accounts on Websites. There is no way I'm going to try to remember dozens of passwords. If the password is broken, then the cracker gets access to free accounts, which he could have on his own. For more secure services, I use a harder password. For services involving money, I use unique, difficult passwords if I can. But, my own bank limits passwords to 8 characters, alphanumeric only (!). 3. Changing every six months is impractical. If you do the math, you would see that you're suggesting that a person who has, say, 10 accounts (not at all unlikely) would need to have ten unique, difficult passwords that he'd need to change twice a year. Some people have several times this number of accounts. The burden on memory, or likelihood of forgetting a password, becomes unacceptable. 4. A password manager is great, but if the user forgets the master password, he's out of luck. Also, it is not impossible for someone to crack the master password, giving him every password. I suggest that a person go ahead and write down all his passwords. Instead of sticking this list on his computer, he can put it in his wallet. Maybe he could place a copy in another safe place, in case something happens to his wallet. This way, his passwords would be as safe as his credit cards or his cash. If he is clever he might do a bit of scrambling to make it less obvious that it's a list of passwords. Excellent, thorough article. Thanks. However, I’d like to make a few comments…

1. The better the password, the harder it is to remember. At some point a person is faced with the choice of risking forgetting the password, or writing it down.

2. I doubt whether many people use a unique password for each site. I use one general, fairly easy one for access to free accounts on Websites. There is no way I’m going to try to remember dozens of passwords. If the password is broken, then the cracker gets access to free accounts, which he could have on his own. For more secure services, I use a harder password. For services involving money, I use unique, difficult passwords if I can. But, my own bank limits passwords to 8 characters, alphanumeric only (!).

3. Changing every six months is impractical. If you do the math, you would see that you’re suggesting that a person who has, say, 10 accounts (not at all unlikely) would need to have ten unique, difficult passwords that he’d need to change twice a year. Some people have several times this number of accounts. The burden on memory, or likelihood of forgetting a password, becomes unacceptable.

4. A password manager is great, but if the user forgets the master password, he’s out of luck. Also, it is not impossible for someone to crack the master password, giving him every password.

I suggest that a person go ahead and write down all his passwords. Instead of sticking this list on his computer, he can put it in his wallet. Maybe he could place a copy in another safe place, in case something happens to his wallet. This way, his passwords would be as safe as his credit cards or his cash. If he is clever he might do a bit of scrambling to make it less obvious that it’s a list of passwords.

]]> By: Pete R. http://www.thegeekstuff.com/2008/06/the-ultimate-guide-for-creating-strong-passwords/comment-page-1/#comment-135620 Pete R. Fri, 28 Oct 2011 10:39:57 +0000 http://www.thegeekstuff.com/?p=30#comment-135620 Password strength web comic strip: <a href="http://xkcd.com/936/" rel="nofollow">here</a> Password strength web comic strip: here

]]> By: Frank Lee http://www.thegeekstuff.com/2008/06/the-ultimate-guide-for-creating-strong-passwords/comment-page-1/#comment-121480 Frank Lee Tue, 09 Aug 2011 20:31:13 +0000 http://www.thegeekstuff.com/?p=30#comment-121480 Like Randy I've encountered too many sites that don't allow passwords longer than 8 characters. Verizon actually uses a 4 digit PIN for a lot of stuff. Like Randy I’ve encountered too many sites that don’t allow passwords longer than 8 characters. Verizon actually uses a 4 digit PIN for a lot of stuff.

]]> By: Randy Spydell http://www.thegeekstuff.com/2008/06/the-ultimate-guide-for-creating-strong-passwords/comment-page-1/#comment-118673 Randy Spydell Thu, 21 Jul 2011 18:00:28 +0000 http://www.thegeekstuff.com/?p=30#comment-118673 Protecting financial logins? What's your advice on how to effectively put pressure on web sites to improve their back end for strong passwords? I have been singularly ineffective in getting my login credentials to my retirement accounts at two of the country's largest custodians (Fidelity and Vanguard) to conform to reasonable 21st Century standards. Both these firms map upper and lowercase letters to the same characters for passwords. I had been using them for years before I discovered this, it was so astounding that I couldn't believe it at first! Vanguard also limits their passwords to 10 characters, Fidelity limits theirs to 12, and they give me blank silence on the telephone when I ask about passphrases and raising the character limit to 30 or 40 characters (or 255). Fidelity does not allow special characters, and Vanguard's choices have only recently (2010) been implemented and are limited. Protecting financial logins?
What’s your advice on how to effectively put pressure on web sites to improve their back end for strong passwords? I have been singularly ineffective in getting my login credentials to my retirement accounts at two of the country’s largest custodians (Fidelity and Vanguard) to conform to reasonable 21st Century standards. Both these firms map upper and lowercase letters to the same characters for passwords. I had been using them for years before I discovered this, it was so astounding that I couldn’t believe it at first! Vanguard also limits their passwords to 10 characters, Fidelity limits theirs to 12, and they give me blank silence on the telephone when I ask about passphrases and raising the character limit to 30 or 40 characters (or 255). Fidelity does not allow special characters, and Vanguard’s choices have only recently (2010) been implemented and are limited.

]]> By: Mailing Fulfilment Services http://www.thegeekstuff.com/2008/06/the-ultimate-guide-for-creating-strong-passwords/comment-page-1/#comment-92900 Mailing Fulfilment Services Thu, 17 Mar 2011 11:21:35 +0000 http://www.thegeekstuff.com/?p=30#comment-92900 My rule is 12 character passwords, 6 letters and 6 numbers. I use this policy for each of my passwords. My rule is 12 character passwords, 6 letters and 6 numbers. I use this policy for each of my passwords.

]]> By: 10 Ways to Protect Your Small Business’ Secure Data from Hackers | Intuit Small Business Blog http://www.thegeekstuff.com/2008/06/the-ultimate-guide-for-creating-strong-passwords/comment-page-1/#comment-77472 10 Ways to Protect Your Small Business’ Secure Data from Hackers | Intuit Small Business Blog Wed, 05 Jan 2011 17:55:01 +0000 http://www.thegeekstuff.com/?p=30#comment-77472 [...] Create a secure password policy, and ensure that every staff member follows it. (Here are some tips for building a strong password.) Forcing users to change passwords frequently is not [...] [...] Create a secure password policy, and ensure that every staff member follows it. (Here are some tips for building a strong password.) Forcing users to change passwords frequently is not [...]

]]> By: Srinivas http://www.thegeekstuff.com/2008/06/the-ultimate-guide-for-creating-strong-passwords/comment-page-1/#comment-40454 Srinivas Wed, 24 Mar 2010 14:59:00 +0000 http://www.thegeekstuff.com/?p=30#comment-40454 Hi Ramesh, There is a online webtool that checks the strength of the password that incorporates the tips you have suggested: http://www.passwordmeter.com/ I trust the owner of the site is not logging/eavesdropping the passwords tried on the site. Hi Ramesh,

There is a online webtool that checks the strength of the password that incorporates the tips you have suggested: http://www.passwordmeter.com/
I trust the owner of the site is not logging/eavesdropping the passwords tried on the site.

]]> By: Shanay-nay Brown Bon qui-qui http://www.thegeekstuff.com/2008/06/the-ultimate-guide-for-creating-strong-passwords/comment-page-1/#comment-17066 Shanay-nay Brown Bon qui-qui Tue, 08 Sep 2009 18:15:55 +0000 http://www.thegeekstuff.com/?p=30#comment-17066 OMFG thIs is likee soo smart yo! I niguhh boo OMFG thIs is likee soo smart yo! I niguhh boo

]]> By: nathan http://www.thegeekstuff.com/2008/06/the-ultimate-guide-for-creating-strong-passwords/comment-page-1/#comment-17050 nathan Tue, 08 Sep 2009 13:39:42 +0000 http://www.thegeekstuff.com/?p=30#comment-17050 awesome awesome

]]>