Jump to content

Passwords, why the need for so complicated passwords?

Al F

Recommended Posts

Why do we need complicated passwords like "Bx#ap>3Tm4R"? It seems to me that if we create a password like "wdb2006dt" which is "Wife's Dog Born 2006 Dallas Texas" that would be fine. Easy to remember and easy to type.


Most every important website, banking, etc, will lock you out after just a few incorrect tries so why the need for special characters and upper/lower case.


It seems to me that most cases, of hackers getting access, either stems from a dumb password like 12345 or getting someone to open a file or something with a key stroke tracker. Or perhaps using really sophisticated hacking thing like capturing your WiFi data stream from start to finish.


Am I missing something?

Link to comment
Share on other sites

Al I've often wondered about this too. I suspect that the need for longer and more complex passwords is driven directly by the hackers. The more sophisticated they become the more complex the password. I have given up on trying to dream up passwords and now use a password program. I've found that to be much easier to deal with. But I see nothing wrong with the type of thing you described. It certainly is long enough and random looking to everyone but you. I'd think that would work for you. Better to err on the safe side than to not have a safer system. Good luck, Dennis.

Link to comment
Share on other sites

The reason is this and i will keep it basic.

The hackers bget a password file from a site thatfor instance has the passwords in a file on their system. Will the File wont be encrypted all the passwords aree. Sounds safe?

What they do next is run these passwords against many files that have the encrypted word and what that is in clear.

They wont get every password but they get enough. They may run these files for days and days.

Your suggestion seems to be very good but upper and lower case and special characters is what a lot of sites are going to.

Link to comment
Share on other sites

Purely antidotal password information -


The complicated password is to help "freshen" our memories. Sort of like a Luminosity thing. By itself - my information is so trivial to the real hackers as to be meaningless. I mean, after all, what are they going to get with a negative balance that my checkbook is always running. (I can't be out of money, I still have checks left - LOL).


The big prize seems to be the Home Depot, Target, B of A, Wells Fargo, where they can get millions of passwords, account access, you name it. Then I hear that the new wave is going to be biometrics - your personal characteristics. So they do a retinal scan from my camera before accessing my account. 5 minutes later, the hackers will break into the system and substitute someones else's eyeball.


I read the other day that CentCom (US of Military) was hacked and war plans are in the open.


About the only thing you can do is fold up your internet and leave the air. Spying, stealing info has been going on for 000's of years, and will go on for many more 000's of years. It's all about control of others.

Link to comment
Share on other sites

You can Google up a pile of topics on picking passwords and on breaking them, it is a complex subject and great fun to read if you like that sort of thing. I've spent days reading them and after all was said and done I just use a simple password generator to knock out passwords that I copy to my spreadsheet, clear the clipboard, and then copy them from the spreadsheet to the website. Some I let the browser store when getting cracked wouldn't be a big deal, others are copied in each time and not stored in the browser.


I have the spreadsheet available from all my computers that I trust and a printed copy for when I either haven't got access to the spreadsheet or don't trust the computer.


If you do your own passwords every type of character you include increases the difficulty of breaking the password. Including Caps, Lower, Numbers and Punctuation gives you the best odds of being safe, longer is better but ten is usually enough if you use all the options. No dictionary word or number that can be associated with you should ever be used.


The suggested "wdb2006dt" isn't bad but a couple minor tweaks make it a lot better, "wDb-20o6.dt" adds case, punctuation and removes the year by substituting an "o" for one of the 0s. Actually since the crackers often check for look-alike swaps changing the "o" to an "x" would be a tiny bit better. Picking a letter(s) other than the first or last in a string to capitalize also helps a small amount.

Link to comment
Share on other sites

Great article. Great tips for taking extra steps to protect your passwords and accounts.


The article does seem to say you must have hard to guess passwords, but you don't need to create a very hard to remember and equally hard to type password like: Bx#ap>3Tm4R

Link to comment
Share on other sites

While you don't need to create something complicated it is the easy way to go if you use an automated generator and either copy/paste to fill them in or one of the automated tools to do it. I got this batch with one click from my generic password generator, I have another that lets you pick the character sets for picky sites.

o7N9hriw dq9yCvaN A3soEEgv NP4h9mjq bmtJNW4r A9uXtYvC g4tcHcU7 Ev7iPnpw
wk3EjJrH LVA3yMtz 3L3nwpat RWVFos9V xHM3LUhi 99eyCeuw FRPLzKa4 r9AYMEbg
cyK4ATgX EieY7ywr mW37optp Ybxrigd9 PxKs7Wcw Fh7LCcCz KAdUkTf9 u4btdrUd
ExbkrM4y E9aAtNnF qRFhinF4 RRbVa3Pq XAuAhP3o q3UNfiJn bei4CgzE gHw9xabw
fqMkn3LR hw7eE4Lr vUCNjme3 drRLJ3Mh 4YrTVi4R bgP9TfFM pz3fMLxM jJoK7TVN
e9UXxpYh bA9znamV i3srvaJU FqXue3ds X9AucE9Y gUwuWTk4 wuMLr9U7 TtVb3npr
hYMTrXP9 rxc7pzXt zsE3jsYE trus7nMb K4PiNb7R A3WyecFM ph9qefEX z9KoKn4d
tF4LXo9j vP9oo9CT 77c9Ewpt oFcMae7o dd9CRMJq E7jYJmdx V3CRcLUj T4LJy4nC
y34aN3Rp 4E4b34fw ix9taxyC 3qgdjggC LLiMcq3A 3YxP3eYF oJPz4zNx Rb7n9xmf
C4EcX4Jr cbqv3KKR EgeY3iwt v7dCiun3 r7cWnFzv Aajnf3eb 3MVtYmFx 97g7dfsU
n7LMhcso XFHi9pYP 99WNYthL hsEvY9Aq kCL3ciNM KJpaL4ih nLL99cah PMhwoHV4
LAhUfX9T 9n3FKXis Jfp7xkAn HbE4qp9K vbiK7KFL A7KpTLtE 43RRTmX7 i3AHJCXx
9daqPaNq Kob3sPAi 7dVc4nYs K7nvXqr4 V9xP9t4C YtTJna4u 9WTLhbRd mFnYmC3i
sCNx4sph o4Cmp7bf ErvkHy9L 4vFRPaor swu3tvRe 7HokMU7c YFEW93dT 7kKcFKbU
As4hza39 Prf9ngst p3vjTztK jJpj3uKf q7KYKbcc zyEXW3yX xgEA7iRN bYqRL4az
PhXETx4C br3VLLMc skf74iH9 qUd3wviP yiuX99Ca fhcCd7VA iMqHK9pe XEq3vWge
9quNUjyo eq7fqPHX x7Jyt7XN 9mLaHfXj 73Xq7fFc zzHk97fu trCVLhj7 jCzL9fWf
qjkWt3kj F9qdX3WR xhxvF9cN K3kyAzTo ag37Rbhx 4xMXdPcF dX7tucMo Pnh9xqwg
eP9xzEsH q4YmnPvp A7YgKNRz Fe7mhLmU VR9khdgj qTuk3PAT EFawcVY4 zmb9UaEJ
Jyi3ReLv Ug9xk7Rx y4Xnsg7K pVy3hMTy qCJmn9dj esb3oxPk yqg7WVJo xd9REwcK
Link to comment
Share on other sites

First, a larger danger that is frequently overlooked has nothing to do with you. It has to do with the insertion of robots that help flail at other sites/logons that do have important content.


DOS (Denial of Service) was one of the first of this type. A sliver of code gets insterted into each parasite system, usually unnoticed by the owner. It then starts to hammer other sites to try to overcome them with so much traffic that they cannot operate. Beyond being mean spirited this is of little value to hackers.


However, that sliver could also be a piece of cracking code that is constantly trying to replicate itself to other systems around the world. That code could be collectively focused on breaking into just one site even though there may be thousands or hundreds of thousands of other systems simultaneously doing the same thing to the same target and reporting the results back to the system 0 of the infection. This is like the single Queue, multiheaded server approach to teller lines in a bank or at Disney.


Even though you don't have anything that anyone could use at all, they could usurp the power of your own system for their purposes.


I still use Roboform. It will generate good passwords whenever I need one. It remembers them and will insert them on demand into most prompts (not all). I am currently a little over 1300 logins and there is no way working from any sort of manual or electronic sheet works. Nevermind the problem of changing passwords every so often.


I like the Google / Microsoft Authenticator mechanisms approach. I only have to manage 1 password for everything that will connect via these mechanisms and each time is validated back through a separate path to my cell phone if I want. I can change that password as often as I want. I don't have to remember some formula for creating / remembering it and once logged into Google / Microsoft I don't have to deal with anything else... until I try to get into a site that does not do this. But that inconvenience is on them, not me and my support will reflect that..... in time.

Link to comment
Share on other sites

A couple years ago I found myself trying to keep track of way too many passwords. Some sites were forcing me to change my password now and then. Keeping track of them on paper or on a spreadsheet and then typing them or copy/pasting them got to be a hassle. I decided to try the highly rated "1Password" password manager utility. I now consider that purchase to be some of the best money I've ever spent on software.


It is very user friendly, generates very strong passwords, stores them on my own computer (not on some cloud server), and stores them in an encrypted "vault". Now I just have to remember a single password to open my "vault". When I go to a website that needs my user ID and Password all I need to do is click a button on the browser header and 1Password fills in the fields with the proper ID and PW. Now I have very strong passwords, different PWs for every site, they are all securely stored on my own computer, I never have to type them either when I first generate them or when I reuse them. It's an excellent program that really saves time and aggravation.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

This topic is now closed to further replies.
  • Create New...