Main Area and Open Discussion > Living Room

Good or bad password?

<< < (3/3)

f0dder:
Is "Remember to pay gas Aug 14" a good passphrase? That depends a bit on your adversary. It's long, but all its components exists in dictionaries. Personally, I'd suggest adding some nonsense words - and not just go for obvious substitutions like S->$, E->3 and the likes, since bruteforcing tools handle those.

And use different passphrases for different accounts. Having a perfect, non-bruteforceable passphrase doesn't help you if you use it everywhere, and it turns out that one of those sites stores the password in plaintext or encrypted rather than (properly) hashed. Either use a password manager (protected with the memorizable passphrase) and generate long random strings for other sites, or (if you're afraid of getting the password database stolen and your passphrase keylogged), think up a couple of passphrases for different uses. Like sharing one for forums and other low-impact sites, but keeping separate passphrases for your bank, email accounts, facebook or whatever other high-risk sites.

And yes, facebook would be a high-risk site for normal people, since it can be used as a login mechanism several places, as well as for grabbing juicy information that can be used for social engineering attacks.

mouser:
And use different passphrases for different accounts
--- End quote ---

This is an important point that people sometimes overlook.  You need to be using different passwords(passphrases) for different sites, so that a security lapse on one site does not blow all your site logins.
A good solution is to use a password manager to hold all your passwords so you don't have to remember them.

Target:
mmmm, passwords....

Good or bad password?

Navigation

[0] Message Index

[*] Previous page