Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Password complexity

Options
  • 14-09-2017 10:47am
    #1
    k2788
    Registered Users Posts: 13


    I tested a couple of passwords lately on howsecureismypassword.net and  was surprised how complex a password has to be in order for it to deemed safe.
    My question is really what kind of systems/websites require passwords of this complexity ?
    Most websites I use either only allow you to attempt a password a number or times before locking or it requires verification that your not a bot.
    Setting my laptop password to 10 characters with uppercase, lowercase, numbers and symbols is more of a hindrance and if my laptop was stolen, id say the password functionality can be wiped or disabled instead of cracked.
    Are these types of complex password mainly for networks, servers or other types of systems? Or should they be used in all scenarios.


Comments

  • Options
    #2
    degsie
    Registered Users Posts: 8,740 ✭✭✭degsie


    I understand that password managers offer better security these days. You generally just need to remember a passphrase instead of an actual password.


  • Options
    #3
    lawred2
    Registered Users Posts: 24,296 ✭✭✭✭lawred2


    k2788 wrote: »
    I tested a couple of passwords lately on howsecureismypassword.net and  was surprised how complex a password has to be in order for it to deemed safe.
    My question is really what kind of systems/websites require passwords of this complexity ?
    Most websites I use either only allow you to attempt a password a number or times before locking or it requires verification that your not a bot.
    Setting my laptop password to 10 characters with uppercase, lowercase, numbers and symbols is more of a hindrance and if my laptop was stolen, id say the password functionality can be wiped or disabled instead of cracked.
    Are these types of complex password mainly for networks, servers or other types of systems? Or should they be used in all scenarios.

    safeincloud is a good option


  • Options
    #4
    seamus
    Registered Users Posts: 68,317 ✭✭✭✭seamus


    https://xkcd.com/936/

    This is a subject of much debate. And many examples exist of password "tester" tools that apply simple rules which have the unintended effect of flagging insecure passwords as secure and secure passwords as insecure.

    You then also have the issue that you can choose a long and incredibly secure password, but if the method for storing that password uses a weak hash (or plaintext!), then your effort has been wasted.

    Realistically in much the same way that you use a different key for every lock that you have, you should just try to use a different password for every account. This is where password managers like lastpass come in. So if one password is compromised, you don't have to replace all of your keys/passwords, you can just replace the key/lock.

    There is no perfect answer really. Approach it much like any physical security you put in place - make it as difficult as practically possible for a potential attacker without making your own life a misery every time you want to do anything.

    Also tailor your level of security to what you're actually securing. You put a solid lock on your front door. You could also put ten deadbolts on it for additional security, but you don't.
    So if you have a tablet or laptop at home that you use for browsing the web and watching netflix, do you really need a secure password? Do you really need a password at all? What do you stand to lose if that password were to be compromised? Credit cards are easily cancelled, account passwords are easily changed.

    What ironic is that people will put insane passwords on their laptop, but leave a stack of personal documents sitting completely unprotected on the desk beside it.


  • Options
    #5
    Johnboy1951
    Registered Users Posts: 14,000 ✭✭✭✭Johnboy1951


    With physical access to a computer (when it has been stolen), a password protected account can easily be bypassed - in a matter of a few minutes.

    In fact I would be surprised if the original operating system was booted up at all by such thieves.

    An account password only stops 'honest' people from accessing the account.


    To protect your data you need to encrypt it.


  • Options
    #6
    Dravokivich
    Moderators, Category Moderators, Music Moderators, Politics Moderators, Society & Culture Moderators Posts: 22,360 CMod ✭✭✭✭Dravokivich


    I find the need for passwords to be exhausting.

    I work in IT. Understand the reasons behind having them. But I absolutely detest it.
    degsie wrote: »
    I understand that password managers offer better security these days. You generally just need to remember a passphrase instead of an actual password.

    All they do is relieve you from the burden of remembering which password is for which service.

    They generate something "randomly," another tool can generate it too.


  • Advertisement
  • Options
    #7
    ED E
    Registered Users Posts: 36,167 ✭✭✭✭ED E


    k2788 wrote: »
    Setting my laptop password to 10 characters with uppercase, lowercase, numbers and symbols is more of a hindrance and if my laptop was stolen

    Your laptop password is entirely useless until such point as you encrypt the drive(off by default). Bitlocker, True Crypt etc its up to you but a plain drive is entirely readable.


Advertisement