>passwords must be between 8-20 characters
>passwords must contain a mix of upper and lower case characters, and numbers or symbols
>>53045312
Honestly I don't care anymore. I use "asdasdasd" or something like that when I must register somewhere, unless it is really important like my normiebook or Gmail password. For Internet forums and shit who cares nobody will try to brute force it.
>>53045312
I bet you would use password or your dogs name as the password
>>53045348
Wrong fag.
six or more truly random words all in lower case is at this point in time impossible to brute force. Too many bits of entropy. They'd literally take thousands of years.
>>53045348
maybe
Non-gay XKCD comic
>>53045386
Yup, that's why I make every single one of my passwords Correct Horse Battery Staple. It's secure as it gets :^)
>>53045386
That XKCD comic was bullshit dude
>>53045312
Zxcv0123
Poiu0123
Mnbv0123
>>53045468
>bullshit
Not really. If you're telling people specifically what to put in their passwords it makes the passwords easier to guess. Especially since most people will only include one or two digits after failing to use their single word as a passphrase. You won't crack it in 3 days, but it's a helluva lot easier to guess than four different words concatenated.
>>53045386
yes, but you gain 100 more bits of entropy by just making it completely random.
more sane to just use a password manager anyway instead of trying to remember 6 words
>>53045386
>words
Incredibly susceptible to a dictionary attack. It would take that long to crack a 20 character random password maybe, but not one with dictionary words.
>>53045312
I use full sentences now with numbers and symbols subbed in.
I feel like I need a password manager so I can step up to full random gibberish.
>>53045536
>Incredibly susceptible to a dictionary attack
Nah.
Dictionary attack is only useful if the password is a single word from the dictionary.
>>53045522
remembering 6 words is ridiculously easy though if you've studied basic memory techniques. The thing on the right isn't easy.
A password manager is fine, but if you want to access your email from a different computer it becomes a hassle.
>>53045574
That's simply not true.
>>53045574
Idiot
>not making your passwords the full navy seals pasta
>>53045536
Cool, test your theory. See how it goes ;)
>>53045585
>The thing on the right isn't easy.
youre not supposed to remember the thing on the right.
thats why you use a password manager and have it automatically fill it in for you
>but if you want to access your email from a different computer it becomes a hassle
Common logins such as main email/bank account/etc, should be remembered of course.
I have thousands of site logins, so it makes sense to keep them organized. It'd be completely stupid to remotely access your entire password database from different computers though.
When I was in the military we had to log down activities in the base in excel sheets and on each team we were given passwords requirements that had ridicolously many rules to them.
>Can't be a name, or any recognizable word
>Must have at least 4 numbers,
>2 capital letters in the middle not touching eachother
>has to be at least 14 letters long.
etc
>>53045590
The amount of time it'd take to brute 6 random dictionary words is not worth discussing. This is assuming the person even knows the person is using a bunch of random dictionary words.
No sane attacker is going to waste their time even attempting it.
btw, what's the best pw manager? Using IceCat
>>53045606
http://www.jbonneau.com/doc/BS12-USEC-passphrase_linguistics.pdf
It's not a theory, since it has already been proven time and time again. This is security 101.
>>53045704
That paper is about human-selected passwords.
>>53045522
I prefer passphrases, much better than any password.
>>53045574
>https://www.intego.com/mac-security-blog/wordpress-sites-hit-by-dictionary-attack/
>The attack commands infected users' machines to go through a dictionary of common, possible passwords to try to log into accounts with the default username "Admin."
> try to log into accounts with the default username "Admin."
>one word
And here's a real world example. Now find me an example of some successfully bruting a password that had multiple concatenated words.
You won't, because nobodies that retarded.
>>53045704
Did you even read the fucking paper?
>Even 2-word passphrases
may be able to raise the security of the weakest selections from below 10 bits
to over 20 bits which could be suļ¬cient to make online attacks impractical.
>2-word passphrases
>make online attacks impractical
Why do retards even response to me?
>work for Monsanto
>need to set up an 8-symbol password with uppercase, lowercase, symbols and numbers to use the computer
>set P3ni$ess
>use it until the end of internship
>mfw i've been using my same password for 90% sites I visit since i was in 5th grade
>it's a single dictionary word
>it even starts with an a
>same username too
kek
>>53045585
>A password manager is fine, but if you want to access your email from a different computer it becomes a hassle.
Carry a USB stick with a portable version of keepass and your database file.
>tfw lolipantsuslurping&futasniffing
What dictionary will have loli, pantsu, and futa?
>>53045928
>working for dirty Monsanto
>>53045312
> 20 random characters including lowercase, uppercase and numbers
> your password does not contain symbols. It is weak.
THESE PEOPLE I SWEAR
>>53045312
>you make a mistake in one of the fields
>entire page refreshes and everything gets cleared
>>53046329
fuck youuuuu
>>53045312
I use a random generator and pick one that i like then remember it. I train my memory and havent forgotten a single password so far (i currently use 4 different ones). They're all the length of 19 chars
>>53046329
This so fucking much
>>53046329
>have keepass
>refresh page
>90% fields gets automatically put in again
>no problem
>>53046007
Using the same password is not that retarded, but using the same username is. For example, a retarded redditor was too fucking annoying once, so I googled his username and found pics of him that I then posted on gay dating websites.
>>53046073
>putting your USB device into a stranger computer
>>53046707
thankfully I wasn't dumb enough to tie my username to who I personally am, ever.
I'm also not on any social media sites, so all you'd find is a bunch of porn sites and some forums.
>>53046732
Yeah, but people can still put together a profile.
What if I use weeb runes for my password?
>>53046073
>not using the android version and typing it manually
>>53046828
Ussually you cant
>>53045455
>using the smiley with a carat nose
>>53045673
Keepass
>>53047349
Which is sad. Passwords should be allowed to be any valid Unicode character in UTF-8 encoding. Why do so many websites hate entropy that they restrict people to alphanumeric and only certain passwords?
>putting in my password for a trivial website
>no requirements listed
>enter a password
>you must use a number
>enter a password
>you must use an uppercase letter
>enter a password
>you must use a symbol
>enter a password
>not that symbol
>finally get a password through
>months pass
>try to log in
>forget password
>go to reset it
>they list their requirements on the reset page
>now remember my password
>you must not reuse passwords for security reasons
Mandatory
>>53045585
>access your email from a different computer
>>53048150
>Passwords should be allowed to be any valid Unicode character in UTF-8 encoding.
No, they shouldn't. Ideally passwords would be restricted to just capital and lowercase letters, numbers, and two symbols for optimum entropy.
https://en.wikipedia.org/wiki/Base64
>>53048229
>goldfish memory
Rate my password lmao
>B1g1Blu3-733l3phant
>>53048884
I'm going to hack your 4chan account
>>53048884
>added to dictionary
>>53045468 >>53045536
Not if the words are randomly chosen from the list. That - Diceware - is the best secure way of choosing a passphrase. 10 words = 129 bits of pure, absolutely unassailable, entropy, even if the attacker knows the word list. 6 words is 77 bits, out of reach of an online attack and most non-nation-state attackers in an offline attack; 7 words puts it out of reach of the NSA for the next few years.
http://world.std.com/~reinhold/diceware.html
1. e4 e5 2. Nf3 Nc6 3. d4 ed4 4. Nd4 Bc5 5. Be3 Qf6 6. c3 Nge7 7. Be2 d5 8. ed5 Nd5 9. O-O Ne3 10. fe3 Qh6
that is how you create long passwords that you can remember easily fags
French killed my language. Very few people nowadays speaks my language, even Google don't. I use an old tainted form of my language, even spoke by fewer people.
Who will then break my sentence ?
ps: fuck the french
>>53049048
What language do you speak?
>>53050900
I'm guessing Flemish
>>53045312
I fucking hate these. The other problem is when they turn round and have a set of symbols that are allowed, but don't tell you which aren't.
However, I have little trouble now. I use Keepass to generate all my passwords. The only ones I don't care about and keep on a sticky note are my work passwords.
My password to my laptop at work is:
WindowsXEnterprise (where the X is a number).
I have to change my password every couple of months, so I just change the number. Fuck trying to do anything different to that.
>>53049093
>using the smiley with a carat nose
>>53046234
>Thinking Monsanto is dirty
I bet you think organic foods are somehow better for you.
>>53045522
It has nothing to do with randomness, just the extra characters %#&(&/",. which you could easily put in a easy to remember password like:
MargaretTatcherIs110%Sexy
Nobody is going to guess that and it's just as good as a random piece of shit password that you can't remember.
>>53048231
Randall has his moments.
Also the government probably pays way more than that for wrenches.
i sometimes use characters not present on keyboards.
ALT+255 is a fun one because nobody expects it and it's rarely in a dictionary or wordlist.
For extra security you can also use the greek question mark (looks exactly like a semicolon but isn't), this will really fuck up anyone who tries to type it if they see it.
>>53048937
This diceware looks very good, i think I'll give it a try sometime
>>53045312makepasswd -chars 16 -string 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890!@#$%^&*' -count 10
>>53052630public char*[] makepasswd (int chars) {
char* password[chars]=0;
for(password as in elem)
elem = getRandomChar();
return password;
}
public char* getRandomChar() {
return '4'; //Choosen by fair diceroll, gauranteed to be random.
}
>>53052630
I usually try not to use L and I because I and l looks almost or exactly the same in some fonts.
