Slashdot Mirror

← Back to Stories (view on slashdot.org)

Strong Passwords Not As Good As You Think

Posted by CmdrTaco on from the still-better-than-'password' dept.

Jamie noticed that Bruce Schneier wrote a piece on a paper on strong passwords that tells us that the old 'strong password' advice that many of us (myself included) regard as gospel might not be as true as we had hoped. They make things hard on users, but are useless against phishing and keyloggers. Everyone can change their password back to 'trustno1' now.

22 of 553 comments (clear)

  1. Woo hoo! by BobSixtyFour · · Score: 2, Funny

    Yes! Now i can change my password back to password!

    1. Re:Woo hoo! by ae1294 · · Score: 2, Funny

      At least those of us who speak french have much better passwords. Mine is 10 characters long, that's 2 characters better than yours!

      O yeah! Well my passwords go to 11.. yeah that's right... exactly 1 higher than yours frenchy...

    2. Re:Woo hoo! by SlashBugs · · Score: 4, Funny

      "lepassword"?

  2. c'mon by greebowarrior · · Score: 4, Funny

    surely we should all be changing our passwords back to "Joshua"?

    1. Re:c'mon by maxume · · Score: 2, Funny

      At least it is a reasonable name. If he named his kid Swordfish...

      --
      Nerd rage is the funniest rage.
  3. Re:I'll repeat what I've said before: Use sentence by Nerdfest · · Score: 4, Funny

    Slashdot is an excellent source of many of these sentences, as with spelling mistakes they're even harder to brute-force.

  4. My password by Rik+Sweeney · · Score: 4, Funny

    I sometimes set my password to ******** It sounds stupid but it has two advantages:

    1. I know that I've typed in a * because I can see it

    and, most importantly

    2. When I have to repeat my password to confirm it, I can just copy and paste the previous field, saving me literally seconds of typing

    --
    Summation 2
    1. Re:My password by ptbarnett · · Score: 2, Funny

      I sometimes set my password to ********

      Your password is hunter2?

  5. Re:HEY! by Mattcelt · · Score: 3, Funny

    Ha! Dumbass. You need a better password now, like the one I have on my luggage: 1-2-3-4-5

  6. Re:HEY! by Yvan256 · · Score: 4, Funny

    1-2-3-4-5? That's amazing. I've got the same combination on my planetary air shield!

  7. Re:News at 11 by grumpyman · · Score: 4, Funny
    "Security" people who don't know anything about non-IT users like to make password rules that are so obtuse that normal users simply can't deal with them. The result is sticky noted passwords.

    .... while sys admin uses "admin" as password on servers/switches without the need to change, ever?

  8. Re:I'll repeat what I've said before: Use sentence by MadKeithV · · Score: 3, Funny

    My password ends in:
    3...
    4 PROFIT!.
    It's a reward for whoever cracks it - they'll probably profit.

  9. Re:News for who? by Anonymous Coward · · Score: 2, Funny

    Here's another news flash for you, computers do not run on magic crystals.

    Duh! Everyone already know they run on smoke...

  10. Re:Throwing the baby out with the bathingwater? by ArsenneLupin · · Score: 2, Funny

    Yeah, Windows weaken the security of every house...

  11. Re:News at 11 by Deadstick · · Score: 5, Funny
    on my cubical wall

    Most of mine are planar...

    rj

  12. Re:limited application by Opportunist · · Score: 4, Funny

    It's a sticky note with gibberish on the monitor. What could it be.

    A friend of mine had a genuinely clever idea for a password: The serial key on the back of the monitor of the guy sitting opposite of him. He has it right in front of him, it's completely impossible to guess, no sticky note giving it away and yet it's written down and won't go away or get lost.

    He only has to call IT every other year when they upgrade monitors.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  13. Re:News at 11 by corbettw · · Score: 3, Funny

    Not yet, but that's supposed to be a feature in Windows 7.

    --
    God invented whiskey so the Irish would not rule the world.
  14. Re:News at 11 by geminidomino · · Score: 3, Funny

    ...using the first line of each song to generate your password... 'I see a little silhouetto of a man' becomes 15al50am

    I'm sure you mean "1ttr71tjf" yes?

  15. Re:HEY! by tnk1 · · Score: 3, Funny

    1-2-3-4-5?

    Newbs. The highly secure password on US Nuclear weapons used to be:

    00000000

    http://en.wikipedia.org/wiki/Permissive_Action_Link

    On the other hand, at least the US weapons actually have locks. Other countries' nukes don't.

  16. Re:News at 11 by sfarmstrong · · Score: 5, Funny

    I know! And "Area51" is like the only dictionary-like password within the constraints you describe, so I can crack the system in a single guess! And I'm practically guaranteed to get classified information with that kind of password!

  17. Even Better by Zygamorph · · Score: 3, Funny

    Years ago one of my co-workers was asked by management to do a global password change on the systems (s)he supported. It was to be done late Friday afternoon for the "usual" reasons. The systems were such that you couldn't just expire them so they were individually reset to new ones. (S)He did this and then put post-its on everyone's monitor to let them know what their new password was when they came in on Monday. Shortly thereafter there was a new global password change.

  18. Re:News at 11 by Anonymous Coward · · Score: 1, Funny

    Yes - since I installed some software that would rid my computer of malware I've needed my credit card to log in and add updates. Each time I log in it costs more to get rid of the malware. At least I know it is secure because I've paid for the software.

    Oddly my credit card details keep getting stolen since I installed the software. It can't be this trustworthy software can it?