Slashdot Mirror

← Back to Stories (view on slashdot.org)

Passwords That Are Simple — and Safe (?)

Posted by CmdrTaco on from the pardon-my-skepticism dept.

TravisTR submitted a story that talks about simpler passwords. I don't think anyone disagrees that having elaborate rules with 20 char passwords requiring mixed cases and symbols and requiring them to change frequently is a pain, but I'm not sure that allowing unique but simpler passwords is a better idea.

3 of 563 comments (clear)

  1. Re:changing passwords frequently makes no sense by Monkeedude1212 · · Score: 4, Informative

    People who argue that changing passwords frequently* is a waste of time has not had to deal with the security issue of people sharing their passwords on a regular basis. On the odd occaison, the Receptionists will share passwords so they can log in on each other's computers and access each others files. As an IT team we've done our best to abstract that concept by allowing anyone to log onto any computer in the network so long as they have an account, and mapping network drives automatically based on your permissions, but suffice to say some people just don't understand that. Someone will still only save to "My Documents" or C: drive, because thats what they do at home. Anyways, if someone gets terminated, and they remember the passwords, they pose a security risk. We had this issue come up last summer where a manager knew a few people's passwords, and after being fired, was using the webmail client to snoop on emails.

    I haven't been working in this side of IT for more than 2 years and I can already see the benefit of ever-changing passwords.

    *I suppose that depends how frequently you are talking

  2. Pass Phrases by Lifyre · · Score: 5, Informative

    Stop using pass words and move on to pass phrases. They can be fairly long and still easy to remember. Increasing the number of characters does more to make something hard to crack than adding more symbols does.

    Hell a phrase like "Purple Elephants make for a rough Work Day" is much harder to crack than "1qaz@WSX3edc$RFV"

    It may make dictionary attacks more effective but it will completely destroy brute force methods. Of course the biggest issue is still social engineering so it is still a mostly moot point once you get past trivial passwords.

    --
    I'll meet you at the intersection of "Should be" and "Reality"
  3. Re:SImple non-dictionary passwords by ArcherB · · Score: 5, Informative

    The best passwords I've used are non-dictionary but pronounceable words. The simplest way to generate one is to alternate consonants and vowels, for example 'lasopedi'. It's easy to remember because your brain can store it as a word, not as a random series of letters. You can add uppercase letters, symbols, or numbers if you want it more complex, like 'lasoPedi2!', which is still pretty easy to remember.

    The best passwords I've found are sentences translated into passwords. For example:

    My phone number is 555-234-2344 : Mp#i555-234-2344
    I live at 2202 Park Street : Il@2202PSt
    Four score and seven years ago : 4Sa7ya...
    My wife won't go down on me since we got married! : Mww'tgdomswgm!

    Whatever. You get the idea. All you have to remember is the sentence.

    --
    There is no "I disagree" mod for a reason. Flamebait, Troll, and Overrated are not substitutes.