Win a copy of Micro Frontends in Action this week in the Server-Side JavaScript and NodeJS forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Bear Bibeault
  • Junilu Lacar
Sheriffs:
  • Jeanne Boyarsky
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • salvin francis
  • Frits Walraven
Bartenders:
  • Scott Selikoff
  • Piet Souris
  • Carey Brown

how long is your password?

 
author & internet detective
Posts: 40213
816
Eclipse IDE VI Editor Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
E-mail forward from a collegue:

During a recent password audit at a large company, it was found that one receptionist was using the following password:

"MickeyMinniePlutoHueyLouieDeweyDonaldGoofySacramento"

When asked why she had such a long password, she said she was told that it had to be at least eight characters long and include at least one capital.



Aside from a laugh, this got me thinking - how long is your longest password? Mine is 15 characters.
 
Marshal
Posts: 67451
173
Mac Mac OS X IntelliJ IDE jQuery Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
17
 
author
Posts: 23883
142
jQuery Eclipse IDE Firefox Browser VI Editor C++ Chrome Java Linux Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Nine. Only because the system rejected my more widely used one that has a length of five.
 
Jeanne Boyarsky
author & internet detective
Posts: 40213
816
Eclipse IDE VI Editor Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Henry:
And you like odd numbers? Is the requirement 8 or 9 for the system that didn't like 5.

Bear:

How do you remember it!
 
Rancher
Posts: 4686
7
Mac OS X VI Editor Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Good systems do not use a pass "word" but rather a pass phrase. The pass phrase to my GPG key is many words.

Passwords are poor security. Made worse by requiring users to change them frequently. The definition of "frequently" varies.

If you make people use strong passwords for things that they do not use daily, they will write them down, or use the same password on every site.
 
Bear Bibeault
Marshal
Posts: 67451
173
Mac Mac OS X IntelliJ IDE jQuery Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Jeanne Boyarsky wrote:Bear:

How do you remember it!


It's a phrase that can be spoken and is easy to remember, but would be impossible to guess.
 
Sheriff
Posts: 9674
42
Android Google Web Toolkit Hibernate IntelliJ IDE Spring Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
19
 
Bartender
Posts: 6663
5
MyEclipse IDE Firefox Browser Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
So which password are you guys talking about ? Hopefully you folks are revealing the number for a password that cannot be brute forced from a public network.

Anywho, most of my passwords are complicated. The longest one is more than 25 characters.



 
Java Cowboy
Posts: 16084
88
Android Scala IntelliJ IDE Spring Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I use a different password for each website or thing that needs a password. Almost all of my passwords are strings of random letters, numbers and other characters, between 8 and 15 characters. Ofcourse I can't remember all those passwords (I have more than 200 of them); I use a tool to manage all those passwords.
 
Ranch Hand
Posts: 1374
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Would you mind sharing the tool name?
 
Bartender
Posts: 2658
19
Netbeans IDE C++ Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
lots of 20 char passwords.
managed by keypass.
 
clojure forum advocate
Posts: 3479
Mac Objective C Clojure
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
11 but I'm jealous and thinking to change it.
 
Jeanne Boyarsky
author & internet detective
Posts: 40213
816
Eclipse IDE VI Editor Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Deepak Bala wrote:So which password are you guys talking about ? Hopefully you folks are revealing the number for a password that cannot be brute forced from a public network.


Hint: It's not my JavaRanch or e-mail password. Even if you knew a public website for which I had a 15 character password, that would be a lot of work to brute force it.
 
Bartender
Posts: 1197
22
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Bear Bibeault wrote:

Jeanne Boyarsky wrote:Bear:

How do you remember it!


It's a phrase that can be spoken and is easy to remember, but would be impossible to guess.



You HOPE it's impossible. If I had to guess, it might have something to do with motorcycles, your dog and/or blowing up tanks for the military. :-)


Anyhow, my "root" (not in the Unix sense of the word) password is 10 letters long. I then tack on between 2 and 8 additional characters or mangle it in some other way for each system. I match the amount of mangling to the required security level. e.g. My bank password is longer and harder to type than the one I use here.

One guy I took some classes with doesn't even know his exact password. It involves typing one word, then hitting HOME and sprinkling in a handful of other letters with various combinations of arrow keys, letters, numbers, Caps Lock, END, etc.

BTW, my wife does not know my password.


During a recent password audit at a large company, it was found that one receptionist was using the following password:
"MickeyMinniePlutoHueyLouieDeweyDonaldGoofySacramento"



I'm sure this is just a joke, but...
I am severely disappointed that a system makes anyone's passwords retrievable. I'm also disappointed that anyone doing a security audit would reveal any of the passwords that people are using.

 
Pat Farrell
Rancher
Posts: 4686
7
Mac OS X VI Editor Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Ryan McGuire wrote:You HOPE it's impossible. If I had to guess, it might have something to do with motorcycles, your dog and/or blowing up tanks for the military.



Perhaps a bit too meaningful for MD, but one never talks about "impossible" when dealing with crypto. All you can do is talk about how impractical it would be to guess that Bear's passphrase starts out "I used to love Harleys but they break down too often" or any other passphrase.

What you can do is an engineering estimate, figure out time to brute force one attempt, put a large number of multi-core systems on it in parallel and come up with a number.

Altho when you get to needing the same number of processors as there are atoms in the universe, and more time than has elapsed since the Big Bang, one does start to think its impossible.
 
Vikas Kapoor
Ranch Hand
Posts: 1374
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Ryan McGuire wrote:

Bear Bibeault wrote:It's a phrase that can be spoken and is easy to remember, but would be impossible to guess.



You HOPE it's impossible. If I had to guess, it might have something to do with motorcycles, your dog and/or blowing up tanks for the military. :-)



You forgot to mention general guess , Girlfriend name. ;-). Other than what you have listed, I would guess something related to MAC (Apple) and cooking.
 
Vikas Kapoor
Ranch Hand
Posts: 1374
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Pat Farrell wrote:What you can do is an engineering estimate, figure out time to brute force one attempt, put a large number of multi-core systems on it in parallel and come up with a number.



This will cover the source to generate different phrases but did you consider the capacity of server (which ACTUALLY authenticate whether password is right/wrong)?
 
Pat Farrell
Rancher
Posts: 4686
7
Mac OS X VI Editor Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Vikas Kapoor wrote:This will cover the source to generate different phrases but did you consider the capacity of server (which ACTUALLY authenticate whether password is right/wrong)?


For most estimates, one works with worst case, so you assume that there is no server delay loop, no refusal to talk to you after N failures. And while these could add time to each test for say web access, they have do impact in others, say you physically have Bear's hard disk and you are trying to gain access to the files.

Also, most of these calculations are essentially Big-O, so all the constants fall out. Things like assuming that you have as many computers are there are atoms in the universe gives a strong hint that we won't be sweating the small stuff.
 
Ranch Hand
Posts: 53
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ha, I was just talking to my friend the other day about this, and he told me to make an overly complex password, because my current one was 'too weak'.

So, it went from eight to twenty one. o.o




 
Jesper de Jong
Java Cowboy
Posts: 16084
88
Android Scala IntelliJ IDE Spring Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Vikas Kapoor wrote:Would you mind sharing the tool name?


OpenOffice Calc (spreadsheet)....
 
Jesper de Jong
Java Cowboy
Posts: 16084
88
Android Scala IntelliJ IDE Spring Java
 
Dinner will be steamed monkey heads with a side of tiny ads.
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
reply
    Bookmark Topic Watch Topic
  • New Topic