oneFishtwoFishthreeFishfourFuckyou
My password is always the complete url of the last porn video i watched
Nice try, fourtysevenZipfelklatscher.
Maybe I’m misunderstanding the graphic, but why the hell is a password that would take 9000 years to crack not considered secure enough to be colored green? What context would even realistically allow for the password to still be relevant at that point?
The speed of cracking isn’t static. It’s 9k today. Tomorrow they come up with a new cracking algorithm, or a new Faster GPU.
Ah, that makes sense. Thanks for the explanation.
Man! I have no idea what your password/passphrase could be. It sure isn’t Hunter2. Although… perhaps you repeated Hunter2 and or Huntertwo, with a special character or two.
It’s bad. Use a password manager and its generator.
A long password made of different parts that you can remember in your head is far more secure than any manager that can get hacked.
I have too many passwords for that.
Correct, Horse.
Battery Staple
I use obscure quotes and turn letters into numbers. Example (of a quote that isn’t obscure):
Once more into the breach, my friends.
becomes
0m1tb, mf!
Why not use literal quote? Quite enough symbols for entropy. I did use literal quotes before I started generating my passwords.
That reminds me of a novel based on the HALO universe. In it, a minor character has the password `ThereOnceWasAGirl`. However, he has to type it twice to start his shift because he accidentally didn’t capitalize a letter, I think the W, when typing it.
I read that as a teenager. I didn’t understand why the author included that detail then and I don’t now.
It is called salt and useful so long as the main part of the password is generally secure without. I have a couple common things I add to any password I have to create (generally meaning my password manager’s automatic generation is rejected), but this is only useful because I figure humans won’t guess the rest (nor will they feed that into a computer to guess the rest which probably isn’t long enough to be secure alone), and the whole then becomes long enough that a computer can’t brute force it. Note that I don’t always use exactly the same sale factors and I don’t put them in the same place - if you know what I try you can brute force my hand generated passwords with a computer but the job is much harder in hopes that you give up.
But if at all possible I will prefer to use a generate password from my password manager which is even more secure. Humans are very bad are creating passwords - even humans who know all the things to get wrong tend to be bad at it.
An erstwhile co-worker used to create passwords by stringing together the names of porn actresses and, I think, adding two random numbers at the end.
Before I started working with them, apparently they almost told the owner of the company this, but were talked down by some other compatriots.
Hunter2fuck
*******fuck
I don’t get it.
I love the idea that someone created a system that censors everything that’s not a swear word.
“244466666” Can be explained as “One 2, three 4, five 6.”
12345sixperkele
I once got annoyed that my apparently OK password wasn’t being accepted so went with fuckaduck plus some numbers!
The point is… It does not really matter, as long as your password is not trivial the security relies more in the algorithm than in the chosen password.
With bcrypt + round parameters, password stretching or any other key derivation technique, even weak passwords cant be cracked in a realistic time frame
If you are generating your password in your head then it is probably trivial in some important way. Even if you are a password expert who knows all the ways humans get passwords wrong your password is probably trivial in ways you will realize as you generate it.
Here trivial means that it shouldn’t appear in a dictionary so it will reddit the first million most probably password attack, the crypto techniques will take care of the rest to make them un feasible
