Password strength

How strong should my passwords be? In particular for my e-mail accounts. What about for forums and message boards? How regularly should I change my passwords? Also I sometimes use the password storing capabilities of my browser, how strong should my master password be? Thanks.

 

Same as any other os. Besides, it's not the strength of the password that is important, it's how often you use it and where. For example, you should not use the same password for forums and your bank. Make them different to avoid password guessing. Any decent 8-character password is more than sufficient for normal use.
Mrk

 

Well, try this javescript-page: http://www.passwordmeter.com/
It gives you an idea of how to make a strong password.

Taken from: http://www.engadget.com/2010/08/16/gpus-democratize-brute-force-password-hacking/

 

So based on this would you suggest 12 character long passwords for all of my logins? Or would something simpler like 8 characters suffice for messageboards, while maybe something much stronger like 15 characters for e-mail accounts? What about for anything involving credit card purchases? 20 characters? What about e-banking should I ever go down that path? 25 characters? 30?

Mrk:

Are you suggesting that 8 characters would suffice for all the activities I listed above, including some of the more sensitive stuff?

 

Hey Dregg Heda
If you going to have passwords on 10 or 12 charaters and you dont use any form of passwords managers then you easily got a lot to remember.
But even if you have a password manager,that can generate long passwords, you must still use some strong passwords to log on to Windows and other programs.
So you must have a system to build stong long passwords there are easy to remember. My suggestion is this recipe to good passwords:
Make a sentence you always remember. For example: the grass is always greener on the other side.
Then take the first letter of each word in the sentence.
You will now have the password: tgiagotos.
Ok- then put in you birthdate in the end of the sentence, now you will have the password:
tgiagotos17/06.
If you then start the password with a capital letter,- then you will have the following:
Tgiagotos17/06. Strong Password - easy to remember.

Best Regards (just take a phrase and turn it into your password)

 

Well. I would suggest that you used a password manager like KeePass(X), and create a secure password for the database.

Think about worst case scenarios:
What would happen, if anyone gained access to
- Your Wilders-account? Not a damn thing, so no need for a secure password.
- Your private mail? Probably a whole lot more, so make the password a secure one.

 

try to break that with local brute force in win rar file any cracker if successful please do tell me

ZAychik+Moy@=9812

or

LApushKa@39

 

Actually, I see nothing wrong with just using
"the grass is always greener on the other side."

Unless someone has an idea that you are using a common phrase, i think it would be pretty hard to crack. I admit if people saw you regularly typing in a 46 character password, they could guess it was a phrase and might be able to brute force it after making that assumption. So you might want to change or add something to it.

I recently went to using keepass to store passwords and changed my pw on forums. My bank password was always different than that used on forums. Nonetheless, I'm glad I started using some form of password manager, and I'd recommend using one.

Edit:
After this discussion, I wouldn't recommend that EXACT phrase.

Another edit:
Part of the reason I think using a phrase like that would be ok is because nobody, or at least nearly nobody advocates it. Much better security if people use a wide variety of methods to choose passwords, as long as they aren't trivial.

 

I use Password Safe by SourceForge.net. It's a free manager and generates passwords for you in any size.

 

I need a password manager for Mac. One that is preferably portable.

 

Try http://www.keepassx.org/downloads/ or http://keepass.info/download.html...

 

LastPass

 

Thanks for responding guys.

I dont like keepass because id have to download mono. It seems complicated to install and im worried that it might make me vulnerable to windows virii.

How safe is lastpass? Can I trust important passwords to the cloud?

 

I think you should form an own opinion. Good starting places are:
http://lastpass.com/support_faqs.php
http://blog.lastpass.com/2010/07/lastpass-gets-green-light-from-security.html
http://blog.tinisles.com/2010/01/should-you-trust-lastpass-com/

 

You can use something like this

http://crypto.stanford.edu/PwdHash/