Password strength

Discussion in 'all things UNIX' started by Dregg Heda, Nov 25, 2010.

Thread Status:
Not open for further replies.
  1. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    How strong should my passwords be? In particular for my e-mail accounts. What about for forums and message boards? How regularly should I change my passwords? Also I sometimes use the password storing capabilities of my browser, how strong should my master password be? Thanks.
     
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,694
    Same as any other os. Besides, it's not the strength of the password that is important, it's how often you use it and where. For example, you should not use the same password for forums and your bank. Make them different to avoid password guessing. Any decent 8-character password is more than sufficient for normal use.
    Mrk
     
  3. raspb3rry

    raspb3rry Registered Member

    Joined:
    Jun 8, 2010
    Posts:
    37
    Well, try this javescript-page: http://www.passwordmeter.com/
    It gives you an idea of how to make a strong password.

    Taken from: http://www.engadget.com/2010/08/16/gpus-democratize-brute-force-password-hacking/
     
  4. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    So based on this would you suggest 12 character long passwords for all of my logins? Or would something simpler like 8 characters suffice for messageboards, while maybe something much stronger like 15 characters for e-mail accounts? What about for anything involving credit card purchases? 20 characters? What about e-banking should I ever go down that path? 25 characters? 30?

    Mrk:

    Are you suggesting that 8 characters would suffice for all the activities I listed above, including some of the more sensitive stuff?
     
  5. Woodgiant

    Woodgiant Guest

    Hey Dregg Heda
    If you going to have passwords on 10 or 12 charaters and you dont use any form of passwords managers then you easily got a lot to remember. o_O
    But even if you have a password manager,that can generate long passwords, you must still use some strong passwords to log on to Windows and other programs.
    So you must have a system to build stong long passwords there are easy to remember. My suggestion is this recipe to good passwords:
    Make a sentence you always remember. For example: the grass is always greener on the other side.
    Then take the first letter of each word in the sentence.
    You will now have the password: tgiagotos.
    Ok- then put in you birthdate in the end of the sentence, now you will have the password:
    tgiagotos17/06.
    If you then start the password with a capital letter,- then you will have the following:
    Tgiagotos17/06. Strong Password - easy to remember.

    Best Regards (just take a phrase and turn it into your password):)
     
  6. raspb3rry

    raspb3rry Registered Member

    Joined:
    Jun 8, 2010
    Posts:
    37
    Well. I would suggest that you used a password manager like KeePass(X), and create a secure password for the database.

    Think about worst case scenarios:
    What would happen, if anyone gained access to
    - Your Wilders-account? Not a damn thing, so no need for a secure password.
    - Your private mail? Probably a whole lot more, so make the password a secure one.
     
  7. mack_guy911

    mack_guy911 Registered Member

    Joined:
    Mar 21, 2007
    Posts:
    2,677
    try to break that with local brute force in win rar file any cracker if successful please do tell me

    ZAychik+Moy@=9812

    or

    LApushKa@39
     
  8. scott1256ca

    scott1256ca Registered Member

    Joined:
    Aug 18, 2009
    Posts:
    144
    Actually, I see nothing wrong with just using
    "the grass is always greener on the other side."

    Unless someone has an idea that you are using a common phrase, i think it would be pretty hard to crack. I admit if people saw you regularly typing in a 46 character password, they could guess it was a phrase and might be able to brute force it after making that assumption. So you might want to change or add something to it.

    I recently went to using keepass to store passwords and changed my pw on forums. My bank password was always different than that used on forums. Nonetheless, I'm glad I started using some form of password manager, and I'd recommend using one.

    Edit:
    After this discussion, I wouldn't recommend that EXACT phrase. :)

    Another edit:
    Part of the reason I think using a phrase like that would be ok is because nobody, or at least nearly nobody advocates it. Much better security if people use a wide variety of methods to choose passwords, as long as they aren't trivial.
     
  9. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    I use Password Safe by SourceForge.net. It's a free manager and generates passwords for you in any size.
     
  10. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    I need a password manager for Mac. One that is preferably portable.
     
  11. raspb3rry

    raspb3rry Registered Member

    Joined:
    Jun 8, 2010
    Posts:
    37
  12. tlu

    tlu Guest

    LastPass
     
  13. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Thanks for responding guys.

    I dont like keepass because id have to download mono. It seems complicated to install and im worried that it might make me vulnerable to windows virii.

    How safe is lastpass? Can I trust important passwords to the cloud?
     
  14. tlu

    tlu Guest

  15. ashishtx

    ashishtx Registered Member

    Joined:
    Oct 7, 2005
    Posts:
    389
    Location:
    Houston,Texas
Thread Status:
Not open for further replies.