User Tag List

First 2345 Last

Results 31 to 40 of 44

  1. #31
    The Memes Justify the End EcK's Avatar
    Join Date
    Nov 2008
    MBTI
    ENTP
    Enneagram
    738
    Socionics
    ILE None
    Posts
    7,604

    Default

    Quote Originally Posted by highlander View Post
    That's not advertising. I'm not soliciting anything. It's an independent review of the software. I'm recommending something that I know and use that I think is good. The purpose for posting it is to educate the members on how this kind of software works. @PeaceBaby recommended another product. It doesn't matter which one you use. Just use one of them.

    If I had two recommendations that I could make, I would suggest that you
    - Implement password management software and pick different passwords for every site you go to
    - Don't run as a local administrator on your computer (by default). Set up two accounts - one which is a regular user and one which is an administrator. Only run as administrator when you need to install software or something similar.

    The first thing reduces the potential that your compromised passwords on one system will lead to compromised passwords on another one. The second recommendation is important because it reduces the chance that you will get malware on your computer.
    Jokes aside (so 80% of what I say ) I've been considering adopting such a method.
    I, and I suspect most net security conscious people, am constantly plagued by password amnesia due to regular password changes and different passwords everywhere.
    At the same time centralizing it on one platform could make it more vulnerable - no code is 100% hack proof after all. But yeah overall I think it could result in a security net gain.

    In general most sites have nonsensical password protections systems.
    You can retrieve someone's password by knowing BASIC FACTS that anyone in their surrounding would be likely to know.
    name of your pet
    school name
    birthdate ...
    Have these people ever heard about social engineering? I could get that info in 3 phone calls to their relatives.

    So I always have to makeup stuff and I eventually forget exactly what fib I gave for an old email account 8 years ago.

    There's also this strange belief that weird passwords no human brain can easily memorize are somehow more secure - I don't think that's the case.


    ie: yeah sure from a purely mathematical perspective assuming same password length it's often true - but as they're hard to remember people make them shorter and rely on crappy password recovery methods and use these impossible-to-remember-passwords on multiple platforms - ending up in a net loss in overall security


    let's play a game, according to How Secure Is My Password? here's the time needed to crack these passwords

    human-friendly password:
    1mwithpeetreed1sh 227 MILLION YEARS to crack - easy to remember

    classic 'recommended' password (more complicated so people will make them shorter)
    13P72!Lisa : 6 years

    So my pass is rougly 38,000,000 times more secure and takes about 1 second to memorize - furthermore i won't need to write it down everywhere to remember it etc.
    Expression of the post modern paradox : "For the love of god, religions are so full of shit"

    Theory is always superseded by Fact...
    ... In theory.

    “I’d hate to die twice. It’s so boring.”
    Richard Feynman's last recorded words

    "Great is the human who has not lost his childlike heart."
    Mencius (Meng-Tse), 4th century BCE

  2. #32
    The Memes Justify the End EcK's Avatar
    Join Date
    Nov 2008
    MBTI
    ENTP
    Enneagram
    738
    Socionics
    ILE None
    Posts
    7,604

    Default



    xkcd: Password Strength - Creative Commons Attribution-NonCommercial License = content is free to share in full
    Expression of the post modern paradox : "For the love of god, religions are so full of shit"

    Theory is always superseded by Fact...
    ... In theory.

    “I’d hate to die twice. It’s so boring.”
    Richard Feynman's last recorded words

    "Great is the human who has not lost his childlike heart."
    Mencius (Meng-Tse), 4th century BCE
    Likes Tater liked this post

  3. #33
    The Bat Man highlander's Avatar
    Join Date
    Dec 2009
    MBTI
    INTJ
    Enneagram
    6w5 sx/sp
    Socionics
    ILI Ni
    Posts
    21,846

    Default

    Quote Originally Posted by EcK View Post
    Have these people ever heard about social engineering? I could get that info in 3 phone calls to their relatives.

    There's also this strange belief that weird passwords no human brain can easily memorize are somehow more secure - I don't think that's the case.

    So my pass is rougly 38,000,000 times more secure and takes about 1 second to memorize - furthermore i won't need to write it down everywhere to remember it etc.
    You got it.

    Please provide feedback on my Nohari and Johari Window by clicking here: Nohari/Johari

    Tri-type 639

  4. #34
    Senior Member
    Join Date
    Sep 2015
    Posts
    2,446

    Default

    Quote Originally Posted by EcK View Post
    Jokes aside (so 80% of what I say ) I've been considering adopting such a method.
    I, and I suspect most net security conscious people, am constantly plagued by password amnesia due to regular password changes and different passwords everywhere.
    At the same time centralizing it on one platform could make it more vulnerable - no code is 100% hack proof after all. But yeah overall I think it could result in a security net gain.

    In general most sites have nonsensical password protections systems.
    You can retrieve someone's password by knowing BASIC FACTS that anyone in their surrounding would be likely to know.
    name of your pet
    school name
    birthdate ...
    Have these people ever heard about social engineering? I could get that info in 3 phone calls to their relatives.

    So I always have to makeup stuff and I eventually forget exactly what fib I gave for an old email account 8 years ago.

    There's also this strange belief that weird passwords no human brain can easily memorize are somehow more secure - I don't think that's the case.


    ie: yeah sure from a purely mathematical perspective assuming same password length it's often true - but as they're hard to remember people make them shorter and rely on crappy password recovery methods and use these impossible-to-remember-passwords on multiple platforms - ending up in a net loss in overall security


    let's play a game, according to How Secure Is My Password? here's the time needed to crack these passwords

    human-friendly password:
    1mwithpeetreed1sh 227 MILLION YEARS to crack - easy to remember

    classic 'recommended' password (more complicated so people will make them shorter)
    13P72!Lisa : 6 years

    So my pass is rougly 38,000,000 times more secure and takes about 1 second to memorize - furthermore i won't need to write it down everywhere to remember it etc.

    Ha. I always pick obscure facts or details based on my life from many years years ago or add together a bunch of numbers which I consider significant..which no one in my personal life would be able to guess.. hope that's secure enough.

  5. #35
    The Memes Justify the End EcK's Avatar
    Join Date
    Nov 2008
    MBTI
    ENTP
    Enneagram
    738
    Socionics
    ILE None
    Posts
    7,604

    Default

    Quote Originally Posted by FutureInProgress View Post
    Ha. I always pick obscure facts or details based on my life from many years years ago or add together a bunch of numbers which I consider significant..which no one in my personal life would be able to guess.. hope that's secure enough.
    Yeah and how do you remember it 8 years later. Knowing that for it to be secure you d have to give at least partially different answers to what are usually the same stupid questions..?

    So you remember every bogus answer to everything years later? Also - if your answer is at least partially guessable then that can still be a security issue.
    Expression of the post modern paradox : "For the love of god, religions are so full of shit"

    Theory is always superseded by Fact...
    ... In theory.

    “I’d hate to die twice. It’s so boring.”
    Richard Feynman's last recorded words

    "Great is the human who has not lost his childlike heart."
    Mencius (Meng-Tse), 4th century BCE

  6. #36
    Senior Member
    Join Date
    Sep 2015
    Posts
    2,446

    Default

    I answer honestly but give the least obvious answer from what people know of me. I am not typically one to tell people much about my personal life or back history. The ones I am closest to know not to tell others much about me. I am quite guarded.

  7. #37
    The Memes Justify the End EcK's Avatar
    Join Date
    Nov 2008
    MBTI
    ENTP
    Enneagram
    738
    Socionics
    ILE None
    Posts
    7,604

    Default

    Quote Originally Posted by FutureInProgress View Post
    Ha. I always pick obscure facts or details based on my life from many years years ago or add together a bunch of numbers which I consider significant..which no one in my personal life would be able to guess.. hope that's secure enough.
    Yeah and how do you remember it 8 years later. Knowing that for it to be secure you d have to give at least partially different answers to what are usually the same stupid questions..?

    Also- it doesn't matter what patchwork strategy you have - that still doesn't make this security measure secure.

    You can have a 70 character email of random characters but it wouldn't matter much if someone can get access by inputting your first school (listed on your fb or ome phone call away) etc.

    If you have a complex "non human friendly password" you re going to store it on very accessible devices (mobile, on paper, computer...) so still not secure.
    Expression of the post modern paradox : "For the love of god, religions are so full of shit"

    Theory is always superseded by Fact...
    ... In theory.

    “I’d hate to die twice. It’s so boring.”
    Richard Feynman's last recorded words

    "Great is the human who has not lost his childlike heart."
    Mencius (Meng-Tse), 4th century BCE

  8. #38
    Senior Member
    Join Date
    Sep 2015
    Posts
    2,446

    Default

    Quote Originally Posted by EcK View Post
    Yeah and how do you remember it 8 years later. Knowing that for it to be secure you d have to give at least partially different answers to what are usually the same stupid questions..?

    Also- it doesn't matter what patchwork strategy you have - that still doesn't make this security measure secure.

    You can have a 70 character email of random characters but it wouldn't matter much if someone can get access by inputting your first school (listed on your fb or ome phone call away) etc.

    If you have a complex "non human friendly password" you re going to store it on very accessible devices (mobile, on paper, computer...) so still not secure.
    I typically don't tell people much about my past, family, personal info... and my Facebook doesn't reveal much of anything.

    For better or worse, I don't write down my passwords, and I have a separate passwords for both my computer and mobile.

  9. #39
    The Memes Justify the End EcK's Avatar
    Join Date
    Nov 2008
    MBTI
    ENTP
    Enneagram
    738
    Socionics
    ILE None
    Posts
    7,604

    Default

    Quote Originally Posted by FutureInProgress View Post
    I typically don't tell people much about my past, family, personal info... and my Facebook doesn't reveal much of anything.

    For better or worse, I don't write down my passwords, and I have a separate passwords for both my computer and mobile.
    so you mean I can't figure out your old school's name, pet name etc. by calling your great aunty or something like that and giving her a boggus reason to give away the information ?

    Dude, get real. This is not secure, giving me your personal story won't change how unsecure these ineffective and ubiquitous easy-to-hack security measures are.
    I'm not attacking you personally. I'm happy for you if you make your passes a bit more secure - that still doesn't make the policy a good one. That's akin to saying that cars are perfectly safe because you've never died in one - not a good argument.

    As to the passwords - the classic "ad at least one number and one symbol like !" well first off people will generally use the same symbols (! ? & ) and capitalize only the first letter of their password so it's not like it adds that much complexity to the password. You just set up your password breaking software to start with the most likely combination and it d probably cut down the time needed by a factor of thousands whether you use special symbols and numbers or not.

    Secondly it's obvious the people who set it up are kind of low-level in terms of theory of mind / psychology. It's beyond obvious that you'll choose a shorter password if the site's asking you to setup a non-human-friendly password.+ you'll have to store it somewhere else than just in your brain because who the hell can remember :

    a1rRbo4t& as easily as peachfetchingpricemarket.

    So these passwords are not only in practice less secure by huge factors (generally millions time less secure ) but they're not user-friendly in any way.

    in short - these policies suck and their wide adoption rate is just a testament to how short-sighted and frankly dull when it comes to any other type of intelligence than mathematical many developers are. Theories about what makes people and data safe are entirely irrelevant to what people actually do. Theory is always superseded by fact. .


    Any questions ?
    Expression of the post modern paradox : "For the love of god, religions are so full of shit"

    Theory is always superseded by Fact...
    ... In theory.

    “I’d hate to die twice. It’s so boring.”
    Richard Feynman's last recorded words

    "Great is the human who has not lost his childlike heart."
    Mencius (Meng-Tse), 4th century BCE

  10. #40
    Senior Member prplchknz's Avatar
    Join Date
    Jun 2007
    MBTI
    yupp
    Posts
    32,628

    Default

    i tend to use the same 3 passwords for everything. and every semester when we have to change our email password i can never remember what it is because you only have to put in twice a year and i usually end up yelling at the computer.
    In no likes experiment.

    that is all

    i dunno what else to say so

Similar Threads

  1. Public Service Announcement to Paranoid Fi doms
    By simulatedworld in forum Myers-Briggs and Jungian Cognitive Functions
    Replies: 490
    Last Post: 02-01-2010, 10:58 PM
  2. 1Gbps (to the home) Fiber-Optic Service Arrives in Japan on October 1
    By Grayscale in forum Science, Technology, and Future Tech
    Replies: 18
    Last Post: 11-12-2008, 06:20 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
Single Sign On provided by vBSSO