What is Digg?119 Comments
- dandyhighwayman, on 10/12/2007, -3/+45I agree with this article. People need to use more complex passwords. That is why I always use 4%%GTY&*8&*_! as my password.
- Urusai, on 10/12/2007, -9/+45What that commercial DOESN'T show is the kid with the gun shooting a child-molesting burglar who had broken in and was about to rape them. The moral: always equip your kids with loaded firearms, because it's a dangerous world out there. Oh yeah, and the kid later became a scientist, cured cancer, won the Nobel Prize, and retired to Tahiti, all because of the gun. You can't afford NOT to get a gun for your kids, FFS.
- Yuffie, on 10/12/2007, -1/+36I cracked a Win2000 password for a friend once cuz he forgot the password. The sad thing is that his password was password...
- admirabumblebee, on 10/12/2007, -2/+31Do mac users use 'iPassword' as their password?
.... - jsg7, on 10/12/2007, -2/+26"What was the password?"
"12345."
"Amazing! I have exact same combination on my luggage!"
If you don't know where that came from, you aren't truly a geek... - Bostonsox, on 10/12/2007, -6/+30How is password protection an oxymoron?
Maybe a better title would be like "Password protection is nonexistant". - devindotcom, on 10/12/2007, -1/+25Not a lot of new info here.. people have been choosing foolish passwords since passwords were invented and ever since it was possible there have been crackers and blitzers to overpower unprotected systems.
- elnerdo, on 10/12/2007, -1/+23When I generate a password, I use this simple formula:
Open dictionary. Pick word
Misspell word, and place a couple random letters and numbers within.
Example:
Step 1: Treefort
Step 2: Treefourt
Step 3: Tree10fourt't
And thus, tree10fourt't would be my password. This results in a password that retains the security of a randomly generated password, while still being easy to remember. - dandyhighwayman, on 10/12/2007, -2/+22iDunno...
- inactive, on 10/12/2007, -7/+25I use p4$$w0rD because i am an 3L33T idiot.
- Roger, on 10/12/2007, -2/+20@Yuffie
Better not lose your finger then. - hankyone, on 10/12/2007, -2/+15if you use "password" as a password then you deserve to get hacked
- Yuffie, on 10/12/2007, -8/+20I use my fingerprint thanks to my IBM thinkpad!
- dandyhighwayman, on 10/12/2007, -2/+13Dammit! I just changed my password to "passworld."
- trib4lmaniac, on 10/12/2007, -2/+12One of the networks at my college actually does use "P4ssw0rd" as the default password.
Still, its got upper, lower and numeric characters so it must be safe. - scottybowl, on 10/12/2007, -1/+10people would probably use the phrase "my password"
- Burns, on 10/12/2007, -1/+10for my passwords i usually do the one thing no one expects and make it all asteriks
- jboi, on 10/12/2007, -1/+9We use wordlists that are excluded for password use.
I don't know who is more stupid, the guy implementing a security system or the user.
The user can't be it, because he already is the biggest security risk. - matx, on 10/12/2007, -2/+10People use weak passwords becuase they are either not trained or too lazy to remeber good passwords.
I randomly generate mine, takes me a few times to remeber it completly though, but hard to guess. - ccanni1028, on 10/12/2007, -2/+9foolfromhell - Linksys default is no name and pasword is "admin"
- chicken101, on 10/12/2007, -1/+8Just like combinations to locks, it's usually their children's/husband's/wife's or dog's birth date. It's a number people can remember the most easily, and when people go to choose a combination, it's the number most readily available in one's mind. I'd guess 1/2 combinations on safes are birth dates.
- inactive, on 10/12/2007, -1/+8Steve Gibson had a decent idea for passwords especially for those that like to use the same passwords over and over
making up an algorithm you use for all passwords
like say birth date combined with site name. capitalize every other letter
so my digg pass would be 04D20i19G69g
every site could be unique and yet secure
you could argue single point of failure but if you are just going to use the same password for all sites that is probably a weaker point of failure. - Nanobe, on 10/12/2007, -2/+8I've memorized about a dozen 10-letter passwords consisting of random numbers and letters. The trick is to pick letters and numbers that roll together well when you say it aloud. Passwords that make tongue twisters are more difficult to memorize.
When memorizing it, it's best to close your eyes and try to write it on a sheet of paper. If you forget a letter, then look quickly, close your eyes, and try again. Repeat until you can write it out without looking. Then write it out a dozen times in a row. Take a ten minute break with something that requires moderate focus, and then sit down and try to write the password from memory again. This technique really drives it into long-term memory, and it has worked like a charm for me. Just make sure you properly dispose of the paper afterwards. ;) - inactive, on 10/12/2007, -3/+9Yeah ... i mean, everyone remembers the commercial where the kids break into the firesafe by guessing important dates of their parents - anniversary, birthdays, etc. They get it open after the second guess and the kid pulls the gun out and they look at it in awe. The commercial cuts to black and you hear a gunshot.
Boy, those 'rents must have felt stupid. Leaving their kids alone in a room with a gun safe, using a dumb password, AND leaving a LOADED gun in a safe. - moylan, on 10/12/2007, -0/+5if its a large company i'd make a bet that at least one of the users is using the password
11111111111111
my favourite example of user dumbness was the user who used the make of their monitor as their password. when their screen died we replaced it only to get a call that the user couldn't log in anymore. it was a different make of monitor and the user was trying to log in with their 'new' password. - queefer, on 10/12/2007, -0/+5People are idiots, I've had a simple password for years and nobody was able to guess it. It just takes a simple key logger to find a password like *$#&(IDFJ#)_ ! ~. You don't need complex passes, as you'll just froget them eventually. Just make sure your pass has at least 5 letters and 3 numbers. And make sure it aint obvious, like andrew123. Its better to make up a word as a pass then put 3 random digits.
Some tips:
1) When signing in to an account, make sure no ones behind your back looking at your keyboard.
2) Don't sign in to anything important in a PUBLIC computer
3) Have different passes for different sites so if someone guesses one pass, you're not *****.
4) Don't download porn213.exe
5) Don't tell your friends your ***** pass! - scottybowl, on 10/12/2007, -2/+6Stupid is as stupid does. A rule I try to live by as a developer is that there is no such thing as a stupid user, only a stupid developer. A system should be idiot proof, so in this example, the system should detect weak passwords and ask the user to try something more secure. On the flip side, they may just write down the password onto a post-it note because they can't remember it and stick it to their monitor for the world to see..
- Hyperion, on 10/12/2007, -1/+5Even better is to use the first letters of the words of a randomly created phrase/sentence, randomly capitalize, and add a few numbers to the mix.
For example, you might change "I love to eat hats do you" to "iLt3HdY". Easy to remember and hard to crack by others.
I read about this technique somewhere before and have been using it ever since. - titlesaysitall, on 10/12/2007, -2/+6dandyhighwayman--"I agree with this article. People need to use more complex passwords. That is why I always use 4%%GTY&*8&*_! as my password."
Can you provide a user name/email with this? an IP address would be nice too. - mikedpirone, on 10/12/2007, -0/+4I work at a computer repair company and my boss is a password freak. He makes everyone at the office change their passwords every 30 days using a password generator, but the idiots at my job usually just stick the pw on a post-it and stick it on their monitor. I guess its safer than using "password" as a password but it's still somewhat pointless.
- merreborn, on 10/12/2007, -1/+5That's pretty absurd. No, that's really absurd. There's no logical reason to say "hey, you know what? 12 character passwords aren't secure enough. We really need to move up to 14 char passwords."
Your IT department isn't going to be winning any awards any time soon. - foofightrs777, on 10/12/2007, -1/+5Don't bury me for the link. It's not my site.
https://www.grc.com/passwords.htm
Steve Gibson has made a rather nice psuedo-random passowrd generator. They're available in hex, ASCII, and alphanumeric. I'm currently using a mash up of a couple generations for my Wireless security. Suppose you could use the alphanumeric generator for a windows pass if you shortened it from the 64 chars. - ccanni1028, on 10/12/2007, -1/+4I know a bunch of people who use the last 4 digits of their card number as their PIN.
- merreborn, on 10/12/2007, -1/+4gyhuft is actually pretty insecure. It's lowercase only, alpha only, 6 chars, AND, someone sitting next to you could pretty easily "shoulder surf" that password.
Not to mention, at a rate of 1000 hashes/sec, someone could crack a 6 char lowercase alpha only password in under 4 days. 1000 hashes/sec is a very conservative estimate in some cases; for example, a malignant website operator with an MD5 hash of your password in his database could easily reach that rate. - inactive, on 10/12/2007, -1/+4Don't Phear the Reaper
- AuthorityAction, on 10/12/2007, -4/+7I used to work for a small company as their IT Consultant Guy. When I first got there the password for the server was 'password1'. The IT guy before me thought that it was secure enough, I changed it pretty quickly.
- wilwheaton, on 10/12/2007, -2/+5All the sites that require logins that really don't need them, like newspapers, for example, contribute to the degradation of password security: when people have to remember tons of passwords, they get lazy, and their passwords either become weaker, or they end up having to write down their strong passwords, just so they don't forget them.
Either way, the user is usually the weak link in the security chain.
And has anyone suggested Diceware? That's a great way to generate very random and pretty secure passwords. http://digg.com/security/Generate_secure_passwords_by_rolling_a_few_dice - Mac2492, on 10/12/2007, -0/+2She had a strong password before she got the Neopet. She changed it for some weird reason...
- SuperSloth, on 10/12/2007, -0/+2It's a play on words, guys. If you had an ounce of wit you'd see that.
- wired4u, on 10/12/2007, -2/+4damm that was my digg password
- jer2eydevil88, on 10/12/2007, -2/+4@foolfromhell & ccanni1028
Linksys routers made today are default to using admin for a username and admin for the password.
Older models used admin or blank and the password was password.
Linksys accesspoints are still commonly blank for the username and the password is either admin or password depending on the model and age.
So technically you are both correct. - brandizzle, on 10/12/2007, -0/+2My highschool has the same password for EVERYTHING. Including the accounts students are supposed to, and not supposed to use.
Then they expel us for "hacking their computers". - merreborn, on 10/12/2007, -1/+3On the other hand, I work for a web company. We got a brand new, dual xeon 3ghz debian box with 3 gig of ram, which was going to be accessible from the net for one of the services we run. I set up user accounts for the 3 of us who'd been around the longest, and set the password to the same as the username so the other two guys could log in and change their passwords.
Normally, this would be all good and fine, but one of them never changed his password. It wasn't that he didn't log in -- he used the box more than any of us -- he just was too lazy to change his password. Within a day, we got hit by some script kiddie's ssh worm, that scanned the net for ssh logins with common names, and the name set to the password.
In the future, I'll create random passwords when I create accounts, 'cause it seems anybody can get lazy, even on production servers. - Cyborg771, on 10/12/2007, -0/+2Sadly I have used "password" as my password. At my school every student has their own user profile for XP and you must change your password every few months. I cycled through all my usual passwords then realized that I had run out and couldn't use the same one twice so I had to make a new one that I wouldn't forget. I am very secure about my passwords so I wasn't worried and I never did get my account broken into.
- swanny89, on 10/12/2007, -0/+2My dad works for a university and they require all the faculty to have symbols, letters and numbers in them. The trick they teach is to come up with a phrase you are familiar with, for instance, "I play basketball at 8:00" Then convert it to Ipl4yBb@8:00.
- Ghazi, on 10/12/2007, -1/+3You'd be amazed how many people use 1234 as their PIN also (whether for ATM acces, voicemail access, or whatever).
- Scira, on 02/12/2009, -0/+1Similar for me too.
Well not really the college, just all the MSNA classes. - kodek, on 10/12/2007, -4/+5"Because it's not protection when you use the word PASSWORD as your password."
You sure don't know what an oxymoron is, huh? - Scira, on 02/12/2009, -0/+1My "password" on my laptop is usually a 1 key password. I like the privacy of it locking when i close it for if i leave it at home (yes my moms house), or with a classmate while i run to take a piss. But I't would get annoying to have to type a long password out each time.
There's a tip for if anyone on digg ever robs or mugs me. - moylan, on 10/12/2007, -0/+1http://news.bbc.co.uk/2/hi/asia-pacific/4396831.stm
as biometrics are added to more and more locations i wonder how long before we see more of these types of stories. if a bank or job wanted me to use biometrics i'd tell them to go feck themselves! -
Show 51 - 100 of 117 discussions
Digg is coming to a city (and computer) near you! Check out all the details on our 
© Digg Inc. 2009
— Content created and posted by Digg users is