Follow

Quick update regarding passwords:

"12345" is commonly considered unsafe since 2012.

According to experts "1234567" will still be safe until 2023, at which point you should probably change all your passwords to "12345678".

@fribbledom In the year 3020, that safe password will be |11110000>.

@fribbledom Alternative Unicode Points / Emoji versions of the numbers might be safer? 🙂

@fribbledom You ported cracklib to golang so I guess you're an expert! Thanks!

@fribbledom I’m ahead of the curve by using one2345

@fribbledom i have heard the best way for people is 4 or more randomly chosen words, for a computer use a password program.

@Green_Turtle
Just in case you were taking this seriously (sorry, can't quite tell):

I have heard that advice of using 4 "random" words (from people claiming some authority on the topic), and it is not really good advice.

1: it's 2^44 bits of entropy, not very safe these days
2: humans can't make random things up, so it's actually less
3: using the same system as many others is bad
4: password managers, people!

diogomonica.com/2014/10/11/pas
security.stackexchange.com/que

@fribbledom

@Green_Turtle @fribbledom

This one is a decent explainer of how password cracking _actually_ works and what makes a good/bad password:
invidio.us/watch?v=7U-RbOKanYs

I do two things:
1: keepass.info/ to generate passwords too complicated to remember (Win/Linux/Android/..iOS?), and store all my PWs.

2: sourceforge.net/projects/pwgen (sorry windows only...) for memorable passwords (e.g. for keepass) -- mix and match schemes, aim for >80 bits of entropy, then make a truly random sample.

@fribbledom I have a problem with my keyboard so whenever I try to input my password I could only type asterisk so then I changed my password to six or seven asterisks. Problem is I can't always remember whether it was six or seven asterisks but luckily it only freezes me out if I get it wrong three times so so far so good.

@fribbledom my fuckin homestuck brain was trying to read these like "lzeas? lzeasbt? lzeasbtb?"

@fribbledom I use the next gen authentication system on my computer.
It requires a solution in an exact ratio of 8 different bodily fluids to gain access.

@fribbledom personally I'd use

00110001 00110010 00110100 00110100 00110101 00110110 00110111 00111000 00111001

ᵉⁱᵗʰᵉʳ ᵒʳ ᵗʰᵉ ʳᵘˡᵉ ˢᵗⁱˡˡ ᵃᵖᵖˡⁱᵉˢ 😂😂

@ecksmc @fribbledom Not sure which is worse.
That I recognized the ascii value 49 as the "1" digit, or that you repeated 4 twice :P

@dissy614

number 44 symbolizes stability, support, willpower, ability, success, wholeness, inner wisdom, etc

always a reason 😉

@fribbledom

@fribbledom I mean that extra few bits of entropy does help against bots. I suppose it's not quite that direct a relationship if humans are sitting down trying it, but hey, that seems improbable right? .... Right? .... (Asking for a friend.)

@quantumcowboy

Being the most commonly used password (pretty much worldwide), I'd still program my bot to try "123456" through "123456...0" as the first couple of guesses. Then proceed with dictionary attacks.

@fribbledom That's why I use 54321. Thinking outside the box as usual.

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!