Page 1 of 4 123 ... LastLast
Results 1 to 10 of 31

Thread: Password Strength

  1. #1
    Join Date
    Jan 2013
    Location
    Ireland
    Beans
    38
    Distro
    Lubuntu 13.04 Raring Ringtail

    Password Strength

    Hey just wondering if any of you can shed some light on how the figure of 15+ characters (including at least 3 of each character type) was arrived at for being a "strong password"? Just curious with the recent goings on..
    Last edited by stevesy; August 8th, 2013 at 10:22 PM. Reason: wording

  2. #2
    Join Date
    Jun 2013
    Beans
    Hidden!
    Distro
    Ubuntu Studio

    Re: Password Strength

    You might find reading the WIKIPEDIA for Passwords helpful.

  3. #3
    Join Date
    Mar 2009
    Beans
    1,290

    Re: Password Strength

    My personal slant on it is that most people pick passwords like p@55Wrd which in my mind aren't that much better than a plain text password.

    You need to be able to remember the password and type it fairly easily, but randomness and non-word-ness (I invented that, don't look it up) make more sense to me.

    I generated a dsa key and called it passwordsource, and when I need a new password I copy some text out of that. Sometimes I add a character so more groups are represented.

    I don't agree with 3 characters of each type. That's adding predictability to the password. More groups is good.

    One thing I do is remember a long password, mentally break it into groups that I can remember, and then combine different groups to make different passwords. Those passwords are STILL at least 12 characters and totally random DSA key segments, but I find I can remember more passwords this way.

  4. #4
    Join Date
    Jan 2013
    Location
    Ireland
    Beans
    38
    Distro
    Lubuntu 13.04 Raring Ringtail

    Re: Password Strength

    I was hoping for a more, human touch. But yeah slw210 that's perfect, thanks : ]

  5. #5
    Join Date
    Aug 2013
    Location
    Planet Earth
    Beans
    Hidden!
    Distro
    Lubuntu

    Re: Password Strength

    I find using a adjective+noun+randomnumbers password to be best.
    You can play around with capitalisation and short forms and such while still keeping it memorable as it has something human to it.
    I think you can make any password - however complicated- memorable, as long as you create a meaning around it yourself.

  6. #6
    Join Date
    Nov 2011
    Beans
    1,043
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Password Strength

    I'm not aware of anyone designating 15 characters as a password threshold. Longer passwords are generally held to take longer to crack than shorter passwords.

  7. #7
    Join Date
    Jan 2013
    Location
    Ireland
    Beans
    38
    Distro
    Lubuntu 13.04 Raring Ringtail

  8. #8
    Join Date
    Nov 2011
    Beans
    1,043
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Password Strength

    Ah... well, we still don't know, because they don't site any sources or support. If they're going to say something "is defined" they really ought to tell us who's doing the defining and why. An anonyous post in Ubuntu's help site won't cut it.

    I'm certainly not arguing that a 15-character password is no better than, say, an 8-character password. But, if there's evidence that using 15 characters is a threshold that introduces a new level of protection, I'm curious.

    Otherwise, I'll assume it's just another of those "they say" things that float endlessly around the net.

    Make your passwords as long and as messy and as irrational as you can cope with. I generate mine by having a lengthy nonsense character string based on a mnemonic that is based, in turn, on a phrase describing events known only to me (and it includes deliberate errors in case someone gets lucky guessing). I wrap that within two strings taken from a single long string that I generate, in my head, using an algorithm I've memorized that is applied to a unique feature of each site requiring a password. That gives me a rather long unique password for each site. I only need to remember the core sequence because I generate the rest of each password on the fly each time I need it. I doubt if they are quite as foolproof as a 100-character random string generated by a password manager. Since I really don't like using a password manager, it will hafta do.

  9. #9
    Join Date
    Sep 2005
    Location
    Rural Nevada, USA
    Beans
    289
    Distro
    Kubuntu 13.10 Saucy Salamander

    Re: Password Strength

    I forget all my passwords regularly, no matter how easy to remember they are.

  10. #10
    Join Date
    Jan 2011
    Location
    Kansas City, KS
    Beans
    1,273
    Distro
    Ubuntu 13.10 Saucy Salamander

    Re: Password Strength

    Quote Originally Posted by buzzingrobot
    Ah... well, we still don't know, because they don't site any sources or support. If they're going to say something "is defined" they really ought to tell us who's doing the defining and why. An anonyous post in Ubuntu's help site won't cut it.
    For what it's worth, 15 characters matches the NIST guideline from the Wikipedia page for case-sensitive alphabetical passwords. (Not case-sensitive alphanumeric, which is 14, but still.)
    ~ I know I shouldn't use tildes for decoration, but they always make me feel at home. ~

Page 1 of 4 123 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •