Password to log in here...

[t0w3r]

Why does the passwd to log into this forum have to be long and complicated, now I'm going to forget my 32 characters long passwd no thanks to you guys.
yeah I'm pissed, my passwd on here should be simple, not 32 characters long, that's so lame! Please let me know why its like this !!!

Thanks!!!

[xenopeek]

Same question was asked earlier. See my response here: viewtopic.php?f=58&t=284306#p1571230

Stay safe online. Use a unique password for every website and make it long enough.

[rene]

Stay safe online. Use a unique password for every website and make it long enough.

Just making it long enough is however not what this website requires. It requires making it long enough (10 to 32 characters), having it be mixed case, having it contain numbers, having it contain symbols. This enormous specificity of requirements interferes tremendously with people's own systems of generating safe passwords, either manually or even through a password manager. I haven't yet encountered one that (by default) goes that far overboard with the specificity.

Personally the symbols requirement is what I feel to be worst; symbols tend to be on different keys on different national keyboards, either actual ones or un- or wrongly such configured ones, and over anything from physical ones to a few thousand different implementations of on-screen keyboards on only slightly fewer types of devices. I'm sure however that others will have other issues; the overblown specificity of requirements on the forum here almost guarantees running into some issue that doesn't fit a personal system.

And, as the person in the thread you linked to commented, what therefore happens in practice is people in fact end up compromising security by e.g. writing it down or having an over all such websites shared standard 12 or so symbol password that fits the most expansive of requirements imaginable. An example of how theoretical "security" leads to non-useability and/or worse practical security.

[xenopeek]

Easy to remember passwords just need a hint of creativity. Like blue5$JAYS, R3n+St1mpy, and so on. Dropping the complexity requirement would need increasing the minimum length requirement to at least 13 characters. We would get complaints about that as well.

Our reason for the password requirements are clear I think. Attacks happen all the time on the internet, see https://informationisbeautiful.net/visu ... hes-hacks/ for an overview of the largest (known) successful attacks.

[rene]

Our reason for the password requirements are clear I think.

They aren't but I'm very aware that you will continue to believe they are. Your site...

[karlchen]

Hi, Rene, t0w3r.

You should be able to understand that the Mint makers set up the password requirements in the way they did in order to spare you, the forum users, and the forum management team the trouble of your forum accounts being hacked too easily, simply because you chose too simple passwords.
One thing is sure, the same people who now whine about too strict password requirements will be the same people who cry out loudest in case their forum accounts should be hacked by guessing their overly simplistic, but very convenient passwords.
We all have to sacrifice a little bit of convenience in order to make our accounts more secure.

Best regards,
Karl

[trytip]

i have all my password saved in a text file then encrypted with a gpg2 4096 key, but then i forgot that passphrase to decrypt it then i started saving bits and pieces in hidden places in all my 5 internal drives but yes you guessed it i have no clue where most of them are now
i would say a fingerprint or retina scanner would be perfect were it for the fact that someone cut still cut my fingers and remove my eye sockets if they needed my passwords so nothing is foolproof unless you have a photographic memory.
but then again if the government implanted a chip in my brain to read my thought they could easily find out more than the passwords i'm trying to hide

[mrmajik45]

If you don't care. Write it onto a note or something.

[karlchen]

i would say a fingerprint or retina scanner would be perfect were it for the fact that someone cut still cut my fingers and remove my eye sockets if they needed my passwords so nothing is foolproof unless you have a photographic memory.

If you had followed the relevant media carefully, you would know that e.g. our smart smart phones can be fooled by good photographs of fingerprints and retina scans.
The good thing: no need to kill you in order to get your fingerprints and your retina scan.
The bad news: ain't secure, either.
--
About passwords on a piece of paper:
Provided you keep it to yourself and do not forget where you left it, it ain't half as bad as everyone assumes.
Onine attackers will gain access to unencrypted password lists, stored on your computer much more easily, than they will be able to pick a piece of paper from the drawer in your wooden desktop. On the one hand. On the other hand, a piece of paper may be found by good old fashioned burglars.

[cliffcoggin]

A year ago I had to create an account with password on a web site. I tried the same 9 character password I used at that time on all non-critical sites, but it was rejected as not secure enough. I tried various memorable passwords but all were rejected as insecure. In frustration I tried 0123456789 and it was accepted! At that point I decided I could no longer rely on the security restrictions that commercial companies impose, so I now have a password manager and am happy to have passwords of many dozens of characters each.

[lsemmens]

If you are NOT worried about security, sticky notes all over your screen work.

For the rest of us, place them all in a secure file on your computer.

[jglen490]

It's all about risk management.

if you live in a concrete bunker, on the bottom of the ocean, with no doors or windows, and no cameras inside your bunker, then clear text sticky notes with your passwords written out, won't be a security problem.

If you live in a glass house, with all your passwords in an encrypted file always referenced electronically, with no keyboard entry required, you won't have much of a security problem.

Software is not magic - even encrypted files. Assume such files are always crackable. If you are a low value target (i.e., you don't give away all you financial, travel, or family secrets via social media), you probably will not have a security problem.

If you use the same password on every site you visit, even if you have it securely locked away on your PC, you will have a security problem because you are depending on the "give-a-darn" level of every site you visit.

It's all about risk management, your behavior, and your assumptions.

[trytip]

meanwhile: can you hear how many keys she's pressing ? now that's a good memory. then at 4:50 a user said " i write all my passwords on my monitor with a sharpie" good idea
https://youtu.be/vFXUAy4aOoM?t=225

[BG405]

Complex passwords are like having decent locks on your doors. Weak passwords on the other hand are like those found on employee lockers and cash tins, etc. and I've seen the latter two opened in seconds. Following the hack on here a few years ago, it's not surprising that account security is taken seriously. I certainly wouldn't want someone hacking mine & posting something malicious on here, so reasonably strong passwords are a must.

If you write them down somewhere, it requires physical access i.e. the thief actually finding them, in which case a computer with stored passwords is probably an easier target whilst burglars aren't going to spend more time than necessary looking for a bit of paper hidden somewhere, so, I think for a home system, having notes (especially self-encrypted ones) isn't a bad idea, IMHO.

Self-encryption works for me without notes and I'm sure it can work for most people. If you have a few schemes you use for passwords, you can make them unique for each site without having to remember the entire password verbatim. This can include stuff like character substitiution (can take care of the symbols and numbers) along with something unique and not too easy for others to guess.

Just my 2p worth.

[Schultz]

A passphrase would be easier to remember. How about something like: Iliketoeat2eggs&toastforbreakfast (no this is not my password). It is at least 32 characters, contains a number, a capital, and a symbol. It took me about 10 seconds to think of it. Not hard to think of, or to remember. There's a lot more important things to complain about.

[mrmajik45]

Put the password into the root's home folder. So someone can only get it with your computers password. (The one you can easily remember)

[MrEen]

Put the password into the root's home folder. So someone can only get it with your computers password. (The one you can easily remember)

???

Code: Select all

ls -la /

[Pierre]

the Cartoonist xkcd. made a Password Creation Suggestion,
that did get semi-famous, amongst the Geek World:
https://xkcd.com/936/
there is similar methods, that do get recommended, as well:
- all in the name-of-creating a Better Password System.

whilst this site:
https://www.howtogeek.com/195430/how-to ... member-it/
has a Very Good Suggestion, on how-to-make-a-strong-password ..

then stash all of those New Passwords in a Text File:
- stored in your /documents Folder - with an unique name, that you can remember.
or
- stored on your Usb Flash Stick, like trytip said - but should you encrypt that ? or just the file itself ?
or just pull that Usb Flash Stick from it's usb port & drop it into your pocket, when you exit that computer room ?
- - even better idea .. ..

[MartyMint]

I put all my passwords in plain text in a text file. Then I put the text file in a folder and encrypt the folder.
So the only password I really have to remember from memory is the encryption key.

I typically email myself the folder, or have it on cloud storage so I can pull it down to any new machine and have all my passwords ready to read.

[BG405]

This thread has reminded me that I used to use RoboForm (paid for) on Windows. I'm sure there are similar, free utilities for Linux but I'm not on my Mint machine at the moment so can't check to see what's in the repos; will hopefully remember to do so when I get back. I do use sync in my browsers with a master password for non-critical stuff so hope these are secure enough as when syncing a new browser installation, the master password is not enabled by default. I have no idea what encryption is used with browser sync (Firefox and Waterfox) with regard to stored passwords or other stuff.