Password to log in here...

Questions about the project and the distribution - obviously no support questions here please
t0w3r
Level 1
Level 1
Posts: 1
Joined: Wed Jan 09, 2019 2:08 pm

Password to log in here...

Post by t0w3r » Wed Jan 09, 2019 2:16 pm

Why does the passwd to log into this forum have to be long and complicated, now I'm going to forget my 32 characters long passwd no thanks to you guys.
:evil: yeah I'm pissed, my passwd on here should be simple, not 32 characters long, that's so lame! Please let me know why its like this !!!

Thanks!!!

User avatar
xenopeek
Level 24
Level 24
Posts: 24096
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: Password to log in here...

Post by xenopeek » Wed Jan 09, 2019 3:45 pm

Same question was asked earlier. See my response here: viewtopic.php?f=58&t=284306#p1571230

Stay safe online. Use a unique password for every website and make it long enough.
Image

rene
Level 12
Level 12
Posts: 4150
Joined: Sun Mar 27, 2016 6:58 pm

Re: Password to log in here...

Post by rene » Wed Jan 09, 2019 8:24 pm

xenopeek wrote:
Wed Jan 09, 2019 3:45 pm
Stay safe online. Use a unique password for every website and make it long enough.
Just making it long enough is however not what this website requires. It requires making it long enough (10 to 32 characters), having it be mixed case, having it contain numbers, having it contain symbols. This enormous specificity of requirements interferes tremendously with people's own systems of generating safe passwords, either manually or even through a password manager. I haven't yet encountered one that (by default) goes that far overboard with the specificity.

Personally the symbols requirement is what I feel to be worst; symbols tend to be on different keys on different national keyboards, either actual ones or un- or wrongly such configured ones, and over anything from physical ones to a few thousand different implementations of on-screen keyboards on only slightly fewer types of devices. I'm sure however that others will have other issues; the overblown specificity of requirements on the forum here almost guarantees running into some issue that doesn't fit a personal system.

And, as the person in the thread you linked to commented, what therefore happens in practice is people in fact end up compromising security by e.g. writing it down or having an over all such websites shared standard 12 or so symbol password that fits the most expansive of requirements imaginable. An example of how theoretical "security" leads to non-useability and/or worse practical security.

User avatar
xenopeek
Level 24
Level 24
Posts: 24096
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: Password to log in here...

Post by xenopeek » Thu Jan 10, 2019 4:48 am

Easy to remember passwords just need a hint of creativity. Like blue5$JAYS, R3n+St1mpy, and so on. Dropping the complexity requirement would need increasing the minimum length requirement to at least 13 characters. We would get complaints about that as well.

Our reason for the password requirements are clear I think. Attacks happen all the time on the internet, see https://informationisbeautiful.net/visu ... hes-hacks/ for an overview of the largest (known) successful attacks.
Image

rene
Level 12
Level 12
Posts: 4150
Joined: Sun Mar 27, 2016 6:58 pm

Re: Password to log in here...

Post by rene » Thu Jan 10, 2019 5:03 am

xenopeek wrote:
Thu Jan 10, 2019 4:48 am
Our reason for the password requirements are clear I think.
They aren't but I'm very aware that you will continue to believe they are. Your site...

User avatar
karlchen
Level 20
Level 20
Posts: 11309
Joined: Sat Dec 31, 2011 7:21 am
Location: Germany

Re: Password to log in here...

Post by karlchen » Thu Jan 10, 2019 11:20 am

Hi, Rene, t0w3r.

You should be able to understand that the Mint makers set up the password requirements in the way they did in order to spare you, the forum users, and the forum management team the trouble of your forum accounts being hacked too easily, simply because you chose too simple passwords.
One thing is sure, the same people who now whine about too strict password requirements will be the same people who cry out loudest in case their forum accounts should be hacked by guessing their overly simplistic, but very convenient passwords.
We all have to sacrifice a little bit of convenience in order to make our accounts more secure.

Best regards,
Karl
Image
Linux Mint 19.2 32-bit xfce Desktop, Total Commander 9.22a 32-bit
Haß gleicht einer Krankheit, dem Miserere, wo man vorne herausgibt, was eigentlich hinten wegsollte. (Goethe)

User avatar
trytip
Level 11
Level 11
Posts: 3690
Joined: Tue Jul 05, 2016 1:20 pm

Re: Password to log in here...

Post by trytip » Thu Jan 10, 2019 12:00 pm

i have all my password saved in a text file then encrypted with a gpg2 4096 key, but then i forgot that passphrase to decrypt it :oops: then i started saving bits and pieces in hidden places in all my 5 internal drives but yes you guessed it i have no clue where most of them are now
i would say a fingerprint or retina scanner would be perfect were it for the fact that someone cut still cut my fingers and remove my eye sockets if they needed my passwords so nothing is foolproof unless you have a photographic memory.
but then again if the government implanted a chip in my brain to read my thought they could easily find out more than the passwords i'm trying to hide :lol:
Image

User avatar
mrmajik45
Level 5
Level 5
Posts: 597
Joined: Tue Aug 29, 2017 9:51 pm
Location: USA, indiana
Contact:

Re: Password to log in here...

Post by mrmajik45 » Thu Jan 10, 2019 1:15 pm

If you don't care. Write it onto a note or something.
ReactOS Donator ~ $5.00 | Linux Mint Donator ~ $1.00 in BTC

User avatar
karlchen
Level 20
Level 20
Posts: 11309
Joined: Sat Dec 31, 2011 7:21 am
Location: Germany

Re: Password to log in here...

Post by karlchen » Thu Jan 10, 2019 1:39 pm

trytip wrote:
Thu Jan 10, 2019 12:00 pm
i would say a fingerprint or retina scanner would be perfect were it for the fact that someone cut still cut my fingers and remove my eye sockets if they needed my passwords so nothing is foolproof unless you have a photographic memory.
If you had followed the relevant media carefully, you would know that e.g. our smart smart phones can be fooled by good photographs of fingerprints and retina scans.
The good thing: no need to kill you in order to get your fingerprints and your retina scan.
The bad news: ain't secure, either.
--
About passwords on a piece of paper:
Provided you keep it to yourself and do not forget where you left it, it ain't half as bad as everyone assumes.
Onine attackers will gain access to unencrypted password lists, stored on your computer much more easily, than they will be able to pick a piece of paper from the drawer in your wooden desktop. On the one hand. On the other hand, a piece of paper may be found by good old fashioned burglars.
Image
Linux Mint 19.2 32-bit xfce Desktop, Total Commander 9.22a 32-bit
Haß gleicht einer Krankheit, dem Miserere, wo man vorne herausgibt, was eigentlich hinten wegsollte. (Goethe)

cliffcoggin
Level 4
Level 4
Posts: 467
Joined: Sat Sep 17, 2016 6:40 pm
Location: England

Re: Password to log in here...

Post by cliffcoggin » Thu Jan 10, 2019 2:15 pm

A year ago I had to create an account with password on a web site. I tried the same 9 character password I used at that time on all non-critical sites, but it was rejected as not secure enough. I tried various memorable passwords but all were rejected as insecure. In frustration I tried 0123456789 and it was accepted! At that point I decided I could no longer rely on the security restrictions that commercial companies impose, so I now have a password manager and am happy to have passwords of many dozens of characters each.
Cliff Coggin
Mint 18.3 Cinnamon

User avatar
lsemmens
Level 8
Level 8
Posts: 2423
Joined: Wed Sep 10, 2014 9:07 pm
Location: Rural South Australia

Re: Password to log in here...

Post by lsemmens » Thu Jan 10, 2019 9:47 pm

If you are NOT worried about security, sticky notes all over your screen work.

For the rest of us, place them all in a secure file on your computer.
Kernel: 4.15.0-46-generic x86_64 bits
Desktop: Cinnamon 3.8.9
Distro: Linux Mint 19 Tara

Laptop HP-ProBook-470-G2 8Gb RAM SSD
Server AMD Phenom 9650 - GEForce 9400GT 6Gb RAM
+ three other Mint machines
Out of my mind - please leave a message

jglen490
Level 5
Level 5
Posts: 642
Joined: Sat Jul 15, 2017 9:57 pm

Re: Password to log in here...

Post by jglen490 » Fri Jan 11, 2019 12:59 pm

It's all about risk management.

if you live in a concrete bunker, on the bottom of the ocean, with no doors or windows, and no cameras inside your bunker, then clear text sticky notes with your passwords written out, won't be a security problem.

If you live in a glass house, with all your passwords in an encrypted file always referenced electronically, with no keyboard entry required, you won't have much of a security problem.

Software is not magic - even encrypted files. Assume such files are always crackable. If you are a low value target (i.e., you don't give away all you financial, travel, or family secrets via social media), you probably will not have a security problem.

If you use the same password on every site you visit, even if you have it securely locked away on your PC, you will have a security problem because you are depending on the "give-a-darn" level of every site you visit.

It's all about risk management, your behavior, and your assumptions.
I feel more like I do than I did when I got here.
Toshiba A135-S2386, Intel T2080, ATI Radeon® Xpress 200M Chipset, 2GB RAM, 500GB

User avatar
trytip
Level 11
Level 11
Posts: 3690
Joined: Tue Jul 05, 2016 1:20 pm

Re: Password to log in here...

Post by trytip » Fri Jan 11, 2019 8:51 pm

meanwhile: can you hear how many keys she's pressing ? :lol: now that's a good memory. then at 4:50 a user said " i write all my passwords on my monitor with a sharpie" good idea
https://youtu.be/vFXUAy4aOoM?t=225
Image

User avatar
BG405
Level 7
Level 7
Posts: 1884
Joined: Fri Mar 11, 2016 3:09 pm
Location: England

Re: Password to log in here...

Post by BG405 » Mon Jan 14, 2019 4:40 pm

Complex passwords are like having decent locks on your doors. Weak passwords on the other hand are like those found on employee lockers and cash tins, etc. and I've seen the latter two opened in seconds. Following the hack on here a few years ago, it's not surprising that account security is taken seriously. I certainly wouldn't want someone hacking mine & posting something malicious on here, so reasonably strong passwords are a must.

If you write them down somewhere, it requires physical access i.e. the thief actually finding them, in which case a computer with stored passwords is probably an easier target whilst burglars aren't going to spend more time than necessary looking for a bit of paper hidden somewhere, so, I think for a home system, having notes (especially self-encrypted ones) isn't a bad idea, IMHO.

Self-encryption works for me without notes and I'm sure it can work for most people. If you have a few schemes you use for passwords, you can make them unique for each site without having to remember the entire password verbatim. This can include stuff like character substitiution (can take care of the symbols and numbers) along with something unique and not too easy for others to guess.

Just my 2p worth. :)
Dell Inspiron 1525 - LM17.3 CE 64-------------------Lenovo T440 4GB - Manjaro KDE, LM17.3 KDE 32
Toshiba NB250 - Manjaro KDE------------------------K7S5A AMD 1.2GHz - LM17.3 Xfce 32 & WinXP-Pro
Acer Aspire E11 ES1-111M - LM18.2 KDE 64 ----Dell PII 350 64MB - Puppy 4.3 & Win98-SE

User avatar
Schultz
Level 7
Level 7
Posts: 1613
Joined: Thu Feb 25, 2016 8:57 pm

Re: Password to log in here...

Post by Schultz » Mon Jan 14, 2019 6:22 pm

A passphrase would be easier to remember. How about something like: Iliketoeat2eggs&toastforbreakfast (no this is not my password). It is at least 32 characters, contains a number, a capital, and a symbol. It took me about 10 seconds to think of it. Not hard to think of, or to remember. There's a lot more important things to complain about. :wink:

User avatar
mrmajik45
Level 5
Level 5
Posts: 597
Joined: Tue Aug 29, 2017 9:51 pm
Location: USA, indiana
Contact:

Re: Password to log in here...

Post by mrmajik45 » Mon Jan 14, 2019 10:37 pm

Put the password into the root's home folder. So someone can only get it with your computers password. (The one you can easily remember)
ReactOS Donator ~ $5.00 | Linux Mint Donator ~ $1.00 in BTC

User avatar
MrEen
Level 13
Level 13
Posts: 4967
Joined: Mon Jun 12, 2017 8:39 pm

Re: Password to log in here...

Post by MrEen » Mon Jan 14, 2019 10:50 pm

mrmajik45 wrote:
Mon Jan 14, 2019 10:37 pm
Put the password into the root's home folder. So someone can only get it with your computers password. (The one you can easily remember)
???

Code: Select all

ls -la /

User avatar
Pierre
Level 19
Level 19
Posts: 9049
Joined: Fri Sep 05, 2008 5:33 am
Location: Perth, AU.

Re: Password to log in here...

Post by Pierre » Mon Jan 14, 2019 11:08 pm

the Cartoonist xkcd. made a Password Creation Suggestion,
that did get semi-famous, amongst the Geek World:
https://xkcd.com/936/
there is similar methods, that do get recommended, as well:
- all in the name-of-creating a Better Password System.

whilst this site:
https://www.howtogeek.com/195430/how-to ... member-it/
has a Very Good Suggestion, on how-to-make-a-strong-password ..

then stash all of those New Passwords in a Text File:
- stored in your /documents Folder - with an unique name, that you can remember.
or
- stored on your Usb Flash Stick, like trytip said - but should you encrypt that ? or just the file itself ?
or just pull that Usb Flash Stick from it's usb port & drop it into your pocket, when you exit that computer room ?
- - even better idea .. ..
8)
Image
Please edit your original post title to include [SOLVED] - when your problem is solved!
and DO LOOK at those Unanswered Topics - - you may be able to answer some!.

User avatar
MartyMint
Level 5
Level 5
Posts: 953
Joined: Thu Dec 27, 2012 10:50 pm

Re: Password to log in here...

Post by MartyMint » Tue Jan 15, 2019 7:58 pm

I put all my passwords in plain text in a text file. Then I put the text file in a folder and encrypt the folder.
So the only password I really have to remember from memory is the encryption key.

I typically email myself the folder, or have it on cloud storage so I can pull it down to any new machine and have all my passwords ready to read.

User avatar
BG405
Level 7
Level 7
Posts: 1884
Joined: Fri Mar 11, 2016 3:09 pm
Location: England

Re: Password to log in here...

Post by BG405 » Wed Jan 16, 2019 7:38 pm

This thread has reminded me that I used to use RoboForm (paid for) on Windows. I'm sure there are similar, free utilities for Linux but I'm not on my Mint machine at the moment so can't check to see what's in the repos; will hopefully remember to do so when I get back. I do use sync in my browsers with a master password for non-critical stuff so hope these are secure enough as when syncing a new browser installation, the master password is not enabled by default. I have no idea what encryption is used with browser sync (Firefox and Waterfox) with regard to stored passwords or other stuff.
Dell Inspiron 1525 - LM17.3 CE 64-------------------Lenovo T440 4GB - Manjaro KDE, LM17.3 KDE 32
Toshiba NB250 - Manjaro KDE------------------------K7S5A AMD 1.2GHz - LM17.3 Xfce 32 & WinXP-Pro
Acer Aspire E11 ES1-111M - LM18.2 KDE 64 ----Dell PII 350 64MB - Puppy 4.3 & Win98-SE

Locked

Return to “Non-technical Questions”