Arideni wins at blogging about important things.I probably have to change my password now (I think it's pretty strong though)
I heard that around 1 in 5 passwords are actually swear words. I'm not sure if those are the exact figures, but it's a pretty high number anyway. Can anyone confrim/deny this for me?
Yes, it is true some vulgar words or phrases are in the top 100 most common passwords. Obviously I can't put those out there on this site, nor do I condone the use of vulgar language, but they are both dirty words and cuss words.A quick search on Google will yield results concerning weak or common passwords. Try this phrase to search with, "most common passwords."
The Microsoft password-checker is silly. Here's a password that's rated "best"aaaaaaaaaaaaA1Why is that best? Because it's 12 characters long, has a captial and lower case letter, and has a number in it.Personally, my passwords usually consist of some kind of l33tspeak. Like h33dm4ic411. Add a random captial letter inside there, and voila. "Best".
You could use the code from a banknote. If you feel you need the extra security from changing password often, then that also allows an easy way to do so without the risk of forgetting the password.
Thanks for the article. I created a new account login password that registers as "Best" on the Microsoft site. Mint.
Sadly, I use one password for nearly everything I do. It's a good password, but if it gets hacked I'm sort of screwed. There's only one person in the world that knows my password: me. And I plan to keep it that way for as long as I can.I should probably start making new passwords for everything... but I just don't have that much memory left in my brain, so I probably couldn't =P
One major problem with l33t passwords is that you really aren't throwing in random numbers or using non-dictionary words...To take the word "l33t" itself as an aexample, it is really just a 'dictionary' word to start. By simple substitution of all 'e' with a '3', you are not strengthening your password. For the same reason that you can read "1 c00k3d a 5t3ak 4 d1nn3r" as "I cooked a steak for dinner" is really the same reason why it doesn't make a strong password. Any brute force attack will simply perform this simple substitution (after all its really easy for a computer and software to make these substitutions very quickly and efficiently).Now, that being said, brute force is not what is breaking into 99.99% of WoW accounts. As stated several times already, it's scams, key loggers, and general naivety that are the culprits. But for other accounts (say bank accounts, or something more important), I suggest those with l33t passwords think about changing them to something else.
This post was from a user who has deleted their account.
An authenticator is a very wise idea, but one must still be careful with their account so no one can access your information online and change details such as email addresses or even detach the Auth program from your account, rendering it useless!
I've had my account hacked and demolished once, way before the Authenticators were ever out.I wrote an Excel spreadsheet that randomly generates passwords 16 digits long, and I change it weekly.These are the kind of passwords that it generates:c26y"95xn6x8cyceq9%m8nijwg"qv4t51fai%8hy%sttakn4r5huby5875j!%8taI also keep a tracking list of used passwords, so I never repeat a password.(By the way, the ones I've listed have never been used, and they won't be now. ;)
Changing passwords frequently introduces potential security holes in that the new password may not be as secure as the old one. One such example is that the above user, Kerrianne, noted she uses a spreadsheet to generate a 16-digit password each week. With so many passwords, surely one could find a pattern of some sort. Each time that password is changed via the spreadsheet the chance of it being cracked is increased.In fact, the authenticator is unique in that it cannot be "undone" without the key which only Blizzard possesses, and which is different for each physical device. Furthermore, it takes physical access to retrieve as opposed to being data on a hard disk which can be accessed, possibly remotely in Kerrianne's case.