How Complex Does Your Password Have To Be?

[Zalc]

I used to use it

Also:
 https://lastpass.com/support.php?cmd=showfaq&id=6036

How many times should I try it? 

It depends, tapatalk might glitch and do it 4 times!

[skyguy918]

This one is pretty simple to crack: 3Nz@g0DILJuPY!cFYXeSs6EJ

Fantastic. Now explain how you remember it.

[yesitsme]

It's not just about length of the password but also what the makeup of the password is, nobody really sits there and tries to brute force passwords anymore, they use databases of already cracked passwords and run those through instead. The idea of using Hebrew or Yiddish phrases is actually a really good idea (because they most likely aren't in the data bases being used) as is lastpass. This is a great video if you want to know more about how passwords are actually cracked. [ Invalid YouTube link ]

Bcrypt is the hashing algorithm to use, every time you encrypt something it generates a different fixed length string ie $2y$12$QjSH496pcT5CEbzjD/vtVeH03tfHKFy36d4J0Ltp3lRtee9HDxY3K

Anthony Ferrara slideshow
https://www.slideshare.net/ircmaxell/password-storage-and-attacking-in-php
happens to be I love reading every post of his
https://blog.ircmaxell.com/
https://www.slideshare.net/ircmaxell
https://blog.ircmaxell.com/2012/12/seven-ways-to-screw-up-bcrypt.html

Anthony developed the php bcrypt compatibility library and he suggests that all[Most] these paswords mentioned over here are wrong

[skyguy918]

Bcrypt is the hashing algorithm to use, every time you encrypt something it generates a different fixed length string ie $2y$12$QjSH496pcT5CEbzjD/vtVeH03tfHKFy36d4J0Ltp3lRtee9HDxY3K

Anthony Ferrara slideshow
https://www.slideshare.net/ircmaxell/password-storage-and-attacking-in-php
happens to be I love reading every post of his
https://blog.ircmaxell.com/
https://www.slideshare.net/ircmaxell
https://blog.ircmaxell.com/2012/12/seven-ways-to-screw-up-bcrypt.html

Anthony developed the php bcrypt compatibility library and he suggests that all[Most] these paswords mentioned over here are wrong

I'll ask the same question. What about the password for the password manager?

[yesitsme]

I'll ask the same question. What about the password for the password manager?

enable Multifactor Authentication.

[good sam]

https://www.technologyreview.com/s/542576/youve-been-misled-about-what-makes-a-good-password/

According to this, my above explanation is outdated.  Never-the-less, they don't recommend short.

The hacker in Mr. Robot feeds relevant info into his software to crack passwords. Birthday, anniversary, children's names, dogs' names etc. If accurate, I see why short and long wouldn't make a difference.

[skyguy918]

The hacker in Mr. Robot feeds relevant info into his software to crack passwords. Birthday, anniversary, children's names, dogs' names etc. If accurate, I see why short and long wouldn't make a difference.

That's only matters if your password contains those things. Take out that factor and length makes a big difference.

[Yammer]

I'll ask the same question. What about the password for the password manager?

I use Google passwords and have 2 step verification on the account.

[Boruch999]

I'll ask the same question. What about the password for the password manager?

Make one random (or yiddish based or the like) long password for the manager and remember it.  For the rest make individual random long passwords (my manager will generate.)

[yitrap]

All of you discussing how you formulate your passwords are obviously reusing the same passwords on multiple websites, (unless you claim to remember 100+ passwords.)
This is the WORST idea you can have.

You can create a formula that changes for each website but the logic remains making it easy to remember.

[1234567]

Bcrypt is the hashing algorithm to use, every time you encrypt something it generates a different fixed length string ie $2y$12$QjSH496pcT5CEbzjD/vtVeH03tfHKFy36d4J0Ltp3lRtee9HDxY3K

Anthony Ferrara slideshow
https://www.slideshare.net/ircmaxell/password-storage-and-attacking-in-php
happens to be I love reading every post of his
https://blog.ircmaxell.com/
https://www.slideshare.net/ircmaxell
https://blog.ircmaxell.com/2012/12/seven-ways-to-screw-up-bcrypt.html

Anthony developed the php bcrypt compatibility library and he suggests that all[Most] these paswords mentioned over here are wrong

https://security.stackexchange.com/questions/62832/is-the-oft-cited-xkcd-scheme-no-longer-good-advice

[ChaimMoskowitz]

Fantastic. Now explain how you remember it.

I change it once a year and just memorize it. Parts of it do mean something.

[aradisc]

Everyone here can guess my Yiddish phrases, so I have to switch to Ladino or Judeo-Arabic instead. 

Actually I just signed up for LastPass families ($48 year, vs $24 for individual) and am gifting it to some relatives who I know aren't using strong passwords. It may not sound like much of a gift, but if it stops a single instance of identity theft... The sharing and contingency features of families are good too for emergencies https://helpdesk.lastpass.com/emergency-access/

[JoeyShmoe]

Everyone here can guess my Yiddish phrases, so I have to switch to Ladino or Judeo-Arabic instead. 

Actually I just signed up for LastPass families ($48 year, vs $24 for individual) and am gifting it to some relatives who I know aren't using strong passwords. It may not sound like much of a gift, but if it stops a single instance of identity theft... The sharing and contingency features of families are good too for emergencies https://helpdesk.lastpass.com/emergency-access/

With families you can give someone access without them getting your passwords?

[skyguy918]

Make one random (or yiddish based or the like) long password for the manager and remember it.  For the rest make individual random long passwords (my manager will generate.)

And now you've arrived at my position from the start.

[Zalc]

Everyone here can guess my Yiddish phrases, so I have to switch to Ladino or Judeo-Arabic instead. 

Actually I just signed up for LastPass families ($48 year, vs $24 for individual) and am gifting it to some relatives who I know aren't using strong passwords. It may not sound like much of a gift, but if it stops a single instance of identity theft... The sharing and contingency features of families are good too for emergencies https://helpdesk.lastpass.com/emergency-access/

Can't you have them sign up for their own free lastpass?

Edit:
The free version has some pretty good contingencies as well:

One time passwords, recovery emails etc.