How Complex Does Your Password Have To Be?

[stooges44]

One of my hosting sites just went through an upgrade and now they are forcing a reset on all FTP passwords and these are the new requirements:

• 6 to 20 characters
• Must start with a letter
• Must contain at least one uppercase letter
• Must contain at least one lowercase letter
• Must contain at least one digit or one of the following non-alphabetic characters: !, $, *, %, -, #, @, ^, +
  e.g. My-Pa55word
• Not allowed to contain parts of the username that exceed two consecutive characters.

Most of these are the new norm but that last one threw me off and now I have to make something that I certainly wont remember and I'll have to lookup each time

 

[Boruch999]

One of my hosting sites just went through an upgrade and now they are forcing a reset on all FTP passwords and these are the new requirements:

• 6 to 20 characters
• Must start with a letter
• Must contain at least one uppercase letter
• Must contain at least one lowercase letter
• Must contain at least one digit or one of the following non-alphabetic characters: !, $, *, %, -, #, @, ^, +
  e.g. My-Pa55word
• Not allowed to contain parts of the username that exceed two consecutive characters.

Most of these are the new norm but that last one threw me off and now I have to make something that I certainly wont remember and I'll have to lookup each time

 

As computers get more powerful,  passwords must get more complex to avoid being crackable by brute force trial and error programs.  It is not so hard, if you put your mind to it, to remember a long password.  What I do from time to time is spend a minute composing a new password.  Here's an example of something I might use : [3vvA45f70sak#42.  I write it down on a paper I will carry with me for a few days.  For the first 10 or 20 times I need the pw, I'll need to look it up.  After that, it's memorized.

[ChaimMoskowitz]

Use a password manager and generate as complex as allowed. Every login you use should be different.

[aygart]

I often use various mixes of Hebrew words and gematria. Sometimes is tranliterate and sometimes use the keys of the Hebrew keyboard to type English for the corresponding gibberish.

[yuneeq]

• Must start with a letter
• Not allowed to contain parts of the username that exceed two consecutive characters.

Most of these are the new norm but that last one threw me off and now I have to make something that I certainly wont remember and I'll have to lookup each time

 

Judging by how stupid some of these are, I can almost guarantee the site stores your password in plaintext.

Just use lastpass and never look back.

[whYME]

One of my hosting sites just went through an upgrade and now they are forcing a reset on all FTP passwords and these are the new requirements:

• 6 to 20 characters
• Must start with a letter
• Must contain at least one uppercase letter
• Must contain at least one lowercase letter
• Must contain at least one digit or one of the following non-alphabetic characters: !, $, *, %, -, #, @, ^, +
  e.g. My-Pa55word
• Not allowed to contain parts of the username that exceed two consecutive characters.

Most of these are the new norm but that last one threw me off and now I have to make something that I certainly wont remember and I'll have to lookup each time

 

I just wish most sites would tell you what the password requirements are in their "incorrect password" error.

[ckmk47]

I make up a sentence and use the first letter of each word as the password.
My Amazon password might be:  IhA4totw
= I hate Amazon 4 taking over the world.    It has a natural capital and number and is unique for Amazon.


My Chase might be:  chmb48Ya           chase has my back for 8 years already

[1234567]

https://xkcd.com/936/

https://explainxkcd.com/936/

[yitrap]

There was an article saying that most people just end up putting in 1! At the end to make it a valid password... Making it a lot easier to crack

[ChaimMoskowitz]

There was an article saying that most people just end up putting in 1! At the end to make it a valid password... Making it a lot easier to crack

That's why I use "2".

[skyguy918]

There was an article saying that most people just end up putting in 1! At the end to make it a valid password... Making it a lot easier to crack

Not really. If your actual password is hard to crack (but doesn't fit the rules), adding 1! doesn't make it easier to crack. Actually using all 20 characters (the max in OP's example) makes it much harder than most of the other tricks. Make up an easy to remember phrase that's 18 characters long, and then add 1! - it actually says digit or other mark, so you can really just add the 1.

[hachover]

The US government is trying to come up with replacements for SSN and public/private key is one idea that's been presented as a substitute. The technology to store and secure the keys is getting to be very cheap and accessible, so it's not unreasonable to propose giving everyone a USB drive that's secured by biometrics instead of a social security card. This would be great for password security too (until quantum computers are invented)

[ADG]

The US government is trying to come up with replacements for SSN and public/private key is one idea that's been presented as a substitute. The technology to store and secure the keys is getting to be very cheap and accessible, so it's not unreasonable to propose giving everyone a USB drive that's secured by biometrics instead of a social security card. This would be great for password security too (until quantum computers are invented)

They already are!

[yelped]

I make up a sentence and use the first letter of each word as the password.
My Amazon password might be:  IhA4totw
= I hate Amazon 4 taking over the world.    It has a natural capital and number and is unique for Amazon.


My Chase might be:  chmb48Ya           chase has my back for 8 years already

This is the right way to do it. Great random gibberish, yet you can remember it due to it being based on a passphrase.

[skyguy918]

This is the right way to do it. Great random gibberish, yet you can remember it due to it being based on a passphrase.

It's only 8 characters. It's still much easier to crack than almost anything you do that uses the max characters allowed.

[aygart]

I would guess that right now a short password would be the safest since no one has it.

[Boruch999]

I would guess that right now a short password would be the safest since no one has it.

I believe not.  I don't precisely know how passwords/encryption work but those who work on cracking them do not sit and manually enter guesses.  They write programs that start at 0 and work their way up.  Short passwords will get cracked before long ones.

[Boruch999]

I believe not.  I don't precisely know how passwords/encryption work but those who work on cracking them do not sit and manually enter guesses.  They write programs that start at 0 and work their way up.  Short passwords will get cracked before long ones.

https://www.technologyreview.com/s/542576/youve-been-misled-about-what-makes-a-good-password/

According to this, my above explanation is outdated.  Never-the-less, they don't recommend short.

[hachover]

They already are!

Who is already doing what?

[aygart]

Just got a Firefox notification that LastPass is not compatible with the current version.