• Dear forum visitor,

    It looks as though you have not registered for a forum account, or are not signed in. In order to participate in current discussions or create new threads, you will need to register for a forum account by clicking on the link below.

    Click here to register for a forum account!

    If you already have a forum account, you can simply click on the 'Log in' button at the top right of your forum screen.

    Your Elvenar Team

Hello Finally arrived (forgot my password...grrr) Howdy from Houston!

  • Thread starter Deleted User - 849777001
  • Start date


Chef - loquacious Old Dog
Welcome and here's a rather long note on passwords.

Don't feel obligated to read any of my long missives. I'm just a wickedly fast typist and love to write. And I get wordy, sometimes as well.

So here it is.

Personally I recommend a miss-spelled password in another language, preferably one you don't speak fluently and which is targeted and used only in your line of work. In college I used "enthymeme," a Greek word. Then I changed a letter in it, and added a number. Always came out as "very strong," and it was easy to remember for ME, but hard to guess for everybody else. Of course, the paranoid would say, "don't use any word from any language, misspelled or not. Populate your password with random letters, numbers, and symbols." This does produce the strongest password. In fact, it's so strong that 95% of the time even you can't get into your account ... since you can't remember it!

If you want to know, the most popular password is "1234" followed by "12345" Yep, people still use those. Sigh. All the top passwords are like that, including "password," of course. The second tier of bad passwords are dates. Important ones to you, like wedding, birth dates and so on. Why? Because if you just start with 1/1/1900 (the earliest date most systems can handle), you only have just under 400,000 possible. And if they know your age? They start with your birthday and go up. If you've used the age of your first grandchild it takes about 10 seconds for a good computer to get there.

And because I've hacked so many user's passwords (in the course of helping them get back in), the third tier of passwords you don't want to use is the one you write down on that piece of paper stuck to the side of your monitor...or anywhere else. I once found a nice note pad with all kinds of passwords on it...though none told me to what account they belonged. I just put them in according to about when it looked like they were written down (since people fill things up from the front to the back), and was in in about 4 tries. Even without knowing to which account they belonged. I also helped one very large company figure out how people were getting into their systems.... it was the cleaning crew. One guy just went around "collecting" them from all the post-it notes. He then sold them at a huge profit.

So you want two things with a password: nearly impossible to guess and nearly impossible for YOU to forget. I have three, one for each level of security I need. Games I use....oh, almost gave it away...LOL!, Accounts other than games and banking I use a second, and banking gets it's own. So I never forget.

Finally, "experts" may want you to do even more. They really don't care if you use the automated "I forget my password" button but the do care very much that nobody hacks into their system via your account. So they want you to use the strongest password you can -- the randomized one you'll never remember -- because it keeps them safe. And maybe that should be done. Who knows?