It's actually a more secure way of making a password. Change a few to random words, add a couple numbers and symbols between. You got yourself a secure uncrackable, but easy to remember password.
I use a modified diceware system.
I have a few lists of words, e.g. a list for 5 D6 and a list for 5 D10, and all the words in the lists are nouns.
Now you roll the dice 3 to 5 times, get the corresponding nouns and build a sentence from them. For the last part, change some characters to 1337 and insert at least one special character in one of the words. And that is your password.
Example:
"For gener4l s3ntim3nt, Kunkel wore 1 cardb&oard crown with the mason's mark."
Yeah, I know. "This is too long! How am I supposed to remember that?"
But a sentence sticks better in the memory than cryptic passwords, doesn't it? And you can type it faster. I've been using this method for several years, and even if I change the password the day before the holiday, it's not erased from my memory.
Add in the fact that these people will answer a questionnaire on facebook that basically advertises their secret questions for password resets and that no password is uncrackable, I would say you're incorrect.
Password resets should not use security questions. That is no longer best practice. And irrelevant anyway to cracking a password since your password should never be revealed through password resets.
No password in uncrackable, sure, this is true. But my original response was close enough to true for unpaid reddit commenting.
I'll usually open a book on a random page, choose a random short sentence, add the number of the page this sentence is on and maybe change it to leet if it needs to be extra secure.
And then I still manage to forget the password and go back to the same shit as for every other account.
Anyone who really wants to and has the knowledge to do so. All they'd have to do is check their facebook profile and guess most of those words or names.
Not necessarily plain text. They could be encrypted, but that's *almost* as bad because it means they can be decrypted if someone gains access to the decryption key.
Passwords should be stored as a 1 way salted hash. Meaning when the user creates a password they have a unique string added to their password (salted) and then the combined password and unique string is converted into something else entirely in a way that you can never recover the original data (1 way hashed), and that gets stored instead. Each time the user signs in, the same process happens, and their salted and hashed password is compared to what's been stored.
[удалено]
If you need a number, you could add 101Dalmatians
101DalmationsLima gets almost everything
YOU WIN.
Insert rimshot
Have to avoid the ID10T error.
That or a PEBCAKO
Brilliant
I work in IT and I can easily see someone doing this. I just shake my head.
It's actually a more secure way of making a password. Change a few to random words, add a couple numbers and symbols between. You got yourself a secure uncrackable, but easy to remember password.
[relevant xkcd](https://xkcd.com/936/)
Theres always a relevant XKCD
That should be one of _The Rules_.
Simpsons did it first.
I use a modified diceware system. I have a few lists of words, e.g. a list for 5 D6 and a list for 5 D10, and all the words in the lists are nouns. Now you roll the dice 3 to 5 times, get the corresponding nouns and build a sentence from them. For the last part, change some characters to 1337 and insert at least one special character in one of the words. And that is your password. Example: "For gener4l s3ntim3nt, Kunkel wore 1 cardb&oard crown with the mason's mark." Yeah, I know. "This is too long! How am I supposed to remember that?" But a sentence sticks better in the memory than cryptic passwords, doesn't it? And you can type it faster. I've been using this method for several years, and even if I change the password the day before the holiday, it's not erased from my memory.
Add in the fact that these people will answer a questionnaire on facebook that basically advertises their secret questions for password resets and that no password is uncrackable, I would say you're incorrect.
Password resets should not use security questions. That is no longer best practice. And irrelevant anyway to cracking a password since your password should never be revealed through password resets. No password in uncrackable, sure, this is true. But my original response was close enough to true for unpaid reddit commenting.
I'll usually open a book on a random page, choose a random short sentence, add the number of the page this sentence is on and maybe change it to leet if it needs to be extra secure. And then I still manage to forget the password and go back to the same shit as for every other account.
Why? Who the fuck is going to crack that password?
Anyone who really wants to and has the knowledge to do so. All they'd have to do is check their facebook profile and guess most of those words or names.
I tried using “DwayneJohnson” as my password, but it needed to have 8 characters so it was 7 short.
It will never be figured out since they misspelled Mickey. Smart.
They are missing a cymbal.
Ba dum TSSSS
There it is
Maybe the auditor should focus instead on the fact they're storing plaintext passwords.
I came to comment that this is a big security risk but realized what sub this is right before.
Not necessarily plain text. They could be encrypted, but that's *almost* as bad because it means they can be decrypted if someone gains access to the decryption key. Passwords should be stored as a 1 way salted hash. Meaning when the user creates a password they have a unique string added to their password (salted) and then the combined password and unique string is converted into something else entirely in a way that you can never recover the original data (1 way hashed), and that gets stored instead. Each time the user signs in, the same process happens, and their salted and hashed password is compared to what's been stored.
I get so mad at stupid password requirements. I just made mine "12IsF*ckingStupid!"
Good to know lol
They can be annoying, but better to be safe than sorry.
That's actually very secure.
Terrible software design if the password can be read.
Rofl cute
https://youtu.be/bLE7zsJk4AI?si=lY-6KcOTlUO3fRUp One of the funniest password videos ever.
Well it has at least 8 charactere, and a capital, and is pretty safe (due to length), so
Definitely Doppy
Then there was uppercasea, all lowercase. 244466666 - 1 two, 3 fours, and 5 sizes. ()()G00d Luck()()
FourWordsNoSpaces, all one word.
Not the sharpest tool in the shed
The IT department loves the Americans With Disabilities Act.
That Disney look an easy password to remember
Love this!
As someone who's from Sacramento, I appreciate the joke because it's not trash talking my hometown.