{"id":41215,"date":"2014-02-26T14:41:32","date_gmt":"2014-02-26T21:41:32","guid":{"rendered":"http:\/\/hill-kleerup.org\/blog\/2014\/02\/26\/a-lot-of-tough-passwords-are-not-all-that-tough.html"},"modified":"2014-02-26T14:41:32","modified_gmt":"2014-02-26T21:41:32","slug":"a-lot-of-tough-passwords-are-not-all-that-tough","status":"publish","type":"post","link":"https:\/\/hill-kleerup.org\/blog\/2014\/02\/26\/a-lot-of-tough-passwords-are-not-all-that-tough.html","title":{"rendered":"A lot of tough passwords are not all that tough"},"content":{"rendered":"<div class=\"gpb-content\">Cracking programs aren&#39;t just using dictionary items, but common letter\/number substitutions, word combinations, and frequently used numeric suffixes and prefixes. And if the cracker has any info about you (esp. stuff from your hard drive), that&#39;s all grist for the cracking mill (so your birthday, anniversary date, kid&#39;s dates, zip code, phone number parts, etc.).<\/p>\n<p>The safest thing you can do is some sort of password manager (I use LastPass, like Les) to generate completely random password strings. \u00a0Since LP will then fill in the information on the web page, it&#39;s not like you have to transcribe it.<\/p>\n<p><strong>Reshared post from +<a href='https:\/\/plus.google.com\/103748887870095862080'>Les Jenkins<\/a><\/strong><\/p>\n<blockquote><p>I use Last Pass myself and have it generate 14 character random passwords using all 4 character types (Upper, Lower, Number Symbol) if the site allows for it.\ufeff<\/p><\/blockquote>\n<\/div>\n<p class='gpb-article' style='clear:both;'>\n<div style='height:120px;width:120px;overflow:hidden;float:left;margin-top:0px;padding-top:0px;margin-right:10px;vertical-align:top;text-align:center;clear:both;'>\n                                                    <img style='max-width:none;' src='https:\/\/lh6.googleusercontent.com\/proxy\/KnAXSbtm_73vXkyO1HZD5cq84l9T9upi7pe316wLoASUSbSnOk8_JOjd5zkjHa40j5iFogeej1t5bQRsX9Yn0i4bXHJIMBKTBEmdAMNORnmEGiAfLt0UKKg=w120-h120' border='0' \/>\n                                                <\/div>\n<p>                                                <a href='http:\/\/feedly.com\/e\/G4UpUrrL'>Choosing a Secure Password<\/a><br \/>\n                                                As insecure as passwords generally are, they&#8217;re not going away anytime soon. Every year you have more and more passwords to deal with, and every year they get easier and easier to break. You need a strategy.\n                                            <\/p>\n<p class='gpb-links' style='clear:both;'> <a class='gpb-linkback' href='https:\/\/plus.google.com\/101083456815352083930\/posts\/7hTKSq8oQQG' target='_new'>View this post on Google+<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cracking programs aren&#39;t just using dictionary items, but common letter\/number substitutions, word combinations, and frequently used numeric suffixes and prefixes. And if the cracker has any info about you (esp. stuff from your hard drive), that&#39;s all grist for the cracking mill (so your birthday, anniversary date, kid&#39;s dates, zip code, phone number parts, etc.). &hellip; <a href=\"https:\/\/hill-kleerup.org\/blog\/2014\/02\/26\/a-lot-of-tough-passwords-are-not-all-that-tough.html\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;A lot of tough passwords are not all that tough&#8221;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","_seopress_analysis_target_kw":"","_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[106],"tags":[],"class_list":["post-41215","post","type-post","status-publish","format-standard","hentry","category-plusposts"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":40330,"url":"https:\/\/hill-kleerup.org\/blog\/2014\/01\/07\/eek-google-knows-my-wifi-passwords-eek.html","url_meta":{"origin":41215,"position":0},"title":"Eek! Google knows my WiFi passwords! Eek!","author":"***Dave","date":"Tue 7-Jan-14 8:27am","format":false,"excerpt":"Or, perhaps, ho-hum. \u00a0Yes, if you have turned on \"back up my settings\" on your phone, then things like your WiFi passwords are being backed up, too. \u00a0Um ... yes, they are. And this is a shocking revelation?Same thing happens if you login to Chrome and have it back up\u2026","rel":"","context":"In &quot;~PlusPosts&quot;","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":36540,"url":"https:\/\/hill-kleerup.org\/blog\/2013\/05\/28\/the-password-is-crackable.html","url_meta":{"origin":41215,"position":1},"title":"The Password Is: &quot;CRACKABLE&quot;","author":"***Dave","date":"Tue 28-May-13 10:24am","format":false,"excerpt":"Yikes.I think a lot of people consider password security about being:1. Something they can easily remember.2. Protection against their colleagues guessing their password, or an ex, or maybe some kid down the street.\u00a03. Protection against someone who's logging into a site and trying to log in, one ID\/password at a\u2026","rel":"","context":"In &quot;~PlusPosts&quot;","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8987,"url":"https:\/\/hill-kleerup.org\/blog\/2006\/03\/10\/passwords_and_t.html","url_meta":{"origin":41215,"position":2},"title":"Passwords and the Users Who Love Them","author":"***Dave","date":"Fri 10-Mar-06 9:51am","format":false,"excerpt":"In case there was any question, people follow bad password practices. Duh. And it's not a matter of education. People know the rules, they just don't follow them. Looking at...","rel":"","context":"In &quot;Hi-Tech&quot;","block_context":{"text":"Hi-Tech","link":"https:\/\/hill-kleerup.org\/blog\/category\/hi-tech"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":28157,"url":"https:\/\/hill-kleerup.org\/blog\/2012\/06\/06\/well-at-last-a-compelling-reason-to-go-to-my-linkedin-profile.html","url_meta":{"origin":41215,"position":3},"title":"Well, at last a compelling reason to go to my LinkedIn profile","author":"***Dave","date":"Wed 6-Jun-12 11:19am","format":false,"excerpt":"To change my password.I've never felt terribly comfortable with LinkedIn -- too much cross-connecting between professional and private lives for me. But this provided me a solid reason to finally go over, do some updates, accept some (aging) invitations, etc. \u00a0I'm sure I'll probably be there again ... sometime this\u2026","rel":"","context":"In &quot;~PlusPosts&quot;","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":136209,"url":"https:\/\/hill-kleerup.org\/blog\/2018\/05\/03\/because-everyone-really-wanted-to-change-their-twitter-password.html","url_meta":{"origin":41215,"position":4},"title":"Because everyone really wanted to change their Twitter password","author":"***Dave","date":"Thu 3-May-18 8:30pm","format":false,"excerpt":"Twitter has no evidence that anyone's passwords got stolen from an unhashed password file on their internal network that was there for a lengthy period of time ... but they don't know that none of them were. Twitter urges all users to change passwords after glitch | Reuters Twitter Inc\u2026","rel":"","context":"In &quot;~PlusPosts&quot;","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/hill-kleerup.org\/blog\/wp\/wp-content\/uploads\/2018\/05\/twitter-icons-on-a-phone.jpg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":9203,"url":"https:\/\/hill-kleerup.org\/blog\/2006\/01\/24\/password_strong.html","url_meta":{"origin":41215,"position":5},"title":"Password strong!  Strongest one there is!","author":"***Dave","date":"Tue 24-Jan-06 3:40pm","format":false,"excerpt":"The security folks at the company are once again pushing the concept of strong passwords out to the masses. I.e., Use \u201cletter substitution\u201d to create strong passwords: Special characters (@!$&#)...","rel":"","context":"In &quot;Job Jollies&quot;","block_context":{"text":"Job Jollies","link":"https:\/\/hill-kleerup.org\/blog\/category\/job-jollies"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/posts\/41215","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/comments?post=41215"}],"version-history":[{"count":0,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/posts\/41215\/revisions"}],"wp:attachment":[{"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/media?parent=41215"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/categories?post=41215"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/tags?post=41215"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}