DTP


 
Lively discussions on the graphic arts and publishing — in print or on the web


Go Back   Desktop Publishing Forum > General Discussions > General Publishing Topics

Reply
 
Thread Tools Display Modes
Old 01-27-2015, 10:17 AM   #1
Andrew B.
Staff
 
Andrew B.'s Avatar
 
Join Date: Jan 2005
Location: Los Angeles, California
Posts: 3,498
Default Password Strength

Having figured out an easy way to remember long passwords, I'm ready to improve one the ones I use now. And FWIW, the easy way is to utilize series that are etched into your memory. For example, if you love poetry, it could be a poem you never forget. The simple way is to take the first letter of each word, and throw in some variation that is easy to remember. Such as putting a number you never forget in a specific spot. Or spots. I have some numbers like this in mind that I never forget. But it has to be something easy to remember, and not something you are known for.

Armed with this I am trying to figure out how long my Windows password should be. I imagine that someone cannot hook a supercomputer up to my sign in screen to run millions of combos. Not to mention that if they were this motivated, they could simply bypass Windows and go straight to the hard disk.

So with this in mind, I'm thinking fifteen characters would do.

Thoughts?

   
__________________
fallberry.com
Andrew B. is offline   Reply With Quote
Old 01-27-2015, 11:30 AM   #2
terrie
Staff
 
Join Date: Oct 2004
Posts: 8,916
Default

From what I have read, length does indeed matter when it comes to passwords--moreso than complexity. 15 characters sounds reasonable although I've read that 23 characters is even better...

Terrie
terrie is offline   Reply With Quote
Old 01-27-2015, 05:08 PM   #3
Steve Rindsberg
Staff
 
Join Date: Nov 2004
Posts: 6,707
Default

And 64 characters is better yet.

Unless you have to type it.

   
__________________
Steve Rindsberg
====================
www.pptfaq.com
www.pptools.com
and stuff
Steve Rindsberg is offline   Reply With Quote
Old 01-28-2015, 11:36 AM   #4
terrie
Staff
 
Join Date: Oct 2004
Posts: 8,916
Default

Quote:
steve: Unless you have to type it.
Indeed! I was going to make a comment like that about the 15 and 23 character passwords...'-}}

Terrie
terrie is offline   Reply With Quote
Old 01-29-2015, 06:52 AM   #5
Steve Rindsberg
Staff
 
Join Date: Nov 2004
Posts: 6,707
Default

Though if the password is actually a phrase, it works pretty well. The password for some of my stuff is between 15 and 20 characters, and no problems typing it.

   
__________________
Steve Rindsberg
====================
www.pptfaq.com
www.pptools.com
and stuff
Steve Rindsberg is offline   Reply With Quote
Old 01-29-2015, 01:06 PM   #6
terrie
Staff
 
Join Date: Oct 2004
Posts: 8,916
Default

Yes...I would think a phrase would be easier to type than a random set of characters of the same length...
terrie is offline   Reply With Quote
Old 01-30-2015, 06:57 AM   #7
Steve Rindsberg
Staff
 
Join Date: Nov 2004
Posts: 6,707
Default

Easier to type and far easier to remember.

There. That'd be a good passphrase right there. ;-)

   
__________________
Steve Rindsberg
====================
www.pptfaq.com
www.pptools.com
and stuff
Steve Rindsberg is offline   Reply With Quote
Old 01-30-2015, 10:57 AM   #8
terrie
Staff
 
Join Date: Oct 2004
Posts: 8,916
Default

'-}}

Terrie
terrie is offline   Reply With Quote
Old 02-28-2015, 06:56 AM   #9
curveto
Member
 
curveto's Avatar
 
Join Date: Feb 2005
Location: some room with white padded walls ... now surrounded by Saguaro Cacti
Posts: 351
Default

Windows only uses the first 16 characters of whatever passcode you enter. You can enter more but it's pointless to do so (unless perhaps it's a code you share across multiple systems ... which you shouldn't do, but).

Having said that...

Something that is long is good. Length trumps pretty much anything else you can do. But, as length grows, when one uses high entropy techniques (too) things can become hard to remember.

It all boils down to a few tenents:

1) Longer is better
2) High entropy (e.g., more than just a-z) is better
3) Whatever you use should NEVER be present in ANY rainbow table (or worse, dictionary or book)
4) When producing a phrase (which is a good technique, frankly) DO NOT just stitch some dictionary words together or inject 733t speak (thinking that that will fool someone, it won't)
5) The further the code resides "away from" the edges of a search space the better (I won't explain here beyond offering ... think about what you enter as a slot (a number technically) within a sea of slots where each umm slot is some combination of characters of the same length / character set)

Other things to consider:

1) DO NOT sign in to an account that has administrative credentials (make a separate administrative account and give THAT admin creds, reduce all other accounts to standard creds (see user accounts for how) and, when you need to alter the machine (e.g., install sw), log out of the "normal" account and log in to the admin account, install the sw (or whatever) and then log out and log back in to the normal account. This all means that if you start Windows (or OS X for that matter) and you do not stop along the way at a "which account?" screen YOU'RE DOING IT WRONG!

If you're machine is kept in a "reasonably" secure location (e.g., your home) and you're worried about forgetting a super complex passcode. Go get a label maker and print the code on a sticker and stick it to the bottom of the machine. Obviously, that's not a great idea in a workplace or other location where untrustable persons may reside.

...and for any passcodes that are long lived it helps if you print ithem out on a piece of paper (along with the accounts they serve) and put that in a safe deposit box. That way, when you get run over by a bus your next of kin won't suffer quite as much.
curveto is offline   Reply With Quote
Old 02-28-2015, 07:31 AM   #10
Steve Rindsberg
Staff
 
Join Date: Nov 2004
Posts: 6,707
Default

According to this (http://www.symantec.com/connect/arti...password-myths) there was once a password length limit of 14 characters, but "Windows 2000 and XP passwords can now be up to 127 characters in length and so 14 characters is no longer a limit."

FWIW, the rest of the article pretty much backs up your suggestions.

   
__________________
Steve Rindsberg
====================
www.pptfaq.com
www.pptools.com
and stuff
Steve Rindsberg is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Password Management dthomsen8 Software 47 09-02-2014 10:37 PM
FF Master Password :-( George Software 0 09-17-2008 10:41 AM
Typo3: lost my password BinkyM Web Site Building & Maintenance 1 05-04-2006 06:44 PM
Small bug changing password BinkyM How to Use the Forum 1 10-29-2005 12:32 PM


All times are GMT -8. The time now is 08:48 AM.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Contents copyright 2004–2014 Desktop Publishing Forum and its members.