New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Yeah, I trust that not to save whatever I give it just as much as I trust those "find out if your SSN is on the internet" sites.
@Brandon - please use more common sense when directing people to websites; this is clearly a phishing scam.
Seriously, my bank won't accept passwords exceeding 20 characters for online banking:/
Any suggestion then? I want to try a new password
Pretty much: never trust any site, no matter who runs it, that tells you to put in your password/SSN/etc and 'they won't store it'.
View the source. It's all client-side javascript. This is the main javascript that 'calculates' how secure the password is:
http://howsecureismypassword.net/hsimp.js
It also checks from a dictionary of words, found here:
http://howsecureismypassword.net/dictionary.js
Basically you could save the site locally and it will work perfectly.
I use lastpass with yubikey (2 factor auth). The lastpass master password is over 20 characters and completely random. I then just typed it enough times I remembered it. It then generates all my other passwords. I have a handful of passwords I use for things like shell accounts and games that need a login (so annoying, I have this game on my local computer and it won't let me save the password...)
Some interesting sites: http://www.grc.com/haystack.htm which gives a suggestion much like the xkcd comic, where length is more important than complexity. So take "P@ssw0rd" and add 20 periods at the end and you have a 28 character password. Obviously as soon as someone knows your method of padding the word it can make things a lot easier to crack so the word should be something unique and padding with something other than period. Granted I haven't used this method but a lot of people like it. Btw this site is also client side javascript so your passwords doesn't get transmitted anywhere. You can look at the code but the guy behind grc.com is very security conscious. Also don't put your ACTUAL password in there but just do the same thing. So using "P@ssw0rd" I would type in "A$def6ge" (matches the captialization, number and special character).
Ironically that means you're using the 'one password to rule them all' approach, but with an algorhithm instead of a password.
That page says:
About 387 duodecillion years
to hack your password
That statement is pretty false, because in 10 years time (if we still exist) the computers will be 100x more powerful then the computers we have now.
It would take a desktop PC
About 408 thousand years
to hack your password
Oh Well....
About 387 duodecillion years
to hack your password
The difference is that I don't store the algorithm or my passwords where people can possibly have a chance at retrieving them.
@speckl and neither do we with our password keeper.
About 408 thousand years
to hack your password
well that's the password I'm gonna use now
Orrr an alias for your user...?
With Google Apps, I just have one main mailbox and all email goes to there regardless of which address is used, as long as it is to @mydomain. I can set it up to send email from the one account with different from addresses (doesn't appear as 'on behalf of'), so the account or group is never created and thereby itself not hackable. Much easier to manage than @Aldryic 's approach IMO.
Well I think that with the 2 step verification is fine
Agreed, the problem is that google doesn't have a way to blackhole addresses once you're done with them (you have to actually make an account to act as a "blackhole")
Here is one of mine:
i will never say never
@DimeCadmium : Yes, I noticed that. Create account then disable it to bounce all emails.
Just create a filter to delete every mail send to a specific address.
@gsrdgrdghd : If you do it that way, it doesn't bounce the mail back as undeliverable, though if you just don't want the mails, yes, it works unless the to address isn't set.
Indeed. Just kinda a pain to not be able to truly blackhole them. Back when I first signed up you couldn't disable accounts and so you had to just set a low quota and let it fill up...
Sorry but what makes you say it is a phishing scam?
There was an article on entropy on Dropbox's forum, gave a demo page for checking entropy. There is also a link to the project's github, so you can have the source code for yourself to be sure it's not phishing
http://dl.dropbox.com/u/209/zxcvbn/test/index.html
not too long only 40 character
sample
x27q#RGxT23#vcWg7&pdh*h6Cw6vKk^c9G63*n&B
but some site not allowing more than 16 character password
We need passwords, hundreds of them, and long, twice as long as a man.
I use LastPass to generate random and save passwords for me, so for most sites I have no clue. Some sites however, don't work very well with LastPass. Usually those are crappy homemade non-important websites which will get a default password from me with a prefix.
And some sites, like my bank account/PayPal are only memorized by myself. Not written down, and not even LastPass knows it. Just me. 20+ chars, upper/lower/special/number.
34-char SSH password for my main gameserver dedi, made up of lowercase letters, punctuation, and numbers. I also use Fail2ban to stop bots from bruteforcing it. And, best of all, I can even remember it without issue, so it's not written down anywhere.
For other passwords (forums, email, etc), I use fairly unique ones, but I wouldn't call them extremely secure.
Or you could just use a ssh key. Much more comfortable, secure and convenient.