Password Security

[Paul D]

How many people know me personally ?

How many of you know I can be trusted ?

 

Luckily for some of you I can......

 

Here is a lesson for those of you using forums on the internet.

When you enter a password it is encoded and stored away. Good bet that you use the same one elsewhere.

 

As an administrator you can access these encoded passwords and using a nifty program you can go about trying to guess passwords.

 

As am experiment ( as I am a bit sad like that ), I wondered how many on our forum could be found by the program.

 

Answer is :- MINE ! - ( now changed ).

 

and another 13 users in half an hour.

 

The same password is actually in use by 5 different members ( I was trying to guess it manually to start but cracked it in 5 secs using a program ).

Other people might think their passwords are secure but if it is stuff fishing rods are made of it isn't !

If it is the name of things sticking to the underside of boats it isn't......

 

Basically if your password contains only characters and no numbers it is easily determined and I am now off to drain your bank accounts of money ( only kidding ).

 

 

 

 

[duncan]

an interesting paradox............if I used my secure (it's good) password on any normal forum then I have no real knowledge you (the webmaster) are not simple viewing them !

 

if on the other hand I use a seperate secure pw for every place I set one up I will have to store them somewhere because my memory ain't that good.

 

solution - forum specific or subject specific but generally simple and yes my identity here could be compromised but if anyone else want to pretend to be me and post an even better catch report then so be it.............

 

carbon turbot barnacle (jim)

[Paul D]

Duncan,

 

Warm on one, correct on one and yours was "crackable" as you are probably aware

 

A secure password is not viewable in any way. For example a password of "fishing" is stored as "819a07afa4abc8660ec9042038a8c597" this could also be the code stored for the complete works of shakespere encoded !

 

"Fishing" is easily guessed but easily found when a computer can try out thousands/millions of passwords per sec.

 

To be honest, I only tried it out of interest and it shocked me.

 

I can only guess the password from the calculated number. When users have simple ones then a program can easily guess it in seconds.

 

Another thing I have found that can be done which even opened my eyes, is theprogram can dump the "protected storage" areas of the PC you are on. This contains all my so called "secure" passwords. Bank account details, credit card details etc. - astounding.

 

If you sell your PC, I would erase the hard drive if I were you !

 

 

 

 

[Newboy]

Isn't our pw randomly generated by the forum when signed up? Or have I got the wrong forum?

[Maverick Martin]

Kam

 

Your password is what you entered when registering. You would have been asked to copy a code just to prove you are a human registering and not another machine trying to register.

 

 

[Swainiac]

Did you squeak out mine Paul??

 

Rich

[Paul D]

Rich,

 

Yours was one of the easiest, since you let me in to your little secret

 

[duncan]

ah well Rich - they always sugest you keep your 'personal details' secure in a web environment!

 

[Member Removed]

Hi

 

I'm new to forum (sorry haven't got round to completing an intro yet in the correct section of the forum) but anyways....

 

A simple (maybe) way of remembering a password is to use the first letters in a sentence like 'I love to go fishing' and your date of birth or other memorable number added at end or elsewhere, so the password would be:

 

'Iltgf150860' this in theory should make your password alot harder to crack and make you a target further down the list of hackers

 

(I dont preach what I teach tho... I probably got cracked at the top of the list.. must sort all me passwords out..!!)

 

btw really like the forum etc.. thanks to Tom at SM for telling me about the site

 

CharlieH.

[Maverick Martin]

Hi Charlie

 

Welcome to the site, glad you like it.

 

Good advice about using letters and numbers. Also passwords are case sensitive so use a mixture of upper and lower case letters plus your nombers. This will increase the combinations and make your time surfing even more secure

 

Martin

[Newboy]

Ah, just checked mine and it's one of my oldest one, been using that since uni, it's the first letter of my previous girlfriends..... missus used to ask me why had I chosen such a difficult pw, I told her it was randomly chosen.

 

Seriously tho, does the forum have some form of protection like credit card when after ,say 3 attempt locks the login or locks it for 1 hour or notify the login email?

[duncan]

yes good advice about numbers but do avoid the obvious easy to remember ones that could be established by a third party - ie telephone / dob

 

if you want to create one that is secure then use a couple of seperate items and combine them in a routine that you can remember.

 

One I used to use was 2F01n5 which is easy to recreate from 3 simple items - my house number, age (a few years ago) and initials. In the end I got used to it and can remember it now!

 

The routine - x*y-(x*y) the initials translated by the preceding number when inserted, forename caps, surname small.

 

However we get lax and use really simple ones as Paul had highlighted!