Why are some passwords so fussy?

D

Duke of Marmalade

Registered User
Messages
4,559
Really have to let off steam

iPhone said it had new IOS release which I went for, reluctantly
at end of process prompted for Apple password which I had forgotten so had to apply for a new one

1st attempt, my standard dm1234 (not the true characters of course)
Sorry, not long enough 8 characters please

2nd attempt dm123456
Sorry need at least one upper case, steam coming out of nose

3rd attempt Dm123456
Sorry, already used this in last year, steam coming out of ears

4th attempt DM123456
Sorry need at least one lower case, steam coming out of every orifice:mad:

At last dM123456 was accepted but I will never remember that unless I make a note of it which kinda defeats the purpose of having a password which even the NSA would find difficult to break.
 
Hi Duke

I am roaring laughing here visualising you trying to compose a password.

I suppose the reason, is that so many have passwords such as 1234 on their atm cards and then swear that they never told anyone when large amounts of cash are withdrawn. It's probably the same for other services.
 
I always find Verified by Visa to be the most annoying because of 'that's taken, that's taken, that's taken' type of reply after I can't remember password from months back.

Description above sounds something similar to ;)
 
Brendan Burgess said:
Hi Duke

I am roaring laughing here visualising you trying to compose a password.

I suppose the reason, is that so many have passwords such as 1234 on their atm cards and then swear that they never told anyone when large amounts of cash are withdrawn. It's probably the same for other services.
Click to expand...
Boss the numbers were fictitious as well. I don't mind if the supplier is at risk as I think credit card companies are but when I am at risk as in the case of Apple I would have thought I could set my own password standards.
 
Here's one of the reasons why you are forced to make passwords more complex :

http://arstechnica.com/security/201...s-every-standard-windows-password-in-6-hours/

This type of machine can be put together reasonably easily. You could even write some code just to turn the Graphics card in your desktop into a GPU cracker.

One of the comments explains why adding one single character to a password makes it more complex to break :

8 character password using all 95 characters on a standard keyboard = 95^8 combinations
10 character password = 95^10

So in your example (Upper / Lower & Numeric) it's 62^8 possible combinations - not very many when that machine can crack 180 billion MD5 hashes per second. Note : I haven't checked what Hash Algorithm that iOS uses but i'm sure it's not MD5.

There's loads of examples back through the past few years where people have built their own crackers using Graphics cards, play stations etc.

Lots of website you can even upload a hashed (encrypted) password and you can pay to have it cracked for you.
 
nai said:
Here's one of the reasons why you are forced to make passwords more complex :

http://arstechnica.com/security/201...s-every-standard-windows-password-in-6-hours/

This type of machine can be put together reasonably easily. You could even write some code just to turn the Graphics card in your desktop into a GPU cracker.

One of the comments explains why adding one single character to a password makes it more complex to break :

8 character password using all 95 characters on a standard keyboard = 95^8 combinations
10 character password = 95^10

So in your example (Upper / Lower & Numeric) it's 62^8 possible combinations - not very many when that machine can crack 180 billion MD5 hashes per second. Note : I haven't checked what Hash Algorithm that iOS uses but i'm sure it's not MD5.

There's loads of examples back through the past few years where people have built their own crackers using Graphics cards, play stations etc.

Lots of website you can even upload a hashed (encrypted) password and you can pay to have it cracked for you.
Click to expand...

I can see that you've typed a lot of words up there, but this is how it reads to me:

nai said:
Dyma un o'r rhesymau pam yr ydych yn cael eu gorfodi i wneud cyfrineiriau yn fwy cymhleth:



Gall y math hwn o beiriant yn cael ei rhoi at ei gilydd yn rhesymol hawdd. Gallech hyd yn oed yn ysgrifennu rhai cod yn unig i droi'r cerdyn Graphics yn eich n ben-desg i mewn i cracer GPU .

Un o'r sylwadau yn esbonio pam y byddai ychwanegu un cymeriad unigol i cyfrinair ei gwneud yn fwy cymhleth i dorri :

8 cyfrinair cymeriad gan ddefnyddio pob 95 o gymeriadau ar fysellfwrdd safonol = 95 ^ 8 cyfuniadau
10 cyfrinair cymeriad = 95 ^ 10

Felly, yn eich esiampl ( Uchaf / Isaf a Rhifol ) ei fod yn 62 ^ 8 gyfuniadau posibl - nid yw llawer iawn pryd y gall y peiriant agenna 180,000,000,000 hashes MD5 yr eiliad. Noder : Nid wyf wedi gwirio hyn Algorithm Hash bod iOS defnyddio ond rwy'n siŵr nad yw'n MD5 .

Mae llawer o enghreifftiau yn ôl drwy'r blynyddoedd diwethaf lle mae pobl wedi adeiladu eu cracers eu hunain gan ddefnyddio cardiau Graffeg, gorsafoedd chwarae ac ati

Llawer o wefan gallwch hyd yn oed lwytho cyfrinair hashed ( encrypted ) a gallwch dalu iddo gael ei 'n graciog i chi.
Click to expand...

Anyone else feel the same?! :eek:
 
mandelbrot said:
I can see that you've typed a lot of words up there, but this is how it reads to me:



Anyone else feel the same?! :eek:
Click to expand...

All I hear is 'reboot your computer'. But that's all I hear when people start talking about IT.
 
Heh heh !

Sorry about that.

basically what I said was
1. Passwords can be cracked more easily by using a very powerful machine
2. The more characters in a password, the more difficult to crack
3. People only use a small number of total characters available on a keyboard
4. It's quite easy to get hands on an encrypted password and to crack it.
 
I'd be happy enough to have a more complicated password if I didn't have to change every 30 days which is what I have to do with 4 systems at work.

I gave up my access to two systems as I just couldn't handle having to change them every 30 days. It was also a different day so I be asked for new passwords over a week and would have to ring IT at least once. What's more annoying is that no one has ever tried to hack into my work pc or my ppars which I need everyday.

The 2 passwords are totally crap btw.
 
If you were to believe the hype cortical cryptography is the next way of proving you are you you say you are to machines. This brief video introduces it.
However I like http://xkcd.com/538/ too.
 
QQQ said:
If you were to believe the hype cortical cryptography is the next way of proving you are you you say you are to machines. This brief video introduces it.
However I like http://xkcd.com/538/ too.
Click to expand...

That's definitely for the ultra paranoids !

Reality is that people re-use the same passwords for multiple systems. Crack one and you (generally) get access to multiple locations. Most of the high profile hacks that have been publicized over the past few years have been a mix of very poor systems security & implementation, combined with poor data governance - this has led to access to multiple userid/password combinations being released onto the web, which are then picked up by script-kids and used for a variety of uses - both good/bad.

There's a good book - We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency by Parmy Olson which outlines how some of the most famous hacks done by Anonymous & Lulzsec were as a result of poor system implementations (SQL Injection in most cases).

And seeing as we're on a theme - this explains what I mean (kinda!).

http://xkcd.com/792/
 
The recent Adobe hack shows why, even though far from perfect or secure, there is some merit to forcing people into more complex passowrds.

From a PC World article on the hack:

Here are the 20 most common passwords, followed by the number of Adobe users who used that password:
  • 1. 123456 - 1,911,938
  • 2. 123456789 - 446,162
  • 3. password - 345,834
  • 4. adobe123 - 211,659
  • 5. 12345678 - 201,580
  • 6. qwerty - 130,832
  • 7. 1234567 - 124,253
  • 8. 111111 - 113,884
  • 9. photoshop - 83,411
  • 10. 123123 - 82,694
  • 11. 1234567890 - 76,910
  • 12. 000000 - 76,186
  • 13. abc123 - 70,791
  • 14. 1234 - 61,453
  • 15. adobe1 - 56,744
  • 16. macromedia - 54,651
  • 17. azerty - 48,850
  • 18. iloveyou - 47,142
  • 19. aaaaaa - 44,281
  • 20. 654321 - 43,670
Click to expand...
Though it should be noted Adobe only used single encryption key.
 
You must log in or register to reply here.
Back
Top