HuberBlog ::Jason Huber » passwords http://huberblog.com This is where Jason puts his stuff of personal interest. Thu, 17 May 2012 17:03:14 +0000 en hourly 1 http://wordpress.org/?v=3.3.2 Passwords, passwords and more passwords http://huberblog.com/2010/01/18/passwords-passwords-and-more-passwords/ http://huberblog.com/2010/01/18/passwords-passwords-and-more-passwords/#comments Mon, 18 Jan 2010 14:12:38 +0000 Jason http://huberblog.com/?p=427 So you know the saying that you need to have a separate password for each site you access right? Most of us do not. I am as guilty of this as anyone.

Why is it so important (and why am I going to change my behavior)?

Let’s say China gets into Google’s servers and finds my password. They can probably assume that they can now also get into my twitter and facebook accounts too (and they would be correct). They can probably access 100 different services and find information or change information about me to suit their needs. I know China is out for me.

So I have to get a new password for each site I visit.

I have a plan. I already have a password that is something like Y0u4reAB1gD0rk, but now I will add in something like the last three characters of the site in “their location in the alphabet” to the password. So for google you will have gle. g = 4, l = 12, and e = 5, so 21. I will change my password there to be Y0u4reAB1g21D0rk. Neat huh?

They will never catch me this way ;)

So what about changing my password often? Do I need to do that? No.
The idea from changing your password often is that if your password is compromised you change it and the bad stuff stops. Well if you are using a different password for each site then the bad stuff was limited to that site and the bad guys probably locked you out anyway.

If you are using the same password for all sites then the bad guys are probably going to use your password really quickly. So you need to change your password like every minute to overcome this. Ready for that task? No. Don’t bother. Just create a good password for each site and change it every so often. I might go with once every 90 days or so, but really it just does not matter.

The password I used above: Y0u4reAB1g21D0rk is rated “BEST” by Microsoft :)

http://www.microsoft.com/protect/fraud/passwords/checker.aspx

According to KeePass my password Y0u4reAB1g21D0rk is 87 bits. This means it would take like 76 years to crack it. I can have my Grandchildren change it for me long after I am gone :)

BTW. The wikipedia article has some great quotes on writing down your password and not using the same one on multiple sites.

http://en.wikipedia.org/wiki/Password_strength#Time_needed_for_password_searches

]]> http://huberblog.com/2010/01/18/passwords-passwords-and-more-passwords/feed/ 0