How secure is your password and PIN?

Do you always use a secure password?

  • Yes

    Votes: 39 67.2%

  • No

    Votes: 19 32.8%
  • Total voters
    58
password_strength.png
 
The above cartoon was mentioned in last weeks Security Now! and Steve mentioned the maths was slightly out but it gets the point across. http://twit.tv/sn313

Based on his password haystacks https://www.grc.com/haystack.htm


and btw if you say PIN number,.... you are repeating yourself as you are saying Personal Identification Number number :)
 
Last edited:
No, I do not always use a secure password.
- On forums like these where there is absolutely no threat, no name, address or personal detail, I use a moderate password. A script kiddie will most likely not break it but someone who puts in effort will get past it. The worst that can happen is that I get baned because my account got hacked and abused, big deal, just re-register and start over.
- When testing out an installation in a VM I use a very weak password since there is a 0% threat
- On the home network, the boxes that are locked out and have no access to the wan, weak passwords, it is a secure home network after all.

I can however guarantee you that no one will be breaking into my desktop accounts (user and root) any time soon, also my router is as secure as it gets, same with the websites I maintain.
The places that matter get the whole shebang, otherwise I don't bother.
 
My biggest worry is not how much effect I put in making my password hard to crack but is my password protected on the site I'm using it on. If I think the website I'm using it on can be hacked, I tend to use my easy to type password but on sites that have my personal information I make sure I make it as hard as I can.
 
I'm strongly against password-expiry (how most corporate environments require you to change to your password every x amount of days).
I believe (and I'm not the only one) that, far from improving security, it leads to less secure passwords (like September in September) or people having to write down their passwords to remember them.
Rather make up a strong password once, then a weak one every month.

I'm sure someone will disagree with me, but that's my opinion...
 
MongooseMan said:
I'm strongly against password-expiry (how most corporate environments require you to change to your password every x amount of days).
I believe (and I'm not the only one) that, far from improving security, it leads to less secure passwords (like September in September) or people having to write down their passwords to remember them.
Rather make up a strong password once, then a weak one every month.

I'm sure someone will disagree with me, but that's my opinion...
Click to expand...

I agree with you.

My dads works pw is my brothers name with a number. so eg jeff01, then next month jeff02 then the month after jeff03. So it carries on
 
At work we are forced (by a script) to change our passwords once in three months. It gets tedious at time, I discovered by accident that some of the people change the last digit every time, like paasswoord1, then just keep on increasing the last digit.
 
MongooseMan said:
I'm strongly against password-expiry (how most corporate environments require you to change to your password every x amount of days).
I believe (and I'm not the only one) that, far from improving security, it leads to less secure passwords (like September in September) or people having to write down their passwords to remember them.
Rather make up a strong password once, then a weak one every month.

I'm sure someone will disagree with me, but that's my opinion...
Click to expand...
Beat me to it.
 
mfumbesi said:
At work we are forced (by a script) to change our passwords once in three months. It gets tedious at time, I discovered by accident that some of the people change the last digit every time, like paasswoord1, then just keep on increasing the last digit.
Click to expand...

I do that. I couldn't be bothered to think of something new every 30 days for work. My gmail, facebook, bank and twitter password are all different and they shouldn't be too easy to crack (especially my gmail which I store some of the other passwords I have for sites you go on once a year (like SARS). I use the same password on many sites that don't have any useful info on them. I have never used any of the passwords that were listed on the front page though.
 
MongooseMan said:
I'm strongly against password-expiry (how most corporate environments require you to change to your password every x amount of days).
I believe (and I'm not the only one) that, far from improving security, it leads to less secure passwords (like September in September) or people having to write down their passwords to remember them.
Rather make up a strong password once, then a weak one every month.

I'm sure someone will disagree with me, but that's my opinion...
Click to expand...

Yes! It sucks!
 
Prefer alpha numeric passphrases but also have several passwords similar to below (always minimum of 12 characters).

GK<%G%2h3t!a?
 
mfumbesi said:
At work we are forced (by a script) to change our passwords once in three months. It gets tedious at time, I discovered by accident that some of the people change the last digit every time, like paasswoord1, then just keep on increasing the last digit.
Click to expand...

I do that as well, but with a much stronger base.
 
If the site has personal info that needs to be secured, make sure you use a unique strong password. Other sites that don't require that level of security use a password that you can vary slightly.

Weak passwords are the same as leaving your car unlocked. Just needs someone who is interested to open the door and get in...
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter