See hidden discussions | Win great prizes | Get free support
Lol nice try, but I don't need to 'verify' my password.A site called LeakedIn.org was set up where users can check whether their LinkedIn passwords are part of the list of compromised passwords. The service creates a SHA-1 hash of an entered password, and then checks it against the hashed password list to see if your password was leaked (or even cracked).
Agree, about half my password are 12345678 (along with a separate e-mail account for registration on those sites), often at sites where I log in only once and then never go back to the site, so who cares if someone logs into my account on such site, for all the important stuff each have a unique password for each site.No way! I honestly thought I was the only one that used "password". Damn it.
I too have the same password for most sites and forums. And I don't really care. If someone wants to post as me on a forum then good luck to them.
We are learning passwords wrong.
Everyone is being taught to make passwords that look like this:
A) #b0b8y86! -Massive Cracking Array ScenarioAssuming one hundred trillion guesses per second) 6.00 minutes
When a better and easier password to remember would be something like this:
B) bobbywentforawalk - Massive Cracking Array ScenarioAssuming one hundred trillion guesses per second) 3.75 centuries
(I used this site to work out entropy: https://www.grc.com/haystack.htm )
Password A is complicated, hard to remember and difficult to type on some devices and easy to be cracked. Password B is not complicated, easy to remember, easy to type and difficult to be cracked.
This is how I now teach people when creating passwords. Think of an easy to remember sentence.
Security sources often site using different passwords for different websites as a best practise when it comes to security. However, this is often not plausible as it can get difficult to remember a single long password, yet alone many.
A close friend of mine once shared his wisdom with respect to using a unique password per site to avoid reusing a single password, which I will now share with you.
The idea is simple and two fold -
- generate a long (8 digits+) sequence of random digits - and LEARN IT OFF BY HEART!
- devise a simple algorithm you can derive from the website (normally its name) and append/prepend/augment small changes to the static password learnt in (1).
Now lets devise a working example to elaborate the idea:
Algorithm: Take the number of characters in the name of the website and prepend it to the random sequence. Take the first letter of the website and append it to the random sequence. This is your unique password for the website.
Unique password: 11kjHh_36Ia)m
And there you have it - unique passwords for every website - simple to remember (you still only have one password) and easy to derive at login time.