Just a little something about secure passwords. (Wallets & Online services)

[Kprawn]

Source : https://gizmodo.com/the-guy-who-invented-those-annoying-password-rules-now-1797643987

So, we have been using all those case sensitive passwords with all those symbols and numbers and it was not the most effective way to secure your

wallets or online services.  

Do you agree with this article about passwords and would you change your password to a longer password with a combination of random words to

increase the entropy? Luckily I love long complex passwords, so I am relatively safe either way. 

Let's discuss.

[1713487721]

1713487721

[1713487721]

1713487721

[1713487721]

1713487721

[1713487721]

1713487721

[1713487721]

1713487721

[Mashfiqun]

I don't use passwords like these but I think you're good to go as long as you use different passwords on different sites, use 2FA everywhere possible, do not store any sensitive info online and so on.

[GSpgh]

Not much to discuss, it was obvious for a long time. I used to work as a sys admin (glorified user support really) and was fighting middle management all the time because they wanted users to have complex passwords and change them every 90 days so of course everyone's password was on a post-it. Then they made a policy "no post-its on monitors" so post-its ended up in drawers, on flower pots, and so on.

[nakamura12]

I don't use passwords like these but I think you're good to go as long as you use different passwords on different sites, use 2FA everywhere possible, do not store any sensitive info online and so on.

It'd not the only way to have a very strong password though. Storing passwords online is not the best way either. We could use so.e password managers though to help manage our passwords and which account uses that password plus it could also save the password if you ever forgot one of your passwords. Also, changing password from time to time could also help.

[jackg]

@GSpgh that sounds about right!

I remember my bank saying you have to pick a secure password for them to refund you if you get hacked and then limited you to 14 characters (so it wouldn't be secure or memorable because the only passwords I can remember that are like this are WiFi passwords and even then they aren't secure)...


https://youtu.be/3NjQ9b3pgIg - is a good watch, computerphile (a professor from Nottingham University) tells you how to do this with dice rolls. Or you could just use electrum to get a 12 word seed.

[BigBoom3599]

Just pick up a dictionary, choose out a couple (>4) random words, and you're good to go. Easy to remember and quite secure. Secure passwords don't have to be hard 
Once you have that, get a password manager, don't reuse passwords and use 2FA where possible.

Not hard and you've just increased your security by a massive amount. 

[GreatArkansas]

Do you agree with this article about passwords and would you change your password to a longer password with a combination of random words to

I agree with this but not all long passwords are secure, the combination of random letters/numbers still matter.

Try to check this thread of mine :
[GUIDE] How to Create a Strong/Secure Password
There's a guide on how we can create a strong yet secured passwords on our every accounts. It is also stated about using password managers, much secure or much better if we have lot of different complex password.

[Thirdspace]

Do you agree with this article about passwords and would you change your password to a longer password with a combination of random words to

I agree with this but not all long passwords are secure, the combination of random letters/numbers still matter.

I second this opinion, number and punctuation increases password strength
I believe longer password with common random words would be the same complexity as short uncommon word

Luckily I love long complex passwords, so I am relatively safe either way. 

you can't call it complex if you just use a few random dictionary words
I think we still need to add some symbols and/or number to make it a bit complex
I prefer to use my own created words combination of dictionary words
for example, correct horse battery stapple, becomes corse9&batple

[Stedsm]

While you're all talking about using secure and strong passwords, I'd like point out something different here. Don't ever use your web browser's suggested passwords and/or any web services that claim to give strong passwords because if you have your email compromised ever that you've used in it to sync everything, trust me you'll cry later why did you do that as it'll reveal almost each and every one of your saved passwords in your web browser, and in the case of web services password creations, you'll have all your strong passwords leaked except if you've 2FA enabled (although if it is email specific, then there's no point talking this).

My suggestion is to use a unique password for each and every website that you use because if you relate the same password at one or more websites and if any of them get hacked, chances are you may face multi-hacks if the hacker is smart enough to sense the websites you've put those passwords at. Another good advice is to use super-strong passwords, by saying that, I literally meant super-strong. Even if you don't want to follow any seed or 3-4 words and create a sentence considering you've got remembrance issues and you don't like long passwords, go for one with a mix of almost everything you see available on your keyboard, trust me it's not just limited to characters and numbers, but a lot more different things like special characters, characterised smilies and even more mathematical symbols than just numbers. Lemme show you how I create passwords for myself and you may get some idea -

#₿!1¢0!π1@|[{∆
:*'($#!1@01π*\0/*

I hope you got the idea there, and are smart enough to get what I've written here in those passwords.

[DdmrDdmr]

I’ve given up trying to commit to memory all the different passwords for multiple sites. Lately I was finding myself having to use the "remind me my password" feature, which sometimes did, and often forced me to change the password. I still commit the important ones to memory, but for all others I’ve summited to Keepass.

What I have encountered lately is that many sites are not prepared for long passwords, and do not even announce the limit properly. What I then do is shorten the Keepass generated password (multiple options there) until I find one that meets the desired length, or tweak it with additional special characters at my will.

[tbct_mt2]

I’ve given up trying to commit to memory all the different passwords for multiple sites. Lately I was finding myself having to use the "remind me my password" feature, which sometimes did, and often forced me to change the password. I still commit the important ones to memory, but for all others I’ve summited to Keepass.

What I have encountered lately is that many sites are not prepared for long passwords, and do not even announce the limit properly. What I then do is shorten the Keepass generated password (multiple options there) until I find one that meets the desired length, or tweak it with additional special characters at my will.

Keepass is a good to go but Bitwarden is a good alternative for one who don't want to use Keepass.
Bitwarden: https://bitwarden.com/

It is good to keep most important things in memory while still have backup for them because no one knows what will happen with us someday.
Absent-minded, loss of partial memory as adverse effects from heart-strokes, anything can happen and to be safe, backups are vital.

For most important things:
- If we lose them in our memory, let use backups.
- If we lose backups, let use our memory.

[hatshepsut93]

This is a decent method if done correctly, but you shouldn't be using it all the time. Today every person has dozens of account on the web, and there's also many other passwords like system passwords, encrypted folders and so on. Realistically, people should remember only a few the most important passwords, and the rest should be created and stored by a secure password manager.

[jseverson]

Strong passwords are important, don't get me wrong, but I don't think people should overthink it this much. Pretty much every platform knows about brute forcing by now, and thus have countermeasures against it. Heck, even phones nowadays force lock after a few attempts. A reasonably long and complex password should be enough protection for nearly everyone.

It's far more important to be aware of how hackers actually attack nowadays, like using database leaks, phishing, SMS spoofing, etc. Not reusing passwords, being vigilant against phishing attacks, and using proper 2FA methods can protect you a lot more than even a 1000-character long password could.

As an addendum, I see far too many people using information available in public as their security question answers. Be mindful of what you share in social media because they could be used to reset your passwords lol.

[hd49728]

I agree that security options as preventive waya to retrieve password when you forget it or any other reasons, is very blind way to secure accounts or devices. Because most of available questions related to personal identities so if hackers back your one of your accounts or compromised devices, they probably know answers for secret questions too.

Using strong passwords and don't reuse them over platforms are better.

[agentx44]

Source : https://gizmodo.com/the-guy-who-invented-those-annoying-password-rules-now-1797643987

So, we have been using all those case sensitive passwords with all those symbols and numbers and it was not the most effective way to secure your

wallets or online services.  

Do you agree with this article about passwords and would you change your password to a longer password with a combination of random words to

increase the entropy? Luckily I love long complex passwords, so I am relatively safe either way. 

Let's discuss.

It is very important to find a strong password for your wallet and accounts because it will actually determine the safety and security of your private rights. You can follow the steps given but make sure you have a note somewhere which you can take a look at whenever you are getting confused or accidentally forgot it. It can help in many ways but your main priority should always be your discipline upon yourself in terms of your investments and the money you are earning. Try finding a trusted platform too so that you don't have to worry that much with your savings or holdings.

[panganib999]

2FA is the way to go tbh. Yes, Strong passwords are essential but the combination of a strong password and 2FA is what brings out the most in your security. But in the end, passwords are strings of text that are essentially easy to remember by heart. Picking out 4 random words may prove to be harder for most users to even memorize. Companies, yes, must use these kinds of passwords since company information is a lot more important than anything else in their line of business.

[hatshepsut93]

2FA is the way to go tbh. Yes, Strong passwords are essential but the combination of a strong password and 2FA is what brings out the most in your security. But in the end, passwords are strings of text that are essentially easy to remember by heart. Picking out 4 random words may prove to be harder for most users to even memorize. Companies, yes, must use these kinds of passwords since company information is a lot more important than anything else in their line of business.

2FA is great (unless it's SMS-based), but it's not always available.

There's actually not much difference between memorizing 1 word and 4 words if you are using the password frequently (e.e., every day when you sign in to your email account). And if you don't repeat your password frequently, you will forget it even if it's some short word. This is why people reuse their passwords so often.

But you are wrong that only companies should use secure passwords, with tools like passwords managers every person can easily achieve high password security, so why not do so if there's no downsides to it? Getting your accounts hacked is never good, even if you won't lose money, you will lose your time and be quite frustrated.

[hd49728]

There's actually not much difference between memorizing 1 word and 4 words if you are using the password frequently (e.e., every day when you sign in to your email account). And if you don't repeat your password frequently, you will forget it even if it's some short word. This is why people reuse their passwords so often.

Correct! If we usually log in our accounts we will do remember them very well. Your reply reminds me that in the past, before the evolution from smart phones (started with iPhone, of course) people - me too, remembered phone numbers very well. It is naturally because we have to press numbers manually when dialling. Now, with smart phones we don't have to do this so I think most of us don't remember phone numbers of the others (few exceptions for very important people with us).

Changing passwords frequently is not the thing should do.

Because it will leave a messy memory in our brains. When we lose password backups, we will face challenges to remember passwords. Far old, recent old, and last passwords mess up in our brains.

But you are wrong that only companies should use secure passwords, with tools like passwords managers every person can easily achieve high password security, so why not do so if there's no downsides to it? Getting your accounts hacked is never good, even if you won't lose money, you will lose your time and be quite frustrated.

Passwords softwares like Keepass or Bitwarden are good ones for people who seriously care about their password security.

[mk4]

tldr; people should just use password managers and use passwords that are generated from there, with the maximum amount of characters possible(depending on the website you're registering on. Some still have a maximum of 20 smh). Along with this, in-app(non SMS) 2fa. Doing both alone is going to make your accounts secure enough as long as your password manager's master password isn't easy to crack in the first place.