| reply to Name Game
Re: Largest-ever password study: We are all idiots said by Name Game:Like that  Reminds me of this one
»www.makeuseof.com/tech-fun/chang···ncorect/
When first joining this DSLR Security Forum..each name that I tried to join seemed to be taken...out of frustration decided it was all just a name game...that worked.
Do what I do, anywhere I go on the internet I generate random fake information. I don't think I have used my real information for nearly a decade. But the best part, you can use this to make handles on forums and such.
»www.fakenamegenerator.com/
Lets see, today I am;
Dale M. Williams
492 Werninger Street
Houston, TX 77036
Phone:
832-685-2921 |
|
davePremium,MVM
join:2000-05-04
not in ohio
kudos:8 | Oh noes, teh Internets know my name is "dave"  |
|
 StuartMWWho Is John Galt?Premium
join:2000-08-06
Galt's Gulch
kudos:2
 ·CenturyLink
| reply to PrivacyExprt
And everyone knows I'm Stuart except I'm not sure that's my real name I may or may not exist. I haven't decided yet.
--
Don't feed trolls--it only makes them grow! |
|
StuartMWWho Is John Galt?Premium
join:2000-08-06
Galt's Gulch
kudos:2 Reviews:
·CenturyLink
| reply to dave
said by dave:I think only insignificant states still have 7-digit dialling
Not to mention that anyone with a cell phone dials 10 digits for local and long-distance calls. So for most people numbers are 10 digits unless you use two tin cans
--
Don't feed trolls--it only makes them grow! |
|
StuartMWWho Is John Galt?Premium
join:2000-08-06
Galt's Gulch
kudos:2 Reviews:
·CenturyLink
| reply to Mele20
said by Mele20:Anyway, what in the world does someone's phone number have to do with password security?
Because some people use their telephone number as a password. Not you, not me, and not many here but I've known people that did.
--
Don't feed trolls--it only makes them grow! |
|
|
|
 Name GamePremium
join:2002-07-07
North Myrtle Beach, SC
kudos:7
1 edit | reply to dave
said by dave:Oh noes, teh Internets know my name is "dave"
And we also know why you are not in ohio
»m.imdb.com/title/tt0062622/quote···t0396921
You should not have lost your pen dave !
--
Gladiator Security Forum
»www.gladiator-antivirus.com/
|
|
 dosdoxiesPremium
join:2004-12-15
Wallingford, PA | reply to dave
said by dave:I think only insignificant states still have 7-digit dialling
OUCH! |
|
 rcdaileyDragoonflyPremium
join:2005-03-29
Rialto, CA
 ·RoadRunner Cable
| reply to StuartMW
Yeah, but if the call is to a phone in the same area code, you can let the cell phone add the area code automatically so you don't have to actually enter all 10 digits, at least that's how it works with T-Mobile. Maybe your company is more technologically challenged.
--
It is easier for a camel to put on a bikini than an old man to thread a needle. |
|
StuartMWWho Is John Galt?Premium
join:2000-08-06
Galt's Gulch
kudos:2 Reviews:
·CenturyLink
1 edit | The discussion whether phone numbers are 7 or 10 digits is entirely irrelevant to the point of my post.
rcdailey  claims to be in Rialto, CA. A simple Google search says phone numbers there start with 909-875.
If I know that information and suspect that the password is a phone number I have 10,000 (0000-9999) numbers to try whether a 7 or 10 digit password was used.
909-875-xxxx
or
875-xxxx
In short don't use a telephone number for a password as it is likely very easy to crack.
BTW, since someone will point it out, I know some places have multiple exchanges and/or area codes. That may add a 2-10x factor to the number of possible combinations but it doesn't change my point.
--
Don't feed trolls--it only makes them grow! |
|
 DrDrewSo that others may surf.
join:2009-01-28
SoCal
kudos:10 | reply to rcdailey
said by rcdailey:Yeah, but if the call is to a phone in the same area code, you can let the cell phone add the area code automatically so you don't have to actually enter all 10 digits, at least that's how it works with T-Mobile. Maybe your company is more technologically challenged.
It totally depends on if the area code is in an overlay area, in which case 10-digits are required per the FCC
Since the overlay of the 442 area code, to call ANY one in the 760 area code, you need to dial 760:
»www.keep760.org/area-code-760-faq/
So I can't dial my next door neighbors without dialing the area code.
Guess it makes up for my childhood when I only had to dial 4 numbers to call my neighbors.
--
If it's important, back it up... twice. Even 99.999% availability isn't enough sometimes. |
|
KearnstdElf WizardPremium
join:2002-01-22
Mullica Hill, NJ | reply to antdude
biggest problem with passwords and its only getting worse is we need more and more of them. by human nature we use things that are familiar and that means massive reuse of PWs.
Though at home if nobody else lives there I imagine a password notebook is just fine. At work its a bad idea. Though I know of many people that have multiple apps and different PWs only remember their NT password and then have a doc on their desktop with the rest.
--
[65 Arcanist]Filan(High Elf) Zone: Broadband Reports |
|
TheMGPremium
join:2007-09-04
Canada
kudos:2 | said by Kearnstd:biggest problem with passwords and its only getting worse is we need more and more of them.
It is definitely getting to be a problem.
This is why I use a tiered system of high, medium, and low importance passwords. High importance password is used for stuff like online banking. Medium importance for stuff like personal email, computer login, etc. Low importance for disposable emails, forum/website accounts, games, etc.
Every password within each tier is the same except for a few characters specific to the service it is used for.
There's just no way I can remember 50 completely unique passwords, especially since a lot of them I don't use very much. I figured the above method was a good balance between ease of remembering and security. |
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | reply to vaxvms
said by vaxvms:said by Mele20:Huh? Phone numbers in the USA are SEVEN digits not 10. 10 is for long distance and that is not your phone number which is 7 digits.
In the USA state of Massachusetts a phone number is 10 digits. All phone calls, local or long distance, within the state require the area code to be dialed. Why would you need to dial a long distance PREFIX in order to dial a local number? Here "local" is this entire Big Island. Calling another island now requires 1 plus the Hawaii area code. I never remember that and get an error on the first try (I don't remember because I seldom call numbers that need the prefixes). But that is required only for some calls to other islands. Many, you just dial a seven digit number even though it is not a local prefix.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
StuartMWWho Is John Galt?Premium
join:2000-08-06
Galt's Gulch
kudos:2 Reviews:
·CenturyLink
2 edits | said by Mele20:Why would you need to dial a long distance PREFIX in order to dial a local number?
My guess its because in most major US urban areas the number of numbers exceeds that possible with 7 digits so multiple area codes are required. If you're in such an area the only way to differentiate two identical 7 digit numbers is via the area code. That code is therefore required all the time (10-digit dialing). I know its been like that in the Dallas-Fort Worth area for over a decade.
I've also lived in an area where sometimes a 7-digit number was sufficient but other times all 10 digits had to be used. However the area code was the same in both cases. Then sometimes you had to use the '1' for "long-distance". Like you I could never remember the rules and would just redial until the call went through.
I now live in an area where 7-digit dialing would work if I had a land-line which I don't. Therefore all calls I make, even the ones across the street, require me to dial 10 digits.
FYI with the popularity of cell phones, VOIP etc "long-distance" has little meaning these days. I never have to use the '1' with my VOIP line or my cell. I do have to dial all 10-digits though.
Also I live in an area where tourism is the main business. I'm therefore amused when businesses have signs only showing the local 7-digit number. Visitors to the area probably don't know the area code and most likely need it to call (e.g. from a cell). I've always wondered how many calls they get.
--
Don't feed trolls--it only makes them grow! |
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | reply to StuartMW
said by StuartMW:In short don't use a telephone number for a password as it is likely very easy to crack.
It would be easy to crack if you knew or suspected that your victim had the original or or second prefix for that area ...or even if they had the 5 or 6th prefix. If your victim has lived at the same location for many years, and you know this, then it is even easier to crack if you also know the order in which the prefixes beyond the original one were added and the mapping for them.
But using the internet for this is fraught with mistakes. This site
»area-code-locator.findthedata.or···/HI/Hilo
has completely erroneous information. The first page of prefixes and to which town they belong is completely wrong. I can't check beyond the first page as the second page won't load (hangs the tab) which may be due to my very poor present connectivity.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
DrDrewSo that others may surf.
join:2009-01-28
SoCal
kudos:10
2 edits | reply to Mele20
said by Mele20:said by vaxvms:said by Mele20:Huh? Phone numbers in the USA are SEVEN digits not 10. 10 is for long distance and that is not your phone number which is 7 digits.
In the USA state of Massachusetts a phone number is 10 digits. All phone calls, local or long distance, within the state require the area code to be dialed. Why would you need to dial a long distance PREFIX in order to dial a local number? The long distance PREFIX is 1, not the area code. An area code is a code assigned to a geographic area and some have more than 1. In those cases of multiple area codes OVERLAYED on top of each other 10 digit dialing is required, but not the long distance prefix of 1 since it's local. Meanwhile some areas are so big even within the same area code a call can be long distance, in those cases both the area code and a 1 prefix are required: » en.wikipedia.org/wiki/Overlay_area_code» www22.verizon.com/residentialhel···6496.htm» www.att.com/esupport/article.jsp···SWMoCAXlHere's a list of area codes with overlays, meaning those areas have mandatory 10 digit dialing: » en.wikipedia.org/wiki/List_of_ar···overlayssaid by Mele20:It would be easy to crack if you knew or suspected that your victim had the original or or second prefix for that area ...or even if they had the 5 or 6th prefix. If your victim has lived at the same location for many years, and you know this, then it is even easier to crack if you also know the order in which the prefixes beyond the original one were added and the mapping for them. It's kinda silly that someone is writing this "discovery" about the correlation between passwords used and phone numbers during an overall explosion of telephone number growth due to cell phones and VOIP services. Especially when those numbers are less bound to area codes and exchanges than ever before since number portability rules came into effect years ago. Personally, I have 4 phone numbers that will reach me at the desk I'm sitting at, each with a different area code and exchange. Knowing the area code and exchanges of users' locations to help crack passwords seems much less important than ever. Maybe 10-15 years ago it was a much bigger risk. --
If it's important, back it up... twice. Even 99.999% availability isn't enough sometimes. |
|
| reply to antdude
My pardon as I am late to this thread and have not read all of the posts so I hope that I'm not repeating something all ready said.
With that said, I did read the linked article. Frankly I was unimpressed with the content.
Essentially it implies that Joe Home User is some high priority target and that the fools are akin to standing in one place constantly and therefore dramatically increasing their chance of being struck by lighting. If they were only savvy they would dramatically reduce their chance of being struck if they move randomly between three spots instead of staying in that one spot thereby dramatically reducing their chance of being struck by that bolt.
The author of the article may have with their mind some really good information that is both true and dramatically useful in the real world but they have failed to convey it in the article.
Just my opinion. But then I'm a simple person who in 15 years of living on the Internet has never had any genuine or serious problems. |
|
 Link LoggerPremium,MVM
join:2001-03-29
Calgary, AB
kudos:3 | reply to antdude
There is no need for bad passwords as really its something you really don't need to remember anymore if you use a password manager like Keepass so go ahead and try to guess mine (I just changed it from:
Hs>b`EpVKo@1@#Qun!R=o:bg BUt=q=VJ(k}SO[R&6gj@t5
Hell I certainly don't know my passwords, but copy/paste works for me and as long as I can remember my one password into Keepass I'm good to go. Poor passwords trump good security every time, so don't make it easy for hackers to guess your password (thats not hacking), make them actually have to hack the system (make them earn the title of hacker).
Blake
--
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool |
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | But what if your immense trust in Keepass proves unworthy? Then you are up shit creek. I've been there/done that. Never again.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson |
|
Link LoggerPremium,MVM
join:2001-03-29
Calgary, AB
kudos:3 | said by Mele20:But what if your immense trust in Keepass proves unworthy? Then you are up shit creek. I've been there/done that. Never again. Given there isn't a published hack for Keepass the only way they could hack me was to have a key logger on my computer to get my Keepass password, but if they are already on my computer, then I'm already up shit creek as they could get all my passwords just logging my system and never even have to go after Keepass.
Blake
--
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool |
|
