Jump to content

Are Your Passwords in the Green?


pondus

Recommended Posts

  • Root Admin

For a quickie that you're not going to keep the password, I like this link as it's always been quick and easy to use. I click the 80 on top then use the Random base-94

2023-06-23
NOTE: This link has been updated and now supports 128 bit instead of just 80 and provides a 20 character password

https://ae7.st/g/index.html

Example:  %]5\-Hg-[?$z_

image.png

That is a 13 character password and it almost validates in all categories using this verification page from this site below. It missed on the repeat dash -

UIC Academic Computing and Communications Center - University of Chicago

https://www.uic.edu/apps/strong-password/

image.png

 

A more realistic password would be to use one from a Password manager as recommended, but perhaps manually adjust it for testing until it does pass all tests (then manipulate some characters offline)

I'd recommend a minimum use of 20 characters which makes it even more difficult for any password generator to create a password that does pass the criteria from the test above.

As an example, this 20 character password from LastPass does not pass the criteria

Xku^AW8MaoKG2p@ELtRm

image.png

 

image.png

 

Even with my favorite program Keepass - it took 3 different passwords to pass all criteria

'Cy4+_Y-7w5<=.\9!(@J

image.png

 

One of the better password generators online that I've found was Password Generator Plus but it too has trouble passing all criteria for the UIC test page.

https://passwordsgenerator.net/plus/

image.png

 

Considering that Keepass is free and open source and is about the only program I've found so far that can at least tackle a 20 character password

and pass, just not on every try, I think it is still a great tool to use for making good passwords, but any of the big players such as 1Password, Bitwarden etc. should be able to

create a good strong password too. The key is that it's very difficult to securely be online without using a password manager today.

 

1Password has none, KeePass has none... So why are there seven embedded trackers in the LastPass Android app?
https://www.theregister.com/2021/02/25/lastpass_android_trackers_found/

 

Password Managers Compared: LastPass vs KeePass vs Dashlane vs 1Password
https://www.howtogeek.com/240255/password-managers-compared-lastpass-vs-keepass-vs-dashlane-vs-1password/

 

With the advent of ChatGPT and similar AI and with Quantum computers on the near horizon password length needs to be reconsidered soon.

I've pretty much transitioned to using a 20 character password for most places that will allow it and up to a 36 character password for my password manager.

Old article but you get the idea.

Post-Quantum Cryptography: A Q&A With NIST’s Matt Scholl
https://www.nist.gov/blogs/taking-measure/post-quantum-cryptography-qa-nists-matt-scholl

 

Group-IB Discovers 100K+ Compromised ChatGPT Accounts on Dark Web Marketplaces; Asia-Pacific region tops the list
https://www.group-ib.com/media-center/press-releases/stealers-chatgpt-credentials/

 

 

 

Edited by AdvancedSetup
Updated info
Link to post
Share on other sites

  • 1 month later...
  • 4 months later...
  • 9 months later...
  • Root Admin
31 minutes ago, David H. Lipman said:

 

ROFL I remember a 32 and a 36 character password similar in structure. I trained myself to use it from memory.

Odd though that there is some portion of muscle memory involved too as it's difficult for me if I'm using another keyboard on someone else's system.

 

Link to post
Share on other sites

  • 3 months later...

There's no response icon for "scared." 😬This one will have to do.

I'd really like to make the leap, even though my own brain generates excellent passwords. I've tested. They've come up a notch since being on the forum, so there's that.

I'm afraid of generators suddenly going down, or the site being hacked.

But my biggest concern is learning the process. I have a hard enough time with fixing little things. The thought of not being able to get into EVERYTHING because of some anomaly is too much for me. Maybe I can be convinced.

Link to post
Share on other sites

  • Root Admin

The generation of the password is not the concern when it  comes to getting back in @NewTricks

It is the storage of that password in a secure program so that one can get back to it in the future.

I actually have a PIN for AT&T that has not changed in well over a decade. I have that stored in the same password manager as my password. Just used it a couple of days ago when I had to contact them.

 

Link to post
Share on other sites

When I clicked on the Download button on the MB page, it gave me the same .exe file I already have.

1. To access that particular feature, what would I need to do differently?

2. Is there a setting already in MB (the one that appears on the desktop) to link to that somehow?

3. Or would I need to wait until my present premium subscription renews?

Link to post
Share on other sites

  • Root Admin

Too little

image.png

 

Too much for most websites

image.png

 

A 20+ character, strong password should be more than sufficient even for quantum computers unless something more comes of them than currently expected.

However there is no harm in having a 25 or 30 character password as your default if sites you deal with support it. By default our password generator creates a 24 character, strong password.

 

 

 

  • Like 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.