- Go Here: http://www.wolframalpha.com/
- In the search and type Password X Characters (Substitute X with however many characters you want your password to be)
- You can use the “specific password rules” to change how the password is formatted (if it has special characters, upper case, lower case, etc.)
using a 3rd party to generate your passwords for you?
LOL
SHIT that thing guessed my password. Crazy. It is/soon to not be *********
Edit: wow, if you type your password the forum automatically replaces it with asterisks. Cool.
I knew that was coming…I’ll take the third party over watching someone type in 1234
Yea generate some 16 character long random password you can’t remember.
However make sure you leave the sticky note under your keyboard
I forget about those, I tape it to my monitor. I can memorize pretty well, so a 15 character password wouldn’t be too hard. I have VLKs memorized for various products.
It knew my password too it was @71is@69w/2f1ng3rSupTH3@$$
With centralized logins like AD/Radius/TACACS having to remember one password isn’t that bad…
However with single login I really like using two factor auth.
We really only have 2 factor for our encrypted machines.
Using a multiple word phrase with mixed cases, a special character, and a number are pretty fucking secure.
I’ve done the whole randomly generated password thing before, it fucking blew.
Protip: None of you have anything important enough to hide behind a 16 character super password.
oh yeah, you’re right. I work at a top-10 in the national hospital with access to PHI of every patient. That’s not important to protect.
My thought process was this a lot of companies tie their AD to everything radius/tacacs/databases/everything
If some how user gets hacked and logs into webmail remotely with a keylogger on their machine you’re pretty much fucked :lol:
lol… I write the software that does secure uploads of about 500 credit union’s data. Name, address, SSN, account numbers… nah, I’ll stick with simple passwords.
DoD says differently?
Hahaha… nice try btw.
Protip: You’re a noob.
Speaking of things that are leet long passwords
and hacking companies that can issue certs for domains
Yeah, M$ JUST got around to patching the Zune not too long ago to cover those bogus certs that got released not too long ago.
Our laptops are encrypted and use 2 factor authentication to protect student data. If it gets compromised we have to pay for credit monitoring for (2 years I think) for any students who might have been on the laptop. As a domain admin I like to keep my passwords lengthy.
Almost anything can be compromised, and I’m sure Network Security professionals could point out flaws in any one of our businesses.
dasd$3rfd@ is not a secure password.
R3@llyC00l is not a secure password.
redhorsepilotcanyon is more secure mathematically. also, based on general public, companies that require 8-10 letter “complex” passwords leave their users to write them down on a pad of paper next to their desk. companies that do not allow long passwords are less secure than the admin making password rules like the following list I have seen:
no repeating letters
must contain letter, number, and symbol
must not be one used the last 10 times
must start with a capital letter (this itself makes the first character only 26 guesses)
Also, certs are only as trust worthy as the providers of them. The best security that is used at high level banks is client certs that are all based on machines and issued on an internal CA. Hell, the Iranian government was issued certificates to man in the middle all the Google sites recently.
Also, if you have no account locking on failed login attempts, you deserve to be hacked.
Part of the reason random characters are used is when cracking hashs with rainbow tables those add a lot to the size of the table.