Contribute
Register

How secure are your passwords ?

Status
Not open for further replies.

trs96

Moderator
Joined
Jul 30, 2012
Messages
25,469
Motherboard
Gigabyte B460M Aorus Pro
CPU
i5-10500
Graphics
RX 570
Mac
  1. MacBook Pro
  2. Mac mini
Mobile Phone
  1. Android

TL;DR​

If you're foolish enough to use "123456" "qwerty" or "password" as your password for any site you will likely be hacked and deserve to be hacked. If you are using any of the "top ten" passwords below (post #3) change them immediately. If you're using a password you can easily remember it's probably not secure enough. Use a password manager that securely encrypts the long, complex passwords you set for websites you visit. Making it 10 characters long is ideal.
____________________________________________________________________________________________

Transitioning to a new password manager recently. I'm giving Bitwarden a try. I have a lot of saved sign in usernames and passwords for multiple websites. I also try when possible to use a unique username instead of my email address. If you use the same email for all of your sign in usernames, that is also putting you at greater risk.

I decided to look at my old passwords and test them out for security. All of these I put in are complex, a mix of numbers, letters, special characters and capital letters. What I found is that any password of 8 characters or less is really easy to crack these days. Even if it's not a word in the dictionary or your pet's name. The biggest mistake, other than using easy to guess passwords, is creating passwords that are simply too short to be effective.

Here's an example of a complex 6 character password: j%K42n

No one could guess that right ? With a fast computer and the right software.....

A 6 Character password can be cracked in 5 seconds.

Screen Shot 22.jpg


8 Character passwords are not much better. Just 8 hours.

Screen Shot 24.jpg


You should be OK with a 10 character, complex password.
5 years is a long time to crack one of these. If you change your
passwords at least once a year, nothing to worry about.

If you're using "mypassword"as your password though, it will be
cracked in seconds, not days or years. Some people actually use this.

Screen Shot 25.jpg


For really paranoid people, make it 11 characters and you've got nothing at all to worry about.

Screen Shot 26.jpg


If you need a password you can remember then a passphrase is best in that situation.
Here's an example of a randomly generated passphrase. Give one a try. Length makes
a very large difference in how hard it is to crack. Each word should be at least 7 letters.

Screen Shot 16.jpg


Take home point, make your important banking, shopping, personal medical info passwords at least 10 or more characters with a mix of letters (capital/lowercase), numbers and special characters.
 
Last edited:
If you are looking for a password mgr. that is free and works across multiple devices, including your Smart Phone, then have a look at Bitwarden. Please stop reusing the same insecure passwords across multiple websites. Breaches happen all the time and then you're really in trouble if you do this. Also important to change passwords often. This is what makes a password manager a necessity these days. Makes your online life a lot easier and stress free.


 

TL;DR​

If you're foolish enough to use "123456" "qwerty" or "password" as your password for any site you will likely be hacked and deserve to be hacked. If you are using any of the "top ten" passwords below change them immediately. If you're using a password you can easily remember it's probably not secure enough. Use a password manager that securely encrypts the long complex passwords you set for websites you visit.

Most common passwords: latest 2021 statistics​

With the increasing number of data breaches, taking care of your passwords is as essential as ever. One of the key elements of a strong password is its uniqueness. Therefore, today we present the most commonly used passwords & phrases used in passwords by people around the world.

The CyberNews Investigation team was interested in what kind of most common password patterns everyday people were using in creating their own passwords. We collected data from publicly leaked data breaches, including the Breach Compilation, Collection #1-5, and other databases. We then anonymized the data and detached the passwords so that we could look at that data in isolation and find the most popular passwords and phrases used.

In total, we were able to analyze 15,212,645,925 passwords, of which 2,217,015,490 were unique. We discovered some interesting things about the way that people create passwords: their favorite sports teams, cities, food and even curse words. We could even deduce the probable age of the person by looking at which year they use in their password.

As the data came in various forms, we filtered the results to only include terms that we could make sense of, and from which we could gather some insights.

The top 10 most common passwords worldwide:
  1. 123456
  2. 123456789
  3. qwerty
  4. password
  5. 12345
  6. qwerty123
  7. 1q2w3e
  8. 12345678
  9. 111111
  10. 1234567890
From: www.startupson.com/most-common-passwords-latest-2021-statistics/
 
Last edited:
If you need help in creating strong, complex passwords, try this generator to make some up.


Make sure your Amazon.com password is long and complex. That site has hackers constantly attempting to sign in to accounts that they don't own. Also be aware of Amazon email scams. See below.

 
Last edited:
Here's examples of some passwords that popular sites let their users get away with.
The third one, a passphrase is actually the best of the three.

Screen Shot 22.jpg
 
Great summary :thumbup:

Another pitfall is exporting data to import into a new password manager. Nearly all utilities I've seen offer CSV file format which is fairly easy to work with but ... a disaster waiting to happen as plain text can be recovered from a disk even if deleted.

Last time I did this I exported to a USB stick and read it from there. then, once imported, secure-wiped the stick. I just have to hope no cache file was involved, but if File Vault is active, shouldn't be a problem I'm guessing.

Do you know of any other ways of secure importing if the destination does not recognise the export file format?
 
Last time I did this I exported to a USB stick and read it from there. then, once imported, secure-wiped the stick. I just have to hope no cache file was involved, but if File Vault is active, shouldn't be a problem I'm guessing.

Do you know of any other ways of secure importing if the destination does not recognise the export file format?
You can always encrypt SSDs and use an extremely long password. Most brand name Flash drives like SanDisk offer encryption software specific for their product. After exporting the CSV to a flash drive, you can be extra safe by then changing the most critical passwords (online banking etc.) after the import is done and the new PW manager is functional.

Or take a tip from Google themselves. They completely shred all the 3.5" HDDs that have formerly run in their servers. Then there is zero chance of anyone accessing sensitive data that they've stored. Zero liability is what they want.

Google uses much bigger and more expensive machines than shown in this video but you'll get the idea.


For individuals like us that don't have access to expensive HDD shredding machines there are other simple alternatives.

 
Last edited:
1Password 7 for Mac

You can try this free and if you like it, the cost is just $2.99 per month. A good security investment if you bank, shop and invest online. Give it a try and see what you think. https://1password.com/sign-up/
Screen Shot 2021-03-20 at 7.08.14 AM.png


How about just using the Mac keychain app ?

Apple hasn't updated this in years and it's questionable whether the security is adequate. I wouldn't trust it in the current state it's in.

 
Last edited:
1Password 7 for Mac

You can try this free and if you like it, the cost is just $2.99 per month. A good security investment if you bank, shop and invest online. Give it a try and see what you think. https://1password.com/sign-up/
View attachment 512788

How about just using the Mac keychain app ?

Apple hasn't updated this in years and it's questionable whether the security is adequate. I wouldn't trust it in the current state it's in.


1Password can be used without paying the subscription. I purchased the iOS version of the app years ago and have been using it since without the need to subscribe to anything. I just sync to my Mac.
 
Status
Not open for further replies.
Back
Top