Mint Hack Has Me Rethinking Passwords

[michael diemer]

Ever since the Linux Mint forum was hacked, and forum members' passwords were potentially compromised, I have been thinking about passwords. Like most people, mine probably aren't up to snuff. For example, I just learned that router passwords should be 25 characters. And the old 12-character "strong" password is no such thing anymore. So, I was just curious, what do folks here think about this? What about password managers? Password "bases" (where you have a set sequence of characters, plus unique ones geared to a particular site)?
And so on. Any thoughts?

 

[Barman58]

When it comes to cracking a password using the normal brute force method adding any character in numbers increases the security password.......... is much stronger than password because the software has to try every character in the password the same number of times so more the merrier.

Another good one is to include a number in the password but use the Shift Key when entering it so 12345 becomes !"£$% but is still memorable try "$^*).....,,,,,*^$" Which is entered as Shift+ 2468 ..... ,,,,, Shift+ 8642 and is good against brute force and pattern recognition

 

[ThrashZone]

Hi,
In the forums hack it wouldn't matter what password you used because it was stored in the website
You could of use 100 characters and it wouldn't of mattered if the website is hacked

 

[michael diemer]

Barman: I have devised a 19-character p/w that I could use as a base, plus the unique characters for specific sites. But it's hard to remember. Actually, impossible. However, I can mentally generate it, since it's based on something (three patterns that only I could know). So I think it's safe, unless it's too short for the brute force method.

 

[michael diemer]

Hi,
In the forums hack it wouldn't matter what password you used because it was stored in the website
You could of use 100 characters and it wouldn't of mattered if the website is hacked

Yes, I see that. I was just interested in discussing passwords in general, as the incident has raised my level of awareness. There's really know way to protect yourself from something like that, except to change your p/w asap.

 

[Barman58]

With brute force the rule is longer is better, but that has to be curbed to keep it practical .

The other thing is that for your home systems there is very little reason not to write passwords down - the occurrences of hackers who break into a home to obtain passwords for a private user are as rare as an honest politician. Obviously in an office environment the password on a post-it on the monitor frame was and is never a good idea, as a malicious colleague, with a grudge against the company and or another employee can do irreparable harm to the company and pass the blame by logging in as a user whose password they have access to

 

[ThrashZone]

Banking websites have their own minimal password requirements and some lock out some characters from being used and some don't
Then they still bark or insist on special questions cell or phone numbers/ text-email....

Most security is in the connection to the site where the password is being entering on not always the password it's self although abc-123 isn't a real password