<rant>

I know that there's a good reason for the whole 'password needs X, Y and Z in it', and yes, I know this is my first post here, so i'm just getting this off my chest before I get to the main reason I came here, but.. honestly.. the whole needing a capital letter in the password? I bet if you did an analysis of the passwords on here, I would with reasonable certainty guess that the vast majority of them just capitalized the first letter in their passwords. So, IMO, really all that would do for the vast majority of passwords, double the time it would take to guess a password. (try it with a capital first letter and try it without)

*exhales*

</end rant>

I "shift" the first and last. I'll even give you a hint ... it's the serial number of my first car, a 1978 Ford Fiesta.

Mike B.

Golly -- I hope you feel better now! Thanks for being civil, btw. Wanna tell us about the main reason you came here?

cheers,
Jeff

ps- Guilty as charged!

_________________
In 1988 my 65C02 got six new registers and 44 new full-speed instructions!
https://laughtonelectronics.com/Arcana/ ... mmary.html

Wow, I'm glad I made my acount long ago. No password in my reserve ever uses any capital letters. I had passwords of length 5, then 6 and then 8 in my reserve, and a site recently required the password to be 10 cars or longer. This really pissed me off as no password in my reserve would match. I belive I just click on "forgot my password" every time I log in and log in from the mail they send to me - it's simpler than add another password that is so long I cannot remember. I mean, even a 6 symbol password would take a couple of years to crack, and even if they crack it the worst they can do is apply for a job for me, so really, there's no need for such high security.

In the end, increasing so ridiculously the password requirements actually lowers security, because it forces people to write their passwords down (instead of simply remembering them) and make them more accessible for outsiders.

Estimating the strength of a password is difficult, and not a science - it depends in part on the model you have of the model the attacker has of how people select passwords. There's an interesting account at
https://blogs.dropbox.com/tech/2012/04/ ... stimation/
and a demo here. Don't try any of your actual passwords, of course. See also this.

Or keep your confidential info like passwords and serials and whatever they want you to 'remember' in a software vault. I use Keepass on all my devices and keep the database in sync. Only one password to remember, and my family can get that one password (in a safe place on paper sealed) and in emergencies get to all my passwords and other private info.
Never ever since had password problems!

Write all your passwords on €50 notes. Then you'll keep them safe. (Or $50 bills, as appropriate.)

Since biologists speak an ancient language that nobody understands, or cares to understand, I have many "ready-made" options for unique and mostly "un-guessable" passwords. But, of course, not now that I have revealed the secret.

How is it that e-mailing our new passwords to ourselves is safe? What if somebody hacks our e-mail? "Nested password weakness".

One should endeavor (A) to have no secrets worth keeping or, (B) more realistically, endeavor not to place said secrets on the internet or in any sort of digital format, easily post-able on the internet.

I am afraid I like science ALOT, and so all my secrets are told before I even open my mouth! Though I am a CEO and Director of a company--on paper--I have a general disdain for corporate/company "ethics"--so-called--of the modern 21st century. So, in short, my intellectual property is easily gained, by (1) simply asking me, or (2) waiting long enough to hear me blab!

But, when it comes to science/technology, one must first have a secret worth keeping in order to blab it, indiscreetly! Do I dare presume that I have such? (Other than Meyer's Law, no I do not presume that I have done anything worthwhile.).

Finally, with regards to cryptography, one should (1) pick a book as an encoder/decoder text, (2) construct a key (random number generator, or dice, or flip a coin), 30QTY of them, or so, with a big letter at the top, indicating the letter from the "key text", and then A=X1 , B=X2, etc. on each key-page, (3) encode message, using the book, starting on a page, and line, and word, and using the key that has the big letter at top that begins with the letter like the word in your decoder book, (4) repeat until entire message is coded, shifting your key page with every new letter in the encoding book, (5) send, (6) don't tell anybody, except the recipient, which book you used. I think PGP uses this cypher, and it should be unbreakable. Frequency counts for letters, or searching for vowels, should not be possible with this method, even with the 30 keys in hand. As long a s the book, page, paragraph, line, and word remain secret, it should be unbreakable. (almost like a paper version of Enigma!).

This one explains the sillyness of standard passwords quite well: https://xkcd.com/936/

What's needed is simply to allow passwords with spaces, and let users select a sentence as their password. Easy to remember, easy to write, very very hard to break.
When I wrote my terminal server for accessing remote minicomputers back in 1990 I did exactly that, and I remember the passwords to this day.

Many people are not aware of the fact that wi-fi router WPA passwords can contain spaces. So just use a sentence, not some silly Go11y4me.L77t password.