Forum Notice: Passwords

Discussion in 'Site and Forum Feedback' started by xUKHCx, Feb 7, 2011.

  1. xUKHCx Administrator emeritus

    xUKHCx

    Joined:
    Jan 15, 2006
    Location:
    The Kop
    #1
    It is good to remind everyone now and again about passwords. Your MacRumors account like most websites is protected by a username and password.

    As your username is fixed your security point is the password. Therefore to protect your account you need to use a good strong password.

    I know everyone is thinking right now that "Well I have a strong password" but please stop and really consider it.

    Here are Google's tips on creating a good password and some do-NOTs from Microsoft's tips page

    There are a number of online password checkers that you can use to test how strong potential passwords are, here is Microsoft's.

    It is also worth reminding members about the following thread: Forum tip: keep your email address up to date
     
  2. stridemat Moderator

    stridemat

    Staff Member

    Joined:
    Apr 2, 2008
    Location:
    UK
    #2
    Think it may need upgrading. A few years ago this was deemed as a strong password.
     

    Attached Files:

  3. GoCubsGo, Feb 7, 2011
    Last edited: Feb 7, 2011

    GoCubsGo macrumors Nehalem

    GoCubsGo

    Joined:
    Feb 19, 2005
    #3
    Is this a gentle way of telling us there is a possible breach and you'd like us to change our passwords?
    Edit: here ... though MS now knows my password. Those goons.
    Screen shot 2011-02-07 at 5.56.49 PM.jpg
     
  4. Jaffa Cake macrumors Core

    Jaffa Cake

    Joined:
    Aug 1, 2004
    Location:
    The City of Culture, Englandshire
    #4
    Hmm... would there happen to be a particular reason for this (admittedly sage) advice, or is that just me paranoia talking?
     
  5. Mac'nCheese macrumors 68030

    Mac'nCheese

    Joined:
    Feb 9, 2010
    #5
    My password is 12pas01word. Is that strong enough or do you recommend a stronger one?
     
  6. xUKHCx thread starter Administrator emeritus

    xUKHCx

    Joined:
    Jan 15, 2006
    Location:
    The Kop
    #6
    There was a small issue (2 accounts identified) where the user's passwords were guessed.

    It seemed prudent of us to take this as a timely reminder for everyone.
     
  7. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #7
    I'd recommend something easy to remember like:
    H3)^%nP7"@v^~`(8jW<2o&('|!>*sE5#-x_C{$G+\​
     
  8. Mac'nCheese macrumors 68030

    Mac'nCheese

    Joined:
    Feb 9, 2010
    #8
    Now you're just being silly.
     
  9. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #9
    Not really. That's the kind of passwords I use on my wireless network and many financial accounts.
     
  10. simsaladimbamba

    Joined:
    Nov 28, 2010
    Location:
    located
    #10
    That's quite a weak one: [​IMG]


    xUKHCx, just out of curiosity, were these two accounts, those two that have been registered in 2009 and been inactive post wise and then suddenly been used to post spam?
     
  11. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #11
    LOL! I didn't say it was strong; I said it was easy to remember! :D
     
  12. bobfitz14 macrumors 65816

    bobfitz14

    Joined:
    Oct 14, 2008
    Location:
    Massachusetts
    #12
    +1. good advice nonetheless.
     
  13. simsaladimbamba

    Joined:
    Nov 28, 2010
    Location:
    located
    #13
    You're such an easy boy, but I hope that one day we can use more secure passwords like these: 1.000.000

    Seems there is a limit here:
     
  14. miles01110 macrumors Core

    miles01110

    Joined:
    Jul 24, 2006
    Location:
    The Ivory Tower (I'm not coming down)
    #14
    Why? Most banks use a 128-bit SSL encryption method, meaning a 41-character password such as "H3)^%nP7"@v^~`(8jW<2o&('|!>*sE5#-x_C{$G+\" is no more secure than a 32-character password of similar construction. What bank allows 41-character passwords anyways? That is highly uncommon.
     
  15. GGJstudios, Feb 7, 2011
    Last edited: Feb 7, 2011

    GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #15
    I wasn't referring to the length of the password, but to the content.
    I didn't say that was the actual password or the actual length.

    It's worth noting that the Microsoft password checker that xUKHCx posted shows a simple password to be strong if you simply increase the number of characters. Try typing all "1" characters:
    1-16 1s: weak
    17-19 1s: medium
    20-28 1s: strong
    29+ 1s: best

    Not what I would consider a good password checker.
     
  16. DewGuy1999 macrumors 68040

    DewGuy1999

    Joined:
    Jan 25, 2009
    #16
    If you're using OS X, Keychain Access, can show how strong a password is, no need to give it out to Microsoft.
     
  17. ravenvii macrumors 604

    ravenvii

    Joined:
    Mar 17, 2004
    Location:
    Melenkurion Skyweir
    #17
    I checked and couldn't find the functionality. Could you point me to it?
     
  18. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #18
    That's only for creating Mac user account passwords:
     
  19. DewGuy1999 macrumors 68040

    DewGuy1999

    Joined:
    Jan 25, 2009
    #19
    Okay, this is for Keychain Access 3.3 under OS X 10.4.11, so it may be set up differently under Leopard and/or Snow Leopard. If you go to File, New Password Item..., in the Password box type your password then click the little Key icon and it will show how strong it is.
     
  20. SandboxGeneral, Feb 7, 2011
    Last edited: Feb 7, 2011

    SandboxGeneral Moderator

    SandboxGeneral

    Staff Member

    Joined:
    Sep 8, 2010
    Location:
    Orbiting a G-type Main Sequence Star
    #20
    While this is always awesome advice to use (and I do use the most bizarre password strings of great length), there is still one inherit problem with the MR site and that is it's lack of SSL. If someone is logging into MR while connected to some public WiFi spot or even on an unsecured home WiFi, anyone with a packet sniffer can grab your username and password, regardless of how strong it is.

    I would love to see MR get SSL and have the whole site default to it (HTTPS). That way every user's session on the domain would be fully encrypted from browser to server and even those folks with weak passwords would be protected while on free or unsecured WiFi hotspots.

    My home and office WiFi networks are secured using 63 character pseudo random generated passwords with maximum entropy using the WPA2 encryption.

    Like I said, using strong passwords is always a good idea and everyone should.

    Attached is the screen capture of my MR password entered in the Keychain Access app.
     

    Attached Files:

  21. exabytes18 macrumors 6502

    Joined:
    Jun 14, 2006
    Location:
    Suburb of Chicago
    #21
    That's not quite true.
     
  22. annk Administrator

    annk

    Staff Member

    Joined:
    Apr 18, 2004
    Location:
    Somewhere over the rainbow
    #22
    I just want to chime in to support xUKHCx's message. My google account was hacked some months ago, and a couple mails were sent out from my gmail from a Chinese IP. Google notified me immediately (apparently they have some sort of filter that catches activity that doesn't seem to jive??) so no major damage done, but it scared me and woke me up.

    I thought I had strong passwords, but I've since paid a lot more attention to them. :(
     
  23. iPhoneCollector macrumors 6502a

    iPhoneCollector

    Joined:
    Nov 30, 2010
    Location:
    Home
    #23
    That is scary. I should change my PW
     
  24. QuarterSwede macrumors G3

    QuarterSwede

    Joined:
    Oct 1, 2005
    Location:
    Colorado Springs, CO
    #24
    I usually avoid password generators because I actually like to be able to login from anywhere without using my device (well, not a public pc).

    I've found that coming up with a strong password is easy if you create it like it would go on a personalized license plate and use symbols as well. Stongpassword would be something like $tr0ngP@s$w0rd. Easy to remember and strong at the same time.
     
  25. xUKHCx thread starter Administrator emeritus

    xUKHCx

    Joined:
    Jan 15, 2006
    Location:
    The Kop
    #25
    In short: No.

    In long: Nope.
     

Share This Page