Microsoft to block insecure passwords

vbimport

#1

We’ve just posted the following news: Microsoft to block insecure passwords[newsimage]http://www.myce.com/wp-content/images_posts/2015/05/myce-microsoft-Logo-2-95x75.png[/newsimage]

Tech companies may be planning for a future without passwords, but Microsoft has plans to help password users out in the interim.

            Read the full article here: [http://www.myce.com/news/microsoft-block-insecure-passwords-79537/](http://www.myce.com/news/microsoft-block-insecure-passwords-79537/)

            Please note that the reactions from the complete site will be synched below.

#2

This could be done easily by implementing any ‘brute force’ dictionary out there.

It has to be emphasized though that IT security only work in conjunction with the users and so educating the users about passwords and the importance of keeping it on an advanced level.

[B]Did you know that if your password is 4 characters long, it will take less than an hour to find it no matter what it is?[/B] It can actually be done by using a wildcard brute force dictionary containing only one line… In other words, please choose at least 6-8 characters :flower:


#3

If you listen to security “experts”, your password should be 77+ characters long with no repeated characters, it should be different on all 287 Internet sites you use, and it should be changed twice daily, but not written down anywhere.

Or you could use a 4-digit PIN number to logon to Windows, which according to Microsoft is even safer than using a normal password.

Experts also suggest using a password manager to remember all your secret passwords, because everyone knows that entrusting all your passwords to some random program is completely different from putting all your eggs in one basket and then leaving the basket outside your door.

There’s quite a bit of b.s. and hypocrisy when it comes to passwords!


#4

[QUOTE=DrageMester;2775204]If you listen to security “experts”, your password should be 77+ characters long with no repeated characters, it should be different on all 287 Internet sites you use, and it should be changed twice daily, but not written down anywhere.

Or you could use a 4-digit PIN number to logon to Windows, which according to Microsoft is even safer than using a normal password.

Experts also suggest using a password manager to remember all your secret passwords, because everyone knows that entrusting all your passwords to some random program is completely different from putting all your eggs in one basket and then leaving the basket outside your door.

There’s quite a bit of b.s. and hypocrisy when it comes to passwords![/QUOTE]

LOL - :iagree: :bigsmile: :bigsmile: :bigsmile:


#5

Of course, if the incorrect password is tried 5 times, the account could be locked for 10 minutes. Especially if the IP address is different than usual. Then any password would work.


#6

We should all have passwords like this:

f142384fba5c45ce6e612734e77657c293eff789756cfd8ef904589bdaf6abd5fe33316b0f2826a998579d934c6db1011afc86ec95457ea93ee979aa53e9923e
Except make sure you repeat it a few times, just to make sure you are safe from brute force attacks. Now, do this again for each and every website you log into. If the website has special requirements, such as needing capitol and lowercase letters, just use one really long string of all-lowercase letters, followed be another really-long string of all-capitol letters. Also, make sure you don’t write it on paper, since hackers can get into your house by… um… hacking? You can put it into a cloud-based password manager (without having to read the privacy policy), since the could is obviously “secure”. Just make sure you have a super long password that nobody can guess (not even yourself). Then, make sure they also require you thumbprint in addition to your username/password. And your eyescan. And your social security number. And the color of your underwear. And that one deep, dark secret you would never tell anyone.

Or, for those living in reality, just try not to use the same password multiple times. I have also come up with a way to make simple passwords, while making them difficult to figure out. Let’s say you love dogs, so you might thing about having your password be “dog”. Instead of making a password that looks like[quote]iLikeDogs123TheyAreTheBest848974, you can instead run the word “dog” through a checksum generator. The CRC32sum of “dog” is “1ce2272b”, which would make a fairly decent password. If you’re worried about forgetting what your password is, simply write down the word “dog” somewhere. Then you can simply look up the CRC32sum of “dog”, and get your password. If someone else finds out that you wrote the word “dog”, they will simply enter “dog” as the password, which of course won’t work. Hopefully, they will then conclude the password has been changed, and give up. If the website requires a combination of upper and lower case letters, try something like “[B]dO[/B]1ce2772b[B]g[/B]”. Notice how I included the letters that spell the word “dog”? That should be much easier to remember than “Afjic.9~49^7dneoidEN73”, or whatever.

For GNU/Linux users out there, you can find the CRC32sum of “dog”, or any other phrase by typing

echo dog | crc32 /dev/stdin

into a terminal. I’m sure there are also other means of getting CRC32sums for GNU/Linux or any other system, but that’s what works for me.