{"id":11950,"date":"2016-12-05T19:58:41","date_gmt":"2016-12-06T00:58:41","guid":{"rendered":"http:\/\/www.thundercloud.net\/infoave\/new\/?p=11950"},"modified":"2016-12-05T19:58:41","modified_gmt":"2016-12-06T00:58:41","slug":"have-some-password-fun","status":"publish","type":"post","link":"https:\/\/www.thundercloud.net\/infoave\/new\/have-some-password-fun\/","title":{"rendered":"Have Some Password Fun"},"content":{"rendered":"

Have Some Password Fun<\/h1>\n

Every six months or so we like to impress upon you the benefits of using secure passwords. And every six months or so, we know our advice is falling on deaf ears. But we’re nothing if not intrepid.<\/p>\n

Now, you may think passwords are boring troublesome – because sometimes you can’t remember them – but t oday, we’re going to have fun with passwords. So even if you don’t take our warnings about using secure passwords seriously, you’ll have fun with this password-o-meter we are about to let you feast your eyes upon.<\/p>\n

We’re doing to intro the site first and then we’re going to show you some examples; a show and tell kind of thing.<\/p>\n

The site is called My1Login. On the site there’s a password-o-meter (we made that word up – phrase up?) with which you can test the strength of your passwords. It will show you how long it would take to crack you passwords using the standard hacker tools that guess billions of combinations a second – and yours might be one of those combinations, especially if it is a weak password.<\/p>\n

Here’s what the folks at My1Login have to say about Passwords – may their words not fall upon blind eyes:<\/p>\n

Is it actually safe to use Password Checkers?<\/em><\/p>\n

If you\u2019re reading this section, then good \u2013 the quickest way to get hacked online is to be too trusting or assume websites are automatically safe. It\u2019s good to be cautious and it\u2019s never a good idea to enter your legitimate credentials into any website you are not confident about. The ones to watch especially are those who ask you to input your credentials.<\/p>\n

So, why is this Password Strength Meter safe?<\/p>\n

The passwords you type never leave your browser and we don\u2019t store them (You can disconnect your internet connection and then try it if you wish)<\/p>\n

All the checking is done on the page you\u2019re on, not on our servers<\/p>\n

Even if the password was sent to us, we wouldn\u2019t actually know who you were anyway \u2013 so couldn\u2019t match it up to any usernames or any websites you may visit<\/p>\n

We\u2019re in the business of making people more secure online and the last thing we want to see is passwords being transmitted across the internet insecurely.<\/p>\n

How does My1Login’s Password Strength Checker work?<\/p>\n

The password strength calculator uses a variety of techniques to check how strong a password is. It uses common password dictionaries, regular dictionaries, first name and last name dictionaries and others. It also performs substitution attacks on these common words and names, replacing letters with numbers and symbols \u2013 for example it\u2019ll replace A\u2019s with 4\u2019s and @\u2019s, E\u2019s with 3\u2019s, I\u2019s with 1\u2019s and !\u2019s and many more. Substitution is very typical by people who think they\u2019re making passwords stronger \u2013 hackers know this though so it\u2019s one of the first things hacking software uses to crack a password<\/em><\/p>\n

The password strength meter checks for sequences of characters being used such as “12345” or “67890”
\nIt even checks for proximity of characters on the keyboard such as “qwert” or “asdf”.<\/p>\n

Common mistakes and misconceptions<\/p>\n

Replacing letters with digits and symbols. This technique is well known to hackers so swapping an “E” for a “3” or a “5” for a “$” doesn’t make you much more secure<\/p>\n

That meeting the minimum requirements for a password makes it strong. By today’s standards, an 8-character password won’t make you very secure<\/p>\n

That it\u2019s fine to use the same password a lot as long as it\u2019s strong \u2013 what if the website is hacked? Do you know how the website stores your password? What if they store it in plaintext?<\/p>\n

Guilty<\/p>\n

Weak practices \u2013 storing passwords in the notes field on your phone, does it auto sync to the cloud, iCloud or Dropbox.<\/p>\n

Putting them in a spreadsheet, even password protecting a spreadsheet doesn\u2019t keep the information safe. Check out our blog on this and other security subjects. https:\/\/blog.my1login.com\/<\/p>\n

What makes a strong password?<\/p>\n

A strong password is one that\u2019s either not easily guessed or not easily brute forced. To make it not easily guessed it can\u2019t be a simple word, to make it not easily cracked it needs to be long and complex. Super computers can go through billions of attempts per second to guess a password. Try to make your passwords a minimum of 14 characters.<\/p>\n

Passphrase<\/p>\n

A passphrase is simply a password, that\u2019s longer, it could be a sentence, with spaces and punctuation in it. The benefit of a passphrase is that typically they\u2019re easier to remember, but more difficult to crack due to their length. For every additional character in the length of a password or passphrase, the time it would take to break increases exponentially. Ultimately that means that having a long password or passphrase can make you far more secure than having a short one with some symbols or numbers in it…”<\/p>\n

Now for the fun:<\/p>\n

<\/p>\n

Above, we generated a 15-character password using the password generator in LastPass. I don’t even think EB will still be around 73 trillion years ago. In the screenshot above we’re showing you the password because we could not care less. It’s not our password. Feel free to use it as your own.<\/p>\n


\nBut let’s just say you’re the fussy type and you don’t think 73 trillion years is good enough – you’re the kind that always wants bigger, better, newer, etc. You are the kind of person who always wants more. How about 509 billion trillion years? As you can see it’s a pass phrase that I can actually remember as long as I remember EB was born in 1906. Even the cantankerous EB cannot possibly live 509 billion trillion years – not even if just to aggravate me.<\/p>\n

<\/p>\n

Above you can see a password that would only take a hacker 27.08 seconds to crack. And we’ll bet that someone(probably many of you) reading this has a very similar password and they use that password on more than one site. Is it YOU?<\/p>\n

<\/span><\/p>\n

OK now let’s go to extreme. Do you think hackers will be around six trillion trillion years from now? Don’t think so! As you can see all I did was take a line from a Beatles’ song and put dollar signs at each end. That’s called a passphrase…and it’s something I can remember – even hum or sing to myself…or if you like, call me and I’ll sing it to you. Rock on, Paul.<\/p>\n

Are you ready to have fun testing your passwords and experimenting with very secure yet easy to remember passphrases. OK you can test your passwords by heading to this page .<\/a><\/span><\/p>\n

Oh, yes, and one more thing: They offer a free password manager too. If you don’t have one, you need one. There is no way the average human brain can remember different passwords for dozens of Web sites – especially long and strong ones. Yes, EB? Perhaps there are savants out there who can, that’s true. Yes, EB, maybe even Las Vegas card counters. But that’s not most of us, you know!<\/p>\n

Have some fun with passwords right now<\/strong><\/a>!<\/span><\/p>\n

\"Cloudeight<\/p>\n","protected":false},"excerpt":{"rendered":"

Have Some Password Fun Every six months or so we like to impress upon you the benefits of using secure passwords. And every six months or so, we know our advice is falling on deaf ears. But we’re nothing if not intrepid. Now, you may think passwords are boring troublesome – because sometimes you can’t remember them –\u2026 Read More »<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1462,1433,1678,1656],"tags":[],"_links":{"self":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/11950"}],"collection":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/comments?post=11950"}],"version-history":[{"count":1,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/11950\/revisions"}],"predecessor-version":[{"id":11951,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/11950\/revisions\/11951"}],"wp:attachment":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/media?parent=11950"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/categories?post=11950"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/tags?post=11950"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}