Comments on: University of Cambridge conducts largest-ever password study

By: technopeasant

technopeasant — Mon, 04 Jun 2012 20:10:00 +0000

We arent living in some drafty old castle like in medieval times.
The very concept of a “pass” word is archaic and should be relegated to the dustbin of history.
Given that the QWERTY keyboard isnt going to be replaced with a brain tap anytime soon I’ve been using a SWYPE style pattern of random keystrokes instead of a “rational” word construct.

By: simpleas

simpleas — Sat, 02 Jun 2012 17:39:00 +0000

my password is something similar (in terms of randomness) to
uywimha8 , hope thats not too easy to crack as it doesn’t mean anything.

By: Arnold D.

Arnold D. — Sat, 02 Jun 2012 12:45:00 +0000

Most people pick terrible passwords, therefore all people pick terrible passwords? I find your lack of logic disturbing.

By: truthsmiles

truthsmiles — Sat, 02 Jun 2012 07:48:00 +0000

This is due almost entirely to password longevity rules. Institutions who think that passwords should be changed every X days are asking for a breach. Humans can’t keep track of them and have to write them down. It sounds like a good idea but in practice your observations are completely expected.

By: hthalljr

hthalljr — Sat, 02 Jun 2012 06:38:00 +0000

Those are excellent suggestions. The thing that will make it strongest is the length of the phrase. Try to make it at least 10 charachters. Here’s a good example of a strong pass phrase. Note that I capitalize the first word and any nouns. “I was born in 1950 and so was my wife!
Iwbi1950&swmW!

By: Tony R.

Tony R. — Sat, 02 Jun 2012 06:35:00 +0000

True. I’ve on occasion contacted site administrators to get the password rules and more often than not found that passwords are limited to six or eight characters, and sometimes even prohibit certain punctuation characters.

By: b_k_c

b_k_c — Sat, 02 Jun 2012 05:42:00 +0000

I find it humorus that at work, we have all these password rules and make people change passwords all the time. Then when you go around to their desks, you find password written down on sticky notes, inside the top desk drawers and all over the place. LOL! Why have passwords then?

By: Nick S

Nick S — Sat, 02 Jun 2012 05:22:00 +0000

Yes, but as n becomes very large, the statistics will more closely match reality. Also, the author did not commit an ecological fallacy by suggesting your password was weak – he said “probably” ;)

Otherwise, it would be interesting to find a way to look at plain text passwords in this volume, if only to see how many people used “p@s$W0rd”.

By: Some dude

Some dude — Sat, 02 Jun 2012 05:21:00 +0000

I used to keep a weak password.. Than several years ago, my email was hacked, now I use a password manager…

By: Piedy

Piedy — Sat, 02 Jun 2012 05:19:00 +0000

Unfortunately many sites make it hard to use a good password (as you describe) because they limit the # of characters, and don’t let me use non-alphanumeric. That’s lazy programming on their side and puts their customers at risk. I too use a password generation program and store them in a single encrypted password program (which I backup to multiple places on each change).

By: Rosewater

Rosewater — Sat, 02 Jun 2012 05:11:00 +0000

” every identifiable group of users generated a comparably weak password distribution” doesn’t mean that every password was weak – just that the distribution breakdown was generally weak; There will always be outliers – I suspect if you look at the actual report you’d find how common those outliers are. No where did he say that “all people pick terrible passwords”.

By: Luke Solis

Luke Solis — Sat, 02 Jun 2012 05:03:00 +0000

If I need to log into the account many times a day, or doesn’t have an option for me to Lastpass the password. It will be weak. other then that, I use LastPass to manage my passwords for me.

By: mrpete

mrpete — Sat, 02 Jun 2012 04:56:00 +0000

Never use anything that looks like a “word” for a password!
~
An Excellent way to create a computer password is to use a “pass phrase.” Here’s how to do it …
~
Your password (PW) length should be at least 8 characters.
~
Pick a “pass phrase” and use the first letters of the words to form the PW. For example, use this phrase: “four score and seven years ago.” Use the first letters of the “phrase words” to form the PW. See below …
~
four
score
and
seven
years
ago
~
Initial effort PW = fsasya
~
Throw in a number and a special character (or two) in a place that seems natural for you.
~
Second effort PW = fsa72!sya
~
Then put one or more (not all) of the characters in CAPS.
~
Final effort PW = fsa72!Sya
~
That’s a VERY strong password and it’s not very difficult to remember. But don’t use a phrase as well known as “four score and seven years ago.” This is just an example.

By: Richard D

Richard D — Sat, 02 Jun 2012 04:39:00 +0000

Most people pick terrible passwords, therefore all people pick terrible passwords? I find your lack of logic disturbing.