Have you ever seen Demolition Man?
Reading your emails isn’t where they’ll get ya: It’s taking over your account and sending viruses to your friends and getting you on major spam filters.
Like I said, I just got hacked.
My workplace introduced mandatory strong passwords (>9 characters, a mix including at least three different types out of upper, lower, numeric and symbols) last year - it caused widespread confusion, with people unable understand the requirements, or unable to consistently enter their passwords.
Some of them just wrote their passwords on post-its and stuck them to the screen - others, who had trouble typing them into the masked field called colleagues over, saying “Look, watch me to make sure I’m typing this (waving a piece of paper with the password on it) correctly - watch me type it in to make sure I’m doing it right!”
I try to use good passwords for anything connected to money, but am more worried about keyboard sniffers than password crackers. I wouldn’t want to use the same password at an “unimportant” site. Hack the unimportant site, then steal my money from another site? No thanks.
My Doper password may be very easy to guess. Go ahead and guess it and forge some septimus posts if you want. (It will probably improve the average septimus post quality.)
That’s all you have to do to get everybody’s password? That doesn’t sound right.
As former systems admin all the changing of passwords did was force people to write them on sticky notes. Hardly any better. But that ruling of changing passwords came from corporate and I’d get slammed on my audit if I didn’t enforce it.
So I did.
I recall at that hotel the controller had a password of “1” 
I was like, yeah here’s a lady with access to ALL the hotel financial information, not to meniton access to all the personnel files with income, insurance and reviews. Yep, that’s a good password
A lot of guys use sports teams at their passwords. I had a couple of men get into trouble when their NOW present girlfriends found out they were using their old girlfriend’s name as a password.
The real problem is when you use the same password for everything. Like your password on the SD should never be the same as your banking or credit card or any such sites. And you should change passwords on banking sites at least 2 times per year.
Though you make a good point, the fact is, it is still much easier to simpy dumpster dive than to go to all that trouble or use social networking to get the info. One thing I found in two hotels I worked at was clerks were selling information.
This is a REAL problem. The H/R clerk was selling social security numbers and the accounting clerk was selling credit card numbers. These are jobs that pay $1 more than minimum wage. This is why you NEVER put your social security number on a job application. Write in, “Will provided upon request.” If a company has no intention of going beyond interview #1 they have no need for information like that. If they are serious and want to investigate your background then fine.
The H/R clerk would wait six months then take all the old, stale, job applications and then sell them. Same with the accounting clerk. Which is another good reason to at least once per year, call in your credit cards as stolen/missing and get new numbers. So your old numbers aren’t sitting around for some minimum wage clerk to sell
My password for almost everything is one 6-letter word (well, a name really - no not my own!), or sometimes that word doubled and combined with uppercase/lowercase and numbers. It’s been the same thing my entire online life (14 years now!) and I’ve never been hacked.
I’m apathetic about hacking. My checking and savings accounts force me to change my password regularly and require uppercase, lowercase, and multiple numbers and symbols.
I have two basic passwords (one 6 characters, one 7 characters), the first was the first password assigned to me from my very first Internet account back in April 1994, the second was, you guessed it, the random password my second ISP gave me (December 1994). both are random letter-number combo that’s quite hard to guess, at least I havent’ been compromised in 16 years as a netizen yet (knock on wood).
It’s when I’m required to provide something longer than 7 digits (or 8 I guess, I could through a symbol at the end of the 7) that I start to get uncreative (which worries me somewhat, as that’s where some of the more important sites are).
I do find the OP and topic interesting, as when I’m out with my iPod touch and come across a locked hotspot, I’d see if I can guess the password on the first try - usually I’m unsuccessful, but then I’ve been assuming that people knew about password security, so I try more difficult passwords in my guessings. “123456” here I come!
I didn’t tell you how old this system was. We were decomissioning it in 1987 to replace it with a bunch of IBM ATs with the 5-1/4" floppy drives (TWO of them!). It was a “mini-computer” (i.e., mini-mainframe) setup with about 12 terminals, no connection to anything like “the Internet” except for a modem with two rubber cups to fit over a telephone receiver (one for the earpiece and one for the mouthpiece) which I only ever saw in action once, presumably to demonstrate something like UUCP. I don’t even remember what operating system it ran; based on my subsequent life experience though, I can say it wasn’t any flavor of Unix, VAX/VMS, IBM/CMS or CDC Cyber.
The “password dump” I referred to was just us going in as the system user and going through all the user accounts, so we could find out the person’s name and (if still at the school) send them a message that we were decommissioning the system and to print out (no “saving”) any work they cared to retain. The screen that came up for each user showed their name, other contact info and current password (editable and viewable). So not really a dump (as in a bulk data drop), so much as a browse/walk.
I came here to dump on you guys and say that you’re potentially giving bad guys ideas on password cracking. Not that they need much help with passwords like “123456.” And you’re endangering your own accounts.
I’m not telling my sooper sekrit password algorithm. No hints whatsoever. 
When ATM cards were still fairly new, the pin numbers were computer generated and randomly assigned. My first one? My then fiancee’s birthday. He told me it was a sign. I married him anyway. 
At one point I worked for a very small family firm. Each computer required a password to sign on. The owner’s daughter was a ditz, but she needed to be able to access my computer. I used her husband’s first name as my password – she could remember it, and anyone who knew how I felt about her would never think I’d use it. The office manager (owner’s wife) thought this was a great idea. She made everyone in the office use her son-in-law’s name as a log-in password. Including the ditz daughter, who had his picture and name scrawled all around her work station, just like junior high. :smack: (There were many, many ways this job resembled junior high)
Somebody change the combination on my luggage!
[sub]can’t believe we’re two pages in and i’m the first to do that…[/sub]
Don’t believe it.
One of these days I’m going to register somewhere with the username password and my password username.
I confuse the IT guys all the time with my laptop.
“What’s your password?”
“Nothing.”
Presses enter. “Didn’t work.”
“Did you type in Nothing?”
“Ohhhh.”
I remember hearing about a security expert who’s reviewing the procedures for a building. First thing he says as he walks into the meeting:
“All of your combination door locks have the code 1111, right?”
Building manager looks dumbfounded. “How did you know?”
:rolleyes: “Because the number 1 was worn off all the keypads.”
Passwords are the only legitimate use of leet speak. I use two profane words with a letter changed to a number and/or a symbol. So Sh1tf@c3 would be a possible password. I had a boss with a four letter name I would use sometimes.
I hate the password restrictions at work. You have to change the password every 45 days for Novell, and it it remembers every password for the last two years. Upper/lower case, special character, and a number and exactly 8 characters. The example above would fit. They don’t realize that it’s very easy to get passwords. Hell, I work in the helpdesk and about 1 out of every 10 password calls they caller just gives me their old password, or what they want it set to! If I were to just call one of these plants and say I’m from the helpdesk and needed a password verification I could totally get it.
I had a random call today from someone claiming to be from my credit union. He wanted me to verify everything like my account and SSN and address. I got warning bells and just asked what this was all about. Turns out it was for a late car payment, so he was legit. But how would I know at first?
I also have a post-it note under my keyboard that says “You didn’t really think I’d keep my password here, did you?”
control-v
My boyfriend always used 1203 for things requiring 4 digit PINs.
Then his mother died on December 3rd. Creeped him right out. Then last year I got assigned a set of keys numbered 1203 at work. Creeped both of us out, but he figured his mother had now accepted me as part of the family. :rolleyes:
My work passwords expire every three months, which doesn’t bother me. I have a little system that is easy for me and I don’t have to write it down. It involves foreign language words and a number string. IE pring20temps10 (only not this one incase you want to read what my patients ate for breakfast.) Because I have to change work passwords every 90 days, I change my banking etc at the same time, just a regular reminder, and have a different system of revolving combinations that only make sense to me. First syllable of an aunt on my dad’s side’s name, second syllable of an uncle on mom’s for example. (10 each side, which gives me years and years of new passwords) With numbers and symbols. mY6!wARd17? (with June 17th having its own meaning to me) Canadian postal codes also make semi secure passwords, just don’t use your own.
I’m reminded of a scene on Babylon 5 where the Captain, the XO, and the Chief of Security all have to input their passwords into the system to reset the station’s computer and flush out any malicious code that might have been added since the station started operations a few years earlier.
Anyhow, the Captain and the XO both give their passwords, and then the security chief gives his password… “Peekaboo”
The XO looks at him for a moment, and asks “… Peekaboo?”
“Would YOU have guessed it?”
What makes it funny is that the security chief is infamously paranoid and thorough, obsessing over opsec and such. He once convinced a security official from Earth that he couldn’t share some requested information because the security chief didn’t even allow the SECURITY CHIEF to know that kind of stuff, and he’d hate to get in trouble with himself over the breach of policy…
So yeah, his password into the station’s central command interface is “Peekaboo” because nobody would even think that it would be his password. Rule of Funny and all that.