#computer passwords

time to get funny !

i did say i would post little headcanons, didn't i ? i'm starting off with my dumbest idea, just to satiate you freaks while i think up my next fic

Lucifer, typing: chloedecker

Computer: password to weak.

#computers #smartphones #password #authentication

Apple, Google, and Microsoft, three of the world’s largest technology corporations, want to simplify safe login procedures that do not require a password. Thursday, in honour of World Password Day, the corporations issued a joint statement announcing this. The new features are intended to enable websites and applications to provide consumers with safe, password-free logins across all devices and…

It appears Bots are using brute force to break into people’s accounts. If you have a short password, it is at risk no matter how many odd characters and numbers you have. Password security is based more on length rather than odd characters or the like, no matter what some security types might claim.

For instance, a password with six characters can be hacked in a couple of hours from a persistent Bot. But if your password has 12 characters, that becomes far harder to hack. 18 characters and it is once more far more difficult because of the huge amount of potential combinations.

While 18 odd characters might be hard to remember, you can take a couple of words and add them together. Toss in some “leet” replacing certain letters with symbols and a number sequence of some sort and you have an even more difficult password that is not hard to remember... but hard to hack.

That said, the easiest way for a hacker to get into your system is by doing research on you and then requesting a new password while using your statistics to answer your questions. Even two-factor identification can be overcome by a smart hacker. So when you choose your questions, use information you don’t put out there. If you have a first pet you loved, never talk about them or give a different name for the cat (for instance, use a personal nickname for your pet rather than the real name, and never mention that nickname online).

By Todd C. Frankel and Andrea Peterson, Washington Post, August 11, 2016

People tend to hate computer passwords, that often nonsensical jumble of letters, numbers and special keystrokes said to be essential for digital security. The secret codes seem impossible to remember. It’s why every login page has a “Forgot password?” life preserver. The struggle even has a name: Password rage.

Now, a new standard is emerging for passwords, backed by a growing number of businesses and government agencies--to the relief of computer users everywhere. No longer must passwords be changed so often, or include an incomprehensible string of special characters. The new direction is one that champions less complexity in favor of length.

Passwords that once looked like this: W@5hPo5t!, can now be this: mycatlikesreadinggarfieldinthewashingtonpost.

Requiring longer passwords, known as passphrases, usually 16 to 64 characters long, is increasingly seen as a potential escape route from our painful push toward logins that only a cryptographer could love.

A series of studies from Carnegie Mellon University confirmed that passphrases are just as good at online security because hacking programs are thrown off by length nearly as easily as randomness. To a computer, poetry or simple sentences can be just as hard to crack. Even better: People are less likely to forget them.

“You’re definitely seeing more of it,” said Michelle Mazurek, one of the Carnegie Mellon researchers, now at the University of Maryland College Park. “For equivalent amounts of security, longer tends to be more useful for people.”

One sign of change came this year from the federal agency overseeing government computer policy. The National Institute for Standards and Technology issued draft recommendations that called for a password overhaul--encouraging longer passwords and ending the practice of forcing new ones every 60 or 90 days.

“Passphrases are much harder to crack and break, and much easier to remember,” said Paul Grassi, a NIST senior adviser.

It was an acknowledgment that current password practices are a pain.

Passwords today are “completely unusable,” Grassi said. “Users forget, which creates all sorts of cybersecurity problems, like writing it down or reusing them.”

The demand for simpler passwords has grown along with the share of time spent online, where hard-to-recall codes restrict access not only to work and school email, but shopping, playing games, managing health claims and finding recipes. The average person has 19 to 25 different online passwords, polls have shown.

But the change to simpler password protocols remains slow. When Lorrie Cranor joined the Federal Trade Commission as chief technologist in January, she was stunned to learn that six of her government passwords came with automatic expirations. A couple months later, she had whittled that list down to four.

It’s possible the government could be the nimbler mover on this topic.

Joe Hall, chief technologist at think tank Center for Democracy and Technology, has noticed easier password rules among the 800 different logins he uses. (He admits he’s an outlier having so many accounts. But, he says, that’s part of his job.) In recent years, he has seen more sites allowing 16 character if not longer passwords. Fewer are requiring regular resets.

“This is part of a big push to make things more usable for humans,” Hall said.

Like many computer experts, Hall has been a fan of passphrases for years.

“I tell people to think of a sentence that is shocking and unpredictable, even nonsensical,” he said.

One example: “The spherical brown fox jumped into the Russian Bundestag.”

A friend of his likes to use pet peeves as his passwords, such as the malapropism “all intensive purposes.”

Of course, most experts say passwords of any kind are outdated. Many have been pushing two-factor verification, where users have to prove their identity by entering a code sent to their email address or cellphone number. This standard is being more quickly adopted than passphrases.

In the meantime, experts caution against using popular song lyrics or poetry lines in passphrases. So no Beyoncé or Wallace Stevens. Hackers can download libraries of information to try common phrases. Mazurek suggested typing in your passphrase into a Google search bar and seeing if the search engine can auto-complete it--signifying that it’s a common phrase.

Rich Shay, another Carnegie Mellon researcher, said the studies grew out of experiences on campus: School email passwords had to be eight characters long and include one uppercase letter, one lowercase letter, a special character and a number.

The researchers figured there had to be a better way.

Still, the studies showed that even with passphrases throwing in a little complexity--a number, a special character--could only help.

“There is no magic bullet,” said Shay, now at MIT. “There is no perfect password.”