Dumb Passwords Banned By Law

[NATURAL ANKLING]

Hi,
But will you carry on using simple passwords?
New Devices only.

https://www.forbes.com/sites/daveywinde ... t-devices/

"What devices are covered? Well, it's consumer goods legislation and covers routers, security cameras, games consoles, TVs, smart speakers and assistants, baby monitors, doorbells and, yes, smartphones. It doesn't cover laptops and desktops, medical devices, cars, or smart meters."

[fullfathom5]

Stopping product vendors from using default passwords common to all products of a certain type is eminently sensible. For example, my previous Virgin Media router had the default admin password 'changeme'.

I imagine the new legislation will also ensure a certain level of password complexity but that still won't prevent users creating compliant but weak passwords such as Password123#.

[axel_knutt]

A standardised format would be useful.
As fast as I think up methods for remembering passwords I come across something that won't accept them. Too many characters, too few characters, special characters required, special charaters prohibited, case sensitive, uppercase not allowed...........

[Jdsk]

I mostly use passwords that are generated by my devices and stored on them. They're strong and they're automatically checked against list of common passwords.

Jonathan

[[XAP]Bob]

Problem is when they generate the password using a well known function with an input that's easily determined (like the Mac address of a router)

[Psamathe]

I wonder how many people use dumb passwords? Last night my personal web site had logn attempts (from south Korea) using User: "user", password: "user". Either people do use dumb credentials or some hack attempts are "poor".

Ian

[Jdsk]

Either people do use dumb credentials...

They sure do.

Jonathan

[Tangled Metal]

Stopping product vendors from using default passwords common to all products of a certain type is eminently sensible. For example, my previous Virgin Media router had the default admin password 'changeme'.

I imagine the new legislation will also ensure a certain level of password complexity but that still won't prevent users creating compliant but weak passwords such as Password123#.

The person setting the passwords on works ebay account weren't that dumb. No they used password 121212. Perfectly safe that. Another account you just need to know a bit about the guy setting it. A lot of people know him well enough to guess his passwords. Holiday places he particularly raved about. Past home street names, etc. Usually with his birth year in when the number is required.

My passwords are so safe I don't remember them. I have a very cryptic clue written down but not against the website details. Put it this way there's three levels of admittedly basic encryption to log on to anything. Password reset is a big help at times!

[661-Pete]

Right, then. Your new password is:
dPVNveDgN_yT9*-K
You have five seconds to memorise this. After that, your account will be totally inaccessible (except to hackers). Good Luck.

[[XAP]Bob]

You *remember* passwords?

We really need to get over the idea that writing a password down is a bad thing.

Get a password manager, and make a decent password for that. Write it down and file it somewhere safe. We're pretty good at keeping small pieces of paper safe.




For everything else I either let the password manager deal with it or I use `openssl rand -base64 21` which gives 29 cryptographically random symbols from upper and lower case letters and numbers as well as a few symbols (+-/ at least)


In case it isn't obvious... don't use correcthorsebatterystaple...

[mattheus]

Yup - xkcd nail it yet again.

[NATURAL ANKLING]

Hi,
I have too many passwords to remember all of them, but I can remember about 12 off 16 character length.
No they are not random characters, I normally make them up from words that spring to mind or items I see around me.
I cant normally write them down from memory, but I can type them, which must mean that I some how remember a pattern.
I use part of the words not complete words, with digits and non alphabet symbols.
If I am not in front of a keyboard I would struggle.
Not got round to using a password manager yet.

Last time I looked IIRC it was something crazy like 70% of people use simple passwords and reuse then across platforms.

https://kommandotech.com/statistics/wea ... tatistics/
"Editor’s Pick: Weak Password Statistics
75% of Americans find maintaining and keeping track of their passwords frustrating.
43% of Americans have once shared their passwords with someone.
An estimated 81% of data breaches are due to poor password security.
49% of employees only add a digit or change a character when updating passwords.
52% of data breaches resulted from malicious attacks, with each breach costing $3.86 million."

"14. As password reuse statistics show, approximately 76% of millennials recycled their passwords in 2020.
(Security.org)
According to Security.org’s 2020 study on which generations are more likely to put themselves and their security online at risk showed that 76 percent of millennials recycled their passwords. Millennials are also the generation that is most likely to rely on their own memory instead of a password manager to store their credentials. When it comes to baby boomers, a little bit over half of the surveyed ones, 56 percent, recycle their passwords."

Millennials = born before 1980 = Old Farts

[mumbojumbo]

The best passwords use a prime number of at least 5digits,coupled with a Polish surname and a Welsh village.

[rjb]

The best passwords use a prime number of at least 5digits,coupled with a Polish surname and a Welsh village.

Just the village and prime number may suffice like this village name.
lanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch23

[mattheus]

The best passwords use a prime number of at least 5digits,coupled with a Polish surname and a Welsh village.

Just the village and prime number may suffice like this village name.
lanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch23

I had to change my windows password this morning. It didn't allow that one