Things just keep getting better.

My password is 1234. No one would ever guess that.

re: #2 WhiteRasta

My password is 1234. No one would ever guess that.

Oh, yeah? Well, mine is even harder to figure out: ABCD.

Mine tend to run 9-16 characters with upper and lower case and numbers.
Two of them are each an entire phrase.

re: #2 WhiteRasta

My password is 1234. No one would ever guess that.

[King Roland has given in to Dark Helmet's threats, and is telling him the combination to the "air shield"]
Roland: One.
Dark Helmet: One.
Colonel Sandurz: One.
Roland: Two.
Dark Helmet: Two.
Colonel Sandurz: Two.
Roland: Three.
Dark Helmet: Three.
Colonel Sandurz: Three.
Roland: Four.
Dark Helmet: Four.
Colonel Sandurz: Four.
Roland: Five.
Dark Helmet: Five.
Colonel Sandurz: Five.
Dark Helmet: So the combination is... one, two, three, four, five? That's the stupidest combination I've ever heard in my life! The kind of thing an idiot would have on his luggage!
from Spaceballs

Eh. In most corporate environments you are forced to use longer passwords with at least one digit, and change the password regularly, yada yada.

monkey?

2 words... life lock :)

re: #3 MandyManners

I'm going to change mine to 6969.....

What about smartcards and PINs. Any better?

re: #8 WhiteRasta

I'm going to change mine to 6969.....

wack6969 :)

re: #2 WhiteRasta

My password is 1234. No one would ever guess that.

Col. Sandurz? Is that you?
Pres. Skroob.

I change mine all the time, but they always show up as *****

re: #6 itellu3times

Eh. In most corporate environments you are forced to use longer passwords with at least one digit, and change the password regularly, yada yada.

monkey?

ya and dont remember 2 letters cant be close together on keyboard, etc... bllahhhhhhh

re: #10 brookly red

:)

I'm really surprised that obama was nowhere in that list given his cult of personality.

Our alarm system has a 4-digit code (actually several). The installer told us to put the duress code on the keypad; if this code is typed, it will shut off the audible alarm but still inform the monitoring company - AND indicate that there is someone there, possibly threatening the owner.
However, I doubt anyone will get that far unless we're away and the dogs boarded.

re: #16 buzzsawmonkey

Nobody ever guesses Middle English passwords.

"passworde"

/did I get it?

I bought our 13 year old son a book on cryptology. My brother in law was a genius musician and a professional encryptionist who worked for the government, and assorted people. We lost his genius to colon cancer in 2006.

re: #16 buzzsawmonkey

The Dungeons and Dragons site only gets so much traffic, though.

re: #15 Jetpilot1101

I'm really surprised that obama was nowhere in that list given his cult of personality.

/ FCBBHO1

re: #9 ArmyWife

I change my password on my bank card every month.

(Just because you are paranoid, does not mean they are NOT out to get you)

re: #2 WhiteRasta

My password is 1234. No one would ever guess that.

I have a better one. My password is "password'!

re: #15 Jetpilot1101

I'm really surprised that obama was nowhere in that list given his cult of personality.

does it mean somebody already cracked his crackberry?
/////

All my passwords are guessable if you know one thing about me. Except for the DOD ones which get so complicated I have to write them down in like 3 or 4 spots and even then I screw them up and have to change them every week?

This is quite interesting piece and these hackers and thieves get better and better along with younger and younger each day. I've been using biometric on my laptops and desktops for a while now which I happen to love, saving all that remembering password sh*&...

re: #16 buzzsawmonkey

yours is enowalready, too?

re: #25 Nevergiveup

You still listening to Joe Morgan babble? Every sentence is a new adventure in banality.

re: #23 sattv4u2

I'd never have guessed that.

I'll bet there are millions of people out there who have that exact password.

I learned at the VA hospital to use passwords that include upper and lower case, numbers and punctuation. It works very well. Just hard to remember the first couple times after you change it.

re: #28 Lincolntf

You still listening to Joe Morgan babble? Every sentence is a new adventure in banality.

It's almost background noise but yes. And the bald guy is no better

re: #25 Nevergiveup

All my passwords are guessable if you know one thing about me. Except for the DOD ones which get so complicated I have to write them down in like 3 or 4 spots and even then I screw them up and have to change them every week?

It's amazing how easy desktop support is when one knows to look for the post-it on the bottom of the keyboard or desk phone for the latest password........

When I trained these groups, they all wondered how I knew this....it called knowing one's user population......

re: #23 sattv4u2

I have a better one. My password is "password'!

'password' is the 4th most common password in Schneier's list.

re: #25 Nevergiveup

All my passwords are guessable if you know one thing about me. Except for the DOD ones which get so complicated I have to write them down in like 3 or 4 spots and even then I screw them up and have to change them every week?

Where I work, we were required to drag thru an online module about information security including computers and passwords. One of the rules: never write down passwords anywhere.

Right.

In some environments I've had to access dozens of systems each with a separate password, not to mention the six or eight I use for personal accounts. Don't write them down. And they can't be sensible words. Riiiight.

OK, don't write them on a yellow sticky placed on your screen.

re: #32 Athos

I use the birthday of the first girl who had sex with me.

Imagine a world in which everyone was completely respectful of property and privacy, and there was no need for locks, passwords, or PIN numbers.

By the way, I've been getting emails all day from people trying to get me to post that the second photograph in this post is the doctored one.

They really must think I'm stupid.

re: #5 Gella

Dark Helmet: So the combination is... one, two, three, four, five? That's the stupidest combination I've ever heard in my life! The kind of thing an idiot would have on his luggage!

"One, two, three, four, five? That's the same combination that's on my luggage!"
-President Scroob, Spaceballs.

re: #25 Nevergiveup

All my passwords are guessable if you know one thing about me. Except for the DOD ones which get so complicated I have to write them down in like 3 or 4 spots and even then I screw them up and have to change them every week?

Is one "rinsenspit"?

re: #33 Charles

'password' is the 4th most common password in Schneier's list.

re: #33 Charles

'password' is the 4th most common password in Schneier's list.

Here at work our system prompts us to change passwords every 14 days. I've been here 10 years now. I'm running out of ideas!

re: #39 MandyManners

Is one "rinsenspit"?

I can't spell that good.

re: #33 Charles

Charles,

Can you see the passwords of your subscribers? Just curious.

My favorite password is "creationistmeltdown". A close second is "ronpaulbot". Every so often I use "imprayingforyoucharlesbecauseyouargoingtoburnihe llfornotbleleivingthattheearthis10000yearsoldohand canyoupleasedeletemyaccountbecauseyoudonttalkabout thejyhadanymoreandthatisafarmorepressingissuetheny ourntichristiancrusade".

re: #37 Charles

By the way, I've been getting emails all day from people trying to get me to post that the second photograph in this post is the doctored one.

They really must think I'm stupid.

Is this your first official moby attack?

re: #39 MandyManners

Is one "rinsenspit"?

"OpEnWiDe"?

re: #35 WhiteRasta

I use the birthday of the first girl who had sex with me.

00/00/0000 !?!?!?!

re: #35 WhiteRasta

I use the birthday of the first girl who had sex with me.

Okay, so it's "something, something" 1917. Am I close?

/kidding

re: #39 MandyManners

Is one "rinsenspit"?

Well that's not the thing you need to know about me.

re: #45 MandyManners

"OpEnWiDe"?

"UFuckinBitMe"?

re: #43 Jetpilot1101

Phrases do work well.....easy to remember and hard to force crack.

re: #38 Fat Bastard Vegetarian

1 2 3 4 5? That's amazing! I've got the same combination on my luggage!

President Skroob..precise quote.

And the same people who promised us that they would protect us from identity theft using our social security numbers, now wants us all to agree to electronically storing our medical records.

re: #46 sattv4u2

00/00/0000 !?!?!?!

ROFLMAO!

re: #49 MandyManners

"UFuckinBitMe"?

Well not but I like that one!

re: #2 WhiteRasta

My password is 1234. No one would ever guess that.

No, no, no. You have to be tricky. Make the file long and alphanumeric.

My password is piequals3141592653589. The truly utterly unguessable passwords are best. And I never, never tell anyone.

/bornyesterday

re: #46 sattv4u2

HEY! I HEARD THAT!

My passwords are all the same:Mxyzptlik.

re: #50 Athos

Phrases do work well.....easy to remember and hard to force crack.

I forgot the sarc tag.

I am pleased to report that not a single one of my various passwords has ever been breached.
This perfect track record exists, I am pretty sure, because noone has ever tried and noone gives a rat's ass.

I have been in DP for almost 30 years (both PC and Mainframe) and know a little about a security systems (having installed whole suites).
So I loved it when the instructions that require that the "PIN' contain at least 2 alphabetics was well as numerics. So when my password needed their approval to be reset and I need to create a new on, I confronted the DP professional (on the phone) with the fact that the N in PIN (Personal Identification Number) means numeric and the PIN's can only be numerics with no alphabetics, they replied it didn't matter what the words meant just follow the instructions. So I asked why they didn't call it a password and not the incorrect PIN term, her reply was that since most people didn't understand computereze it didn't matter if the instructions made sense. This was a large multi region bank and was obviously completely clueless obout the subject, even the terminology. (Note, I was talking to someone on the Indian sub-continent so it was obvious the execs that were in charge of security could care less about the subject).

re: #57 BatGuano

My passwords are all the same:Mxyzptlik.

what a coincidence. I named my kid Mxyzptlik

re: #52 DistantThunder

And the same people who promised us that they would protect us from identity theft using our social security numbers, now wants us all to agree to electronically storing our medical records.

But it will be protected by the same people who are storing the F-35 design plans?

My current gig, they force passwords to be exactly eight characters.

Seems like a bad policy to me.

I read a scifi story where backspaces and timing could be part of your password, but never (yet) seen a real system where that was the case.

re: #59 Spare O'Lake

I am pleased to report that not a single one of my various passwords has ever been breached.
This perfect track record exists, I am pretty sure, because noone has ever tried and noone gives a rat's ass.

Ah, so the password is 'nothingworthstealing'.

What' Myspace?

/

If someone steals the user name and password to my bank account, do they have to cover the overdrafts?

A while back "dodntint" was a really popular password. Only the nerds got it.

re: #63 itellu3times

My current gig, they force passwords to be exactly eight characters.
Seems like a bad policy to me.

I read a scifi story where backspaces and timing could be part of your password, but never (yet) seen a real system where that was the case.

Groucho Marx
Yogi Berra
Johnny Carson
Larry The Cable Guy

there's 4 characters for you!

re: #60 dmandman

You sound like the life of the party, my man.

re: #66 Fat Bastard Vegetarian

If they steal the password are they then obligated to deposit the spoils of their thefts for sharesies?

re: #34 itellu3times

Where I work, we were required to drag thru an online module about information security including computers and passwords. One of the rules: never write down passwords anywhere.

Right.

In some environments I've had to access dozens of systems each with a separate password, not to mention the six or eight I use for personal accounts. Don't write them down. And they can't be sensible words. Riiiight.

OK, don't write them on a yellow sticky placed on your screen.

Save them to an Ironkey flash drive. Then you're as secure as if you'd just memorized them yourself. Memorize one, honest-to-gosh rubbish key generated by tossing coins or something for your secure flash drive.

re: #46 sattv4u2

No her name was LUX Soap....

re: #58 Jetpilot1101

I forgot the sarc tag.

That was SARC?!?!
Dang! And I was about to upding you!

/

I don't know much about passwords, but crosswords, now, that's another matter. ;^)

re: #60 dmandman

I bet you get upset when some one says "ATM Machine".

/

re: #60 dmandman

I have been in DP for almost 30 years (both PC and Mainframe) and know a little about a security systems (having installed whole suites).
So I loved it when the instructions that require that the "PIN' contain at least 2 alphabetics was well as numerics. So when my password needed their approval to be reset and I need to create a new on, I confronted the DP professional (on the phone) with the fact that the N in PIN (Personal Identification Number) means numeric and the PIN's can only be numerics with no alphabetics, they replied it didn't matter what the words meant just follow the instructions. So I asked why they didn't call it a password and not the incorrect PIN term, her reply was that since most people didn't understand computereze it didn't matter if the instructions made sense. This was a large multi region bank and was obviously completely clueless obout the subject, even the terminology. (Note, I was talking to someone on the Indian sub-continent so it was obvious the execs that were in charge of security could care less about the subject).

Package that as a cure for INSOMNIA. You'll be RICH I tell ya!

re: #74 Cato the Elder

Nailed the Sunday xword today. Yeah, baby!

Just to let everyone know: your LGF account passwords are encrypted with a "one-way" algorithm, which ensures that:

1) I can't learn your password, and

2) in the highly unlikely event that someone gets access to our database, they can't learn your password either.

This is why we have a "Forgot your password?" feature. This lets you reset your password if you forget it, in a safe way.

Don't bother asking me to email your password if you forget it, because I don't know it, and can't know it. By design.

If your password is 8675309, what would be the security question?

re: #71 lostlakehiker

Save them to an Ironkey flash drive. Then you're as secure as if you'd just memorized them yourself. Memorize one, honest-to-gosh rubbish key generated by tossing coins or something for your secure flash drive.

/and leave it on the bus...

The Latin Patriarch of Jerusalem said Sunday that Pope Benedict XVI, who is scheduled to visit Israel soon, will tour and preach at "the al-Aida refugee camp in Bethlehem, which symbolizes the right of return and holds a message of peace, brotherhood, and justice".

[Link: www.ynetnews.com...]

"right of return"? Then take them back to Rome!

re: #61 sattv4u2

what a coincidence. I named my kid Mxyzptlik

That is bizzarO.

Almost all passwords for home routers (wireless or cable) or "password" or "admin" as set by the factory. The biggest opening for the average hacker to get into a home PC is simply cruise the streets with a wireless laptop and find a wireless router that has the factory default installed.

re: #72 WhiteRasta

No her name was LUX Soap....

Man, that's old.

re: #79 MandyManners

Who can I turn to.

re: #79 MandyManners

If your password is 8675309, what would be the security question?

How did you find Jennys password?

re: #78 Charles

Don't bother asking me to email your password if you forget it, because I don't know it, and can't know it. By design.

Fair enough ,, but can you instead e-mail me Fat Veggies Bank Account info!?!?!

re: #74 Cato the Elder

I don't know much about passwords, but crosswords, now, that's another matter. ;^)

I'm slowly pulling The Kid into the world of crosswords.

re: #79 MandyManners

If your password is 8675309, what would be the security question?

Number of broken promises by Pres Obama

re: #82 Spare O'Lake

That is bizzarO.

thats the DOGS name!

geeeazzzz

re: #89 simonml

Number of broken promises by Pres Obama

all is not a number...

re: #79 MandyManners

If your password is 8675309, what would be the security question?

How many US dollars it will take to buy a Snickers bar once inflation hits caused by the treasury creating trillions of dollars out of thin air.

re: #79 MandyManners

Here is a trickier question. 7779311. Whos password might this be?

re: #85 Fat Bastard Vegetarian

Who can I turn to.

re: #86 Truck Monkey

How did you find Jennys password?

Who is Rick Springfield's fictious squeeze?

re: #89 simonml

Number of broken promises by Pres Obama

Oh, too good!

re: #88 MandyManners

I'm slowly pulling The Kid into the world of crosswords.

crosswords from his mother?

I hope a hacker breaks into my account rather than a mugger meet me in a dark alley. Mugger'll beat the shit out of me for being broke. Hacker'll only ask his mom for a bowl of Froot Loops.

Since I don't use it anymore, I can reveal my all-time favorite password.

I started with a favorite expression of James Joyce's father, which he put in the mouth of his fictional character Simon Dedalus in Ulysses.

The phrase is: "Shite and onions!"

After some fiddling, this morphed into

$HiT@&0ni0n$!

Got so fast at typing that one it was almost as easy as "password1". And it always made me laugh.

re: #95 MandyManners

Who is Rick Springfield's fictious squeeze?

That's a trick question. Nobody. He only wishes that he had Jessie's girl.

re: #94 Truck Monkey

Here is a trickier question. 7779311. Whos password might this be?

The lead singer of The Time?

re: #93 Jetpilot1101

How many US dollars it will take to buy a Snickers bar once inflation hits caused by the treasury creating trillions of dollars out of thin air.

Could be true one day.

re: #80 brookly red

/and leave it on the bus...

The flash drive itself is hardware encrypted. The attacker gets ten tries at the password, and then it incinerates its own memory. It's also designed to suicide if put under torture. Even the most squeamish of attackers will torture machinery if it might yield up secrets, after all.

Of course, if you leave it on the bus, you've lost your passwords. Reset time, across the board.

re: #97 pre-Boomer Marine brat

crosswords from his mother?

He already lives in that world at times.

re: #95 MandyManners

Uh...Tommy Tutone.

re: #79 MandyManners

If your password is 8675309, what would be the security question?

"Number of pimples on an aardvark's ass?"

re: #104 MandyManners

He already lives in that world at times.

*gasp*
SAY IT ISN'T SO!

/:D

re: #100 Bloodnok

That's a trick question. Nobody. He only wishes that he had Jessie's girl.

*rimshot*

re: #79 MandyManners

If your password is 8675309, what would be the security question?

Who can I turn to ?

re: #79 MandyManners

If your password is 8675309, what would be the security question?

Something about Jenny?

re: #93 Jetpilot1101

How many US dollars it will take to buy a Snickers bar once inflation hits caused by the treasury creating trillions of dollars out of thin air.

If you make under 250,000 a year, your snickers bar is free

Speaking of cross words, I'm gonna' not say a one while I get The Kid to bed. bbiaw

re: #106 Cato the Elder

"Number of pimples on an aardvark's ass?"

"Navin, I'd love you if you were the color of a baboon's ass!"
-The Jerk

re: #79 MandyManners

If your password is 8675309, what would be the security question?

"Should I update my 45 rpm record collection?"

re: #111 Shug

If you make under 250,000 a year, your snickers bar is free

Not free, but there's a $400 tax credit that you can use for the snickers bar.

re: #79 MandyManners

If your password is 8675309, what would be the security question?

Once read an article about all the people with this phone number across America. The author called the number in various area codes and asked the people who answered what it was like. Most of them volunteered they received prank calls on a regular basis. Makes sense.

I once tried to use Apollo11 as a password. I was told by the website it was too easy to guess. How would anyone guess that? Few persons under 40 would know what that is.

RICK SPRINGFIELD DID NOT SING "JENNY"!

OK so passwords are so important- yada yada yada.

But then they all ask the same security question: Your mom's madian name? All the time? So being the genius I am, I made up a fake one. But I forgot who I told the real one and who I told the fake one?

I marvel at the clueless stupidity/simplicty of the "Security" questions used by one of my credit card companies. Their IT people probably never even graduated from a junior college.

My password is nodrog

The Beatles - You Know My Name, Look Up The Number

re: #101 MandyManners

The lead singer of The Time?

3 trillion quatloos are on their way to you. Not many people remember Morris Day and The Time.

re: #121 taxfreekiller

Sonora

Jump in da line

re: #79 MandyManners

If your password is 8675309, what would be the security question?

Hey!. That's my name. I could never remember my password so I changed my name to it. 8675309 dammit. Now everybody knows. Thanks.
/

re: #125 Truck Monkey

3 trillion quatloos are on their way to you. Not many people remember Morris Day and The Time.

Some of us never heard of Morris Day and The Time.

re: #68 sattv4u2

Groucho Marx
Yogi Berra
Johnny Carson
Larry The Cable Guy

there's 4 characters for you!

Now you need four more.

re: #81 Nevergiveup

The Latin Patriarch of Jerusalem said Sunday that Pope Benedict XVI, who is scheduled to visit Israel soon, will tour and preach at "the al-Aida refugee camp in Bethlehem, which symbolizes the right of return and holds a message of peace, brotherhood, and justice".

[Link: www.ynetnews.com...]

"right of return"? Then take them back to Rome!

So, the Cherokee have a right to Tennessee? The Germans have a right to East Prussia? The Greeks have a right to Turkey? The Vietnamese, to southern China?

The list of displaced peoples is as old as history, and before history, the "original" people probably displaced somebody else.

re: #119 Fat Bastard Vegetarian

Tommy tutone did 867-5309.

re: #130 BignJames

Some of us never heard of Morris Day and The Time.

I knew them before they hit it big. Back then, his name was Morris Morning

re: #119 Fat Bastard Vegetarian

It was Hall and Oats, right?

/

re: #128 buzzsawmonkey

Jingle singers...
"Wonderful WINO!
More hits more often!"

"Wonderful WINO!
The big sound in the big town".

re: #132 lostlakehiker

So, the Cherokee have a right to Tennessee? The Germans have a right to East Prussia? The Greeks have a right to Turkey? The Vietnamese, to southern China?

The list of displaced peoples is as old as history, and before history, the "original" people probably displaced somebody else.

Or Lizards?

OK, folks time for a Straw Poll:

It's 02:00 and you are awoken with the sound of someone beating on your front door, beating like it was the DEA.

Do you:

A: call the cops
B:Ignore it and hope they go away.
C: Go downstairs and answer the door
D: Go downstairs with a large caliber firearm in your hand

My dear liberal friends chose option C.

No joke.

It turned out to be a mistake on the part of the people beating on the door. They left when they realized they had made a mistake.

re: #79 MandyManners

If your password is 8675309, what would be the security question?

I would use "Who can I turn to?"

for on-line passwords I like formatC: :)

The article is still relevant, but it was written/published in 12/2006

re: #131 UncleRancher

Now you need four more.

K
John Madden
George Burns
W.C Fields
George Foreman

re: #135 ArmyWife

It was Hall and Oats, right?

/

No, but John Oats had the greatest "porn-stache" in history (IMHO).

re: #138 WhiteRasta

You assume that the person beating on my door at 2 in the morning got past my outer and inner perimeters of claymores, razor wire and bouncing bettys. If they made it to my door at 2 AM, I'm going to open the door and hand them a beer.

re: #85 Fat Bastard Vegetarian

Who can I turn to.

My brother! I swear I did not see you post that first! I owe you a Coke!

Can you arrange to sell stuff in Atlanta May 16-17?

re: #138 WhiteRasta

I'd answer D, but I'm confused by your post. Why was it a mistake for the door beaters?

re: #138 WhiteRasta

OK, folks time for a Straw Poll:

It's 02:00 and you are awoken with the sound of someone beating on your front door, beating like it was the DEA.

Do you:

A: call the cops
B:Ignore it and hope they go away.
C: Go downstairs and answer the door
D: Go downstairs with a large caliber firearm in your hand

My dear liberal friends chose option C.

No joke.

It turned out to be a mistake on the part of the people beating on the door. They left when they realized they had made a mistake.

E: Shoot from the upstairs window

Evening all, what's shaking?
Anyone know anyone with swine flu?
Has CAIR asked Napolitano to rename the disease?

re: #142 MonkeySon

The article is still relevant, but it was written/published in 12/2006

You're just mad about the "monkey" remarks he made, aren't you?

/

re: #120 Nevergiveup

OK so passwords are so important- yada yada yada.

But then they all ask the same security question: Your mom's madian name? All the time? So being the genius I am, I made up a fake one. But I forgot who I told the real one and who I told the fake one?

Mother's maiden name isn't as bad as "City of your present address", or "Telephone number associated with your account", or "zip code".

Swine flu fears close schools in NY, Texas, Calif.

[Link: www.breitbart.com...]

Kinda like calling in a bomb scare I guess?

re: #149 Jim in Virginia

Evening all, what's shaking?
Anyone know anyone with swine flu?
Has CAIR asked Napolitano to rename the disease?

It's not swine flu. It's Porkulus allergy!

re: #146 OldLineTexan

somebody going to Hot-lanta?

re: #147 ArmyWife

They were blind drunk and were knocking on the wrong door...

re: #130 BignJames

Some of us never heard of Morris Day and The Time.

A lot of talent in the original band. Jimmy Jam and Terry Lewis came from The Time.

re: #149 Jim in Virginia

Not yet, but it seems Janet N doesn't find it necessary to test those traveling to the US from Mexico via airplane.

Of course she thinks the 9-11 hijackers crossed the Canadian border, so heck, we should trust her on this one, too, right?

re: #147 ArmyWife

I'd answer D, but I'm confused by your post. Why was it a mistake for the door beaters?

Well in your case because I assume the safety was on semi or full automatic?

re: #148 simonml

You win the prize!

At work, we're prompted to change our login passwords every 45 days...I change it to something relatively short (8-10 characters) and as complex as I can get it (35-40 bits, using lower- and upper-case letters, 0-9, and special characters [such as $, %, and @]), but something that's easy to remember. I'll then use that password or some variation of it for my Windows login on my personal machines and as the master password for my KeePass Password Safe database; I use KeePass to file all of my other website logins and passwords (banking, LGF, etc.), using the strongest passwords those sites allow and change those few months or so.

re: #151 pre-Boomer Marine brat

My mother is French, so the maiden name thing for me would be pretty hard to guess, and then spell because it's spelled much differently then how it sounds!

re: #157 Truck Monkey

A lot of talent in the original band. Jimmy Jam and Terry Lewis came from The Time.

Uhhh...ok.

re: #81 Nevergiveup

The Latin Patriarch of Jerusalem said Sunday that Pope Benedict XVI, who is scheduled to visit Israel soon, will tour and preach at "the al-Aida refugee camp in Bethlehem, which symbolizes the right of return and holds a message of peace, brotherhood, and justice".

[Link: www.ynetnews.com...]

"right of return"? Then take them back to Rome!

* * * * * *
Pastor Benedict is NOT being well served by his Spanish & Italian & German acolytes/assistants who should KNOW BETTER than to let him be USED by the islamists who murder Christians and deny Israel's right to exist.

Leftist Catholics should not tell Pope Benedict what to do!

re: #160 WhiteRasta

You win the prize!

Dare I ask, what is the prize?

re: #157 Truck Monkey

OWEEOWEEO!

re: #166 Fat Bastard Vegetarian

OWEEOWEEO!

deliverance?

re: #153 buzzsawmonkey

The proper answer is to lean out the upstairs window and break into "Barnacle Bill the Sailor":

Who's that knocking at my door
Who's that knocking at my door
Who's that knocking at my door
Cried the fair young maiden.

Are we going to get the naughty verses?

/I love the Popeye version

re: #165 simonml

My undying respect and admiration......

re: #155 Fat Bastard Vegetarian

somebody going to Hot-lanta?

ME! ROAD TRIP!

re: #167 Nevergiveup

deliverance?

you got a purty mouf

re: #34 itellu3times

Where I work, we were required to drag thru an online module about information security including computers and passwords. One of the rules: never write down passwords anywhere.

Right.

In some environments I've had to access dozens of systems each with a separate password, not to mention the six or eight I use for personal accounts. Don't write them down. And they can't be sensible words. Riiiight.

OK, don't write them on a yellow sticky placed on your screen.

You've hit on a real problem. I read an article a year or two ago that addressed this. Most people who are online have multiple accounts with passwords - work accounts, email accounts, forums, banks, investment sites, etc. The guy who wrote the article had 44 separate accounts requiring passwords. There's no way people can reasonably remember that many different passwords. They write them down, pick easy to remember (and easy to guess) passwords, or they use the same password on multiple accounts.

A tip I learned a long time ago was to make a password using two semi-related words and stick a number between them, ie, cattle4ranchers. It's easier to remember than a random string, but it's weird enough to not be easily guessed.

A little trivia -

blink182 (one of the "popular" passwords) is the name of a band that originated in Poway, California.

Theories abound about the origin of the name, but I met a member of the band who told it to me.

It means "fuck RB". "blink" represents "fuck" and 18 is the alpha position of "R" an 2 is of "B".

RB represents Rancho Bernardo. Rancho Bernardo High School is the rival of Poway High School. That rivalry isn't that intense, except in the music programs. Which is where most of the members of Blink182 got to know each other - in the Poway High band room.

re: #138 WhiteRasta

E: Go to the door with my Trot Nixon autographed Louisville Slugger. It happened once not so long ago, it was just our neighbor who was concerned that his elderly mother might not have been answering the door because she wasn't well and wondered if we had seen her. He did give the bat a funny look while he was talking, I'll say that.

re: #159 Nevergiveup

Ok, so really I'd send my husband down with a great big gun (he has many to chose from). I have a little revolver, 38 special. Not complicated, small enough for my hand (I'm only 5'2 - on my tip toes), I can handle it and shoot it accurately.

re: #33 Charles

'password' is the 4th most common password in Schneier's list.

I thought the instructions were clear: "Please enter password."

re: #156 WhiteRasta

I'd hope anyone answering with a firearm would be really clear there was a threat prior to shooting!

re: #169 WhiteRasta

My undying respect and admiration......

I'm listing it on craigslist. What do you think it'll fetch?

/

Air conditioning on the fritz.
Laptop on lap is warm.
Bad combination.

"Screw you guys, I'm going home."...Eric Cartman

re: #177 ArmyWife

Hey...nothing good happens after 2am.

re: #176 UncleRancher

I thought the instructions were clear: "Please enter password."

That's as easy as "Speak friend and enter".

re: #176 UncleRancher

I thought the instructions were clear: "Please enter password."

And then they get lost when they can't find the 'Any' key......

"Please press Any key"......

re: #174 Lincolntf

It would be too bad to mess up an autographed bat.

Take a .357 next time...

re: #175 ArmyWife

Ok, so really I'd send my husband down with a great big gun (he has many to chose from). I have a little revolver, 38 special. Not complicated, small enough for my hand (I'm only 5'2 - on my tip toes), I can handle it and shoot it accurately.

"Nobody ever raped a .38"

I hate how incredibly sexist the quote is, but its reassuring for a lot of women who carry.

re: #178 simonml

About $ 15.00 Jamaican Dollars...

re: #181 Fat Bastard Vegetarian

Hey...nothing good happens after 2am.

That's what I tell my 2 daughters

re: #179 Fat Bastard Vegetarian

Air conditioning on the fritz.
Laptop on lap is warm.
Bad combination.

"Screw you guys, I'm going home."...Eric Cartman

I bought one of those Belkin laptop cooling thingies.

re: #158 ArmyWife

Not yet, but it seems Janet N doesn't find it necessary to test those traveling to the US from Mexico via airplane.

Of course she thinks the 9-11 hijackers crossed the Canadian border, so heck, we should trust her on this one, too, right?

Seriously- is there a test for swine flu? How easy and expensive is it, how long to get results?
I heard that a Mexican office the One met down there on his trip has died from swine flu.

re: #148 simonml

E: Shoot from the upstairs window

Wrong answer. Never shoot at someone or threaten them for an upstairs window. That's a quick way to a long prison sentence.

Lions016 : up until this past year, that password was an impossible idea

So this year I'm changing it to LionsSuperbowlChamps

NOBODY would guess that one

re: #166 Fat Bastard Vegetarian

OWEEOWEEO!

[Link: en.wikipedia.org...]

re: #181 Fat Bastard Vegetarian

Hey...nothing good happens after 2am.

uhhhh, this is NYC ;)

12345?! That's the same combination on my luggage!

Cotton Jenny

re: #194 wiffersnapper

12345?! That's the same combination on my luggage!

And we start over....

re: #177 ArmyWife

You beat on my door at that time of night, there is a clear danger...To you.

re: #52 DistantThunder

And the same people who promised us that they would protect us from identity theft using our social security numbers, now wants us all to agree to electronically storing our medical records.

It's not the government's fault that SSNs became the de facto ID number for most Americans. You can blame banks, hospitals, and universities for that one, along with others.

The SSA states very clearly that SSNs are private and supposed to be used only for SSA/client business.

In days gone by I used to make myself very unpopular at hospitals and the like when I'd point out that routinely asking for SSNs as convenient ID nos. was illegal and dangerous. Blank stares, hostility, and threats of no service resulted.

My, it was fun!

re: #186 WhiteRasta

About $ 15.00 Jamaican Dollars...

I'll hold onto your respect and admiration then. It'll gain value over time as you become disenchanted with the world

Anyone who remembers Barnacle Bill has good taste and must me as old as I am.

There are tests for it, yes.
Anyone other than me get the swine flu vaccine in 1976?

...Three elderly people in Pittsburgh died on the same day within hours of getting swine flu shots. It was a chance event, but just the sort of guilt by association that arises whenever a public health intervention is done on a mass scale.

What killed the program, though, was the observation in early December that people given the swine flu vaccine had an increased risk of developing Guillain-Barre syndrome, a rare, usually reversible but occasionally fatal form of paralysis. Research showed that while the actual risk for Guillain-Barre was only about 1 in 1,000 among people who had received the vaccine, that was about seven times higher than for people who didn't get the shot.

On Dec. 16, the swine flu vaccine campaign was halted. About 45 million people had been immunized. The federal government eventually paid out $90 million in damages to people who developed Guillain-Barre. The total bill for the program was more than $400 million. ...

A Shot in the Dark: Swine Flu's Vaccine Lessons

re: #199 simonml

Too late.

I became disenchanted with the world long ago.

re: #197 WhiteRasta

You beat on my door at that time of night, there is a clear danger...To you.

It could be Ed McMahon and Publishers Clearinghouse.

Or Avon calling.

re: #149 Jim in Virginia

Evening all, what's shaking?
Anyone know anyone with swine flu?
Has CAIR asked Napolitano to rename the disease?

The last one is probably her top priority right now with the situation.

re: #119 Fat Bastard Vegetarian

RICK SPRINGFIELD DID NOT SING "JENNY"!

Oh, shit. You're right.

My apologies.

Barnacle Bill:

re: #189 Jim in Virginia

There is - what could happen is a screening though, looking for people who claim to have flu like symptoms. Not perfect, but better than "Hey - come on in with your sick selves!". Thus far it's responding to anti-viral meds, but per my husband (the medical professional), you have to take it on onset of symptoms, otherwise the efficacy diminishes. I'm sure there are some physicians on here that could confirm or deny that for us, though.

[Link: www.nytimes.com...]

re: #198 Cato the Elder

It's not the government's fault that SSNs became the de facto ID number for most Americans. You can blame banks, hospitals, and universities for that one, along with others.

The SSA states very clearly that SSNs are private and supposed to be used only for SSA/client business.

In days gone by I used to make myself very unpopular at hospitals and the like when I'd point out that routinely asking for SSNs as convenient ID nos. was illegal and dangerous. Blank stares, hostility, and threats of no service resulted.

My, it was fun!

Back when I was young, had more time and was easily amused I applied for several department store credit cards and refused to give my SSN. I got declined, called customer service to complain and told them I would not shop at their stinking store. As I recall, two out of three issued me a card without an SSN.
When I moved to Virginia in the late 80s the DMV required an SSN for a drivers license. A couple years ago, due to identity theft concerns, they replaced the SSN on a license with a random ID number.

Tommy Tutone sang "Jenny".

re: #198 Cato the Elder

It's not the government's fault that SSNs became the de facto ID number for most Americans. You can blame banks, hospitals, and universities for that one, along with others.

The SSA states very clearly that SSNs are private and supposed to be used only for SSA/client business.

In days gone by I used to make myself very unpopular at hospitals and the like when I'd point out that routinely asking for SSNs as convenient ID nos. was illegal and dangerous. Blank stares, hostility, and threats of no service resulted.

My, it was fun!

The US armed forces starting using SSNs for serial numbers around 1970 or so, thus a lot of veterans SSN's are out there in their records. Before that military personnel were issued a unique number for a serial number with a two letter prefix. The prefix denoted whether you were a draftee or a person who voluntarily enlisted.

re: #103 lostlakehiker

The flash drive itself is hardware encrypted. The attacker gets ten tries at the password, and then it incinerates its own memory. It's also designed to suicide if put under torture. Even the most squeamish of attackers will torture machinery if it might yield up secrets, after all.

Of course, if you leave it on the bus, you've lost your passwords. Reset time, across the board.

The obvious answer to that is to also write the passwords down, and store the written copy in a safe place. Not in the purse or wallet, and not on sticky note on the monitor. Find a place in your home that's easily accessible, and also easily described, so that if you lose your passwords on the road, you call call home and have a family member or friend recover the note and read it to you.

Myself, I use single words or numeric sequences that have some significance to me, but only to me. Not birthdates, etc.

Ooooh. Some bad craziness going on.

The only good craziness I've ever had involved that Belgian I dated in college. Those were the days.

For what its worth, here's what I did Friday and Saturday.
American Odyssey relay run.

Running through Antietam at 4 in the morning would have been creepy if it weren't for the fact that we were all dead tired.

re: #208 Jim in Virginia

Back when I was young, had more time and was easily amused I applied for several department store credit cards and refused to give my SSN. I got declined, called customer service to complain and told them I would not shop at their stinking store. As I recall, two out of three issued me a card without an SSN.
When I moved to Virginia in the late 80s the DMV required an SSN for a drivers license. A couple years ago, due to identity theft concerns, they replaced the SSN on a license with a random ID number.

I was going to get a new library card for the local library a few days ago, and was told I had to give my driver's license number and two personal references along with some other things I don't recall. I told them to shove it, it wasn't worth the trouble, and they sure weren't getting my driver's license number.

re: #213 Jim in Virginia

For what its worth, here's what I did Friday and Saturday.
American Odyssey relay run.

Running through Antietam at 4 in the morning would have been creepy if it weren't for the fact that we were all dead tired.

Don't you mean running through Sharpsburg? (tongue in cheek)

re: #125 Truck Monkey

3 trillion quatloos are on their way to you. Not many people remember Morris Day and The Time.

Most people in my age group in Mpls do.

One of my parents actually WORKED at First Ave. through the whole Prince/Time era. It was sweet. I had a personalized First Ave. staff jacket.

re: #215 HDrepub

Don't you mean running through Sharpsburg? (tongue in cheek)

You must be a Rick Perry fan.

/

re: #125 Truck Monkey

3 trillion quatloos are on their way to you. Not many people remember Morris Day and The Time.

"Jungle Love"! My hubby and I LOVED dancing to that!

re: #217 Jim in Virginia

You must be a Rick Perry fan.

/

No, I don't even know what Rick Perry looks like. I have a brother who is a Civil War history nut with the southern flavor, and will always correct me if I say Antietam instead of Sharpsburg or Bull Run instead of Manassas

re: #151 pre-Boomer Marine brat

Mother's maiden name isn't as bad as "City of your present address", or "Telephone number associated with your account", or "zip code".

I signed up for Identity Protection through my bank (also my employer) the other day. One of their questions to issue me an Access Code was "What city have you previously lived in?" There were four cities I had NEVER lived in, my PRESENT city of residence, and "none of the above". Since "previously", last time I checked, means "before", I chose "none of the above". Turns out I was being too literal. I got the question wrong.

I felt quite the idiot.

re: #34 itellu3times

In some environments I've had to access dozens of systems each with a separate password, not to mention the six or eight I use for personal accounts. Don't write them down. And they can't be sensible words. Riiiight.

I used to have to pass through 3 cypher locks just to get into my workspace where I had two safes and multiple combination locks. Hell, we all wrote them down.

Now I just list them all on a sheet of paper that's kept in a gun safe. I only have to remember one combination now to get the other combinations and passwords.

re: #3 MandyManners

Oh, yeah? Well, mine is even harder to figure out: ABCD.

Now, I was partial to "Iforgot" back in the early days.

re: #172 Emerald

A tip I learned a long time ago was to make a password using two semi-related words and stick a number between them, ie, cattle4ranchers. It's easier to remember than a random string, but it's weird enough to not be easily guessed.

exactamundo what I usually do.

re: #223 itellu3times

exactamundo what I usually do.

Hmmmm..... In general any "dictionary" words in a password make it ipso facto much more vulnerable to a brute force attack. It's fine for something like an online newspaper or webforum site, but I wouldn't recommend having any dictionary words in, say, a bank login password.

When I tell people how to create secure passwords, I give them this example and tell them not to use this exact one because I frequently use it as an example.

oaiphdgbospd

Easily remembered: One-Armed Irish Paper Hangers Drink Green Beer On Saint Patrick's Day

They say to never write down a password, but I got so many now that I have to keep them in a password protected excel file.

Charles:

> Your LGF account passwords are encrypted
> with a “one-way” algorithm

Hashing.

> in the highly unlikely event that a malicious
> person gets access to our database, they can’t
> learn your password either.

But once they have access to the hashed passwords, then they can simply compare it to a pre-made hash list of possible passwords and find matches.

Kosh's Shadow:
> Mine tend to run 9-16 characters with upper and
> lower case and numbers.
> Two of them are each an entire phrase.

I know that it is often recommended to use lower and uppercase letters, numbers, and every kind of strange characters. My problem with this approach is that it makes very hard to remember passwords, and it is also hard to type them. The first problem causes people to tape their passwords next to the screen and/or reuse them, and the second one caues a lot of grief.

I personally use only lower case characters, but I use a lot. The passwords make sense (in the sense that they are sentences), but otherwise it is hard to figure them out. The up/low/num/control-chars were important when the password hashing functions only used the first 8 chars and ignored the rest. Yes, in those times, one needed to put as much randomness into that little field. But if the hashing algorithm calculates the has over the full length of the password, then this requirement becomes obsolete.

Vilmos

re: #227 vilmos

Charles:

> Your LGF account passwords are encrypted
> with a “one-way” algorithm

Hashing.

> in the highly unlikely event that a malicious
> person gets access to our database, they can’t
> learn your password either.

But once they have access to the hashed passwords, then they can simply compare it to a pre-made hash list of possible passwords and find matches.

Sure, they could do that, if they get into the database. But if they get into the DB, that's the least of our worries.

But once they have access to the hashed passwords, then they can simply compare it to a pre-made hash list of possible passwords and find matches.

It doesn't work that way, or at least, it hasn't since the days of Netware and Windows for Workgroups. The way web sites work, as Charles pointed out, is if you've got access to the database, you probably don't care about individual users. Take Twitter as an example: they just repeatedly tried different passwords until they guess an admin's password that happened to be weak.

Most attacks on a site like LGF would be by repeated login attempts by bots, by phishing or cross-site scripting (XSS). Botnets are hard to deal with, basically, you have lots of computers that try logging in with common passwords, so you have to figure out (automatically) whether the login is by a human or a machine. That's why you see those captchas on a lot of big name sites. Phishing is very hard to defend against because it takes advantage of dumb users. And XSS requires continual auditing and research to find and close security holes.

That's the trouble with computer crime: the only thing more boring and tedious than committing the crime is defending against it.

re: #226 MadJadBad

You could do worse, but Excel's really not designed to store passwords, and at least for older versions the encryption was pretty easy to break. For managing passwords, I'd recommend a dedicated app like KeePass. It's free software, has some decent features and is cross platform.

As a government worker (yeah, I know- G-d help me) over the years I've seen that most so-called "passwords" are restricted to between 4 and 8 characters. And I know that a huge number of bank and credit card PINs are still only 4 digits. Most of the people I work with have their user names and passwords on post-its stuck to the monitor.

I have no reason to believe it's different at any other government agency. So much for security.

Charles, if you're still milling around on this thread...
How does a one-way encrypted algorithm work, anyway? Is the algorithm developed by a third party? I think it would have to be because if YOU wrote the algorithm you'd still be able to break the encryption.

One way hackers get passwords to some sights is to call up customer service and tell them they forgot their password. Sometimes the CS rep gives it to them.

I don't keep passwords in my computer. I write them on a page of paper in alphabetical order and store the paper away from the computer. This way I don't have to remember phrases, and I can make them as complicated as I want. I make a copy in case I loose the original. Every so often, after more passwords have been added, I copy the original and shred the old. Sometimes I have to start over with a new blank sheet if I run out of space in an area.

I don't let web sights store my credit card info. It doesn't take very long to type in the info.

One way to foil the hacking software is to have the password letters timed. In other words, there would be a number graph from 0-10 (or how ever long or short you want it). The cursor would start across the numbers at the rate of one per second for example. You have to type the character in at the right time. This would slow down the hacker software because instead of constantly entering random passwords, now it has to take the time to try each variation of each password. It would take forever just for one word.

One advantage to doing the password this way is you would only need a 4-5 character password since there would be so many possible combinations of when to type in each one.

I work at a small college and every month, we get hit by emails asking the students for their Username and Password, so the Computer Security people can verify their information. Every time, at least one person will respond and get us blacklisted for a week or so. And the student then complains about us shutting his email off till he changes his password. Password 8-128 characters and must have letters and numbers. Basketball1 is not acceptable.
We run John the Ripper software to catch too simple passwords.

re: #232 bosforus

Charles, if you're still milling around on this thread...
How does a one-way encrypted algorithm work, anyway? Is the algorithm developed by a third party? I think it would have to be because if YOU wrote the algorithm you'd still be able to break the encryption.

It's called "hashing," as vilmos mentioned above -- it uses a well-known, highly secure algorithm that takes the password you enter when you register and puts it through a series of mathematical transformations that result in an encoded version that can't be reversed. Then, when you log in, the password you enter is put through the same process and compared against the stored version. If it matches, it's the same password. But the actual password is never stored in our DB in a human-readable form.

Good post.

I just learned that Blink182 fans are the fifth dumbest password creators. Even ahead of football drones. Yum!

re: #232 bosforus

Charles, if you're still milling around on this thread...
How does a one-way encrypted algorithm work, anyway? Is the algorithm developed by a third party? I think it would have to be because if YOU wrote the algorithm you'd still be able to break the encryption.

Good encryption can't realistically be broken even if you know the algorithm.

re: #235 Charles

It's called "hashing," as vilmos mentioned above -- it uses a well-known, highly secure algorithm that takes the password you enter when you register and puts it through a series of mathematical transformations that result in an encoded version that can't be reversed. Then, when you log in, the password you enter is put through the same process and compared against the stored version. If it matches, it's the same password. But the actual password is never stored in our DB in a human-readable form.

Cryptographic Hash Function

Hashes are often salted as well, meaning that some predetermined random bits are appended to the password before the hash is calculated. This prevents people from feasibly generating a lookup table of hashes of common passwords (if they know the hashing algorithm). And of course they need access to the database in the first place.

re: #237 IngisKahn

Cryptographic Hash Function

Hashes are often salted as well, meaning that some predetermined random bits are appended to the password before the hash is calculated. This prevents people from feasibly generating a lookup table of hashes of common passwords (if they know the hashing algorithm). And of course they need access to the database in the first place.

Yep. And salt is sprinkled over LGF's hash as well.

re: #238 Charles

Yep. And salt is sprinkled over LGF's hash as well.

Yum.
If this thread weren't dead that would generate a thousand food related password puns.

re: #239 IngisKahn

Yum.
If this thread weren't dead that would generate a thousand food related password puns.

That's a lot to digest.
/groan

I'm a pattern kinda guy.

Pick a starting point, apply either a geometric progression (square, triangle, or circle) that you're comfortable with, making sure you hit the top row once, or preferably twice, in combination with a shift or even pattern of shifts thrown in.

Such general patterns are easier to remember, so they don't have to be written down, and usually result in a meaningless jumble that would cause the mainframes in the bowels of Fort Meade to utter a sigh before churning for an inordinate amount of time.

That strategy never generated a password that was ever cracked by the numerous network sweeps conducted by USAF security monitors, and never had a problem clearing their minimum complexity requirements either.

As an aside - well deserved salute to Charles - I've always been highly impressed with the very straightforward and effective site security employed here at LGF, and doubly impressed that it was of his own design, and not something he just bought out of a box or via download and tweaked to make a 'fit'.

Fantastic, World Class work. Well done, sir.