1 |
Neil Bothwick wrote: |
2 |
> On Fri, 08 Feb 2019 15:26:22 +0100, Kai Peter wrote: |
3 |
> |
4 |
>>> The was a tool in portage this did this. I tried it but it did not |
5 |
>>> work in the real world because you couldn't set a rule for generated |
6 |
>>> passwords |
7 |
>>> that matched the requirements of all sites, for example some require a |
8 |
>>> non-alphanumeric character while other sites only allow alphanumerics. |
9 |
>>> |
10 |
>>> I can remember what the tools was called, although I'm pretty sure it |
11 |
>>> was written in Python. I'd be interested to know how you get around |
12 |
>>> the conflicting restrictions as this seems a good way to do things. |
13 |
>> By using an existing tool you have to live with its restrictions |
14 |
>> always. But who says that it could not be done? |
15 |
> It wasn't so much a restriction in the tool as the sites, which have |
16 |
> conflicting requirements for passwords - especially the ones that have a |
17 |
> MAXIMUM password length. |
18 |
> |
19 |
> |
20 |
|
21 |
This is something I've ran into on several occasions using LastPass' |
22 |
generation tool. Some sites allow the symbols, letters above the number |
23 |
keys, but don't allow one or more specific ones. A couple examples, the |
24 |
"!" key is a common one not allowed. Others that are sometimes excluded |
25 |
are the "$" and "*" symbols. So I end up telling LastPass to generate |
26 |
passwords until it gets one without any of those characters or I turn |
27 |
off the symbols all together. Of course, turning those off makes a |
28 |
password easier to crack/hack. |
29 |
|
30 |
I did run up on one site recently that allowed any character, all |
31 |
symbols included, and could be as long as 60 characters. I think spaces |
32 |
was the only thing on the keyboard not allowed. Thing is, it wouldn't |
33 |
accept anything longer than 28 or so for me. I started out at 40 and |
34 |
kept dropping down a few digits until I hit the one it would accept. If |
35 |
it had accepted a random password that long with symbols included, I |
36 |
would think hackers would have to attack something besides the |
37 |
password. That is one long password. I've seen paragraphs shorter than |
38 |
that. According to a couple of the test sites, it would take trillions |
39 |
of years to crack a 40 digit password much less 60. Pretty hard thing |
40 |
to get past. What surprises me, a couple sites that I would like to |
41 |
have longer passwords on, won't accept anything longer than a couple |
42 |
dozen characters. I wish all financial sites would take 60 or so like |
43 |
the other one I use. I'm not sure why they limit it to that number. |
44 |
Common software limit maybe? |
45 |
|
46 |
This is one thing about having so many different password tools and each |
47 |
person picking what they like. It makes it harder to figure out how |
48 |
passwords are generated and tracked. Each tool has its own methods. |
49 |
It's sort of like the password strength sites. I didn't rely on one |
50 |
site. I used several plus some common sense as well. If all sites |
51 |
think a password will take thousands of years or more to crack, it is |
52 |
likely a good password. Then apply some common sense to confirm it of |
53 |
course. I ended up with a password that was easier to type and very |
54 |
strong, even stronger than what I started with. The odds of someone |
55 |
just guessing it is virtually zero. The things it is based on is not |
56 |
something anyone other than me would likely consider for creating a |
57 |
password. It's not pets, family names, date of births or anything like |
58 |
that. Heck, even if someone was sitting in my chair, they would be |
59 |
clueless. Even people who know me best would never be able to figure |
60 |
out what it is based on much less how I put it in the password or which |
61 |
ones. Thing is, I think I'll be able to remember it easy enough. |
62 |
|
63 |
I suspect that anyone trying to hack us Linux users, users of this list |
64 |
especially, would have a rough road ahead of them. Based on replies |
65 |
here, some have some pretty good methods of coming up with a password. |
66 |
Let us hope none of us dies instantly and takes the passwords with us. |
67 |
o_O I put mine in a fire safe. Just in case. |
68 |
|
69 |
Dale |
70 |
|
71 |
:-) :-) |