Welcome Guest ( Log In | Register )

> Announcement: Password security
velvetstooge
Password security 


It's all a queen adreena
Group Icon

Group: Administrators
Posts: 15,470
Joined: 16-January 04
From: Alphabet City
Member No.: 157



In recent weeks there has been a rise in the level of password attacks against on-line forums in general. Unfortunately, we've seen an elevated number of attacks against many of our members' accounts from Tor servers and other anonymous proxies.

For that reason we urge you to consider changing your password if it does not meet these criteria:

  • Do choose a password at least 12 to 14 characters long
  • Do use upper and lower case letters
  • Do mix in some numbers and symbols
  • Do not use names or plain words
  • Do not use dates, or numbers formed from dates
  • Do not include your account name in the password
  • Avoid simple substitution, as in w0rd$


Examples of weak passwords (lifted with gratitude from wikipedia):
  • Dictionary words: chameleon, RedSox, sandbags, bunnyhop!, IntenseCrabtree, etc., can be automatically tried at very high speeds.
  • Words with numbers appended: password1, deer2000, john1234, etc., can be easily tested automatically with little lost time.
  • Words with simple obfuscation: p@ssw0rd, l33th4x0r, g0ldf1sh, etc., can be easily tested automatically with little additional effort.
  • Doubled words: crabcrab, stopstop, treetree, passpass, etc., can be easily tested automatically.
  • Common sequences from a keyboard row: qwerty, 12345, asdfgh, fred, etc., can be easily tested automatically.
  • Numeric sequences based on well known numbers such as 911 (9-1-1, 9/11), 314159... (pi), or 27182... (e), etc., can easily be tested automatically.
  • Identifiers: jsmith123, 1/1/1970, 5551234, "your username", etc., can easily be tested automatically.
  • Anything personally related to an individual: license plate number, Social Security number, current or past telephone number, student ID, address, birthday, sports team, relative's or pet's names/nicknames/birthdays/initials, etc., can easily be tested automatically after a simple investigation of person's details.


Further reading at:
http://en.wikipedia.org/wiki/Password_stre...trong_passwords

Thanks,
The S11 Admin Team
Go to the top of the page
 
Lo-Fi Version Time is now: 21st December 2014 - 07:19 PM