Skip to content
View in the app

A better way to browse. Learn more.

Tip.It Forum

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

What kind of passwords do you guys have?

Featured Replies

Recently, a friend of mine had her password stolen for her banking account, and I've decided to get off my lazy [wagon] and stop using 3 passwords. I was setting my passwords uniquely for every site, when I realized how impossible they are to crack. At lease, I think. See this:

 

 

 

##LONGWORD#*#LONGWORD#*#LONGWORD##

 

 

 

Now, assuming 500k words in English (there are really more then a million, plus scientific terms)

 

100*500000*2600*500000*2600*500000*100 = 8 450 000 000 000 000 000 000 000 000

 

 

 

That's 8 hextillion, 450 septillion.

 

 

 

Does anyone think that's just a tad paranoid? Oh, and I have about 35 of those to remember.

 

 

 

What'd ya say, tip.it? Am I crazy? What kinda passes do you use? And am I the only one who wants to immolate every site that has a character limit on passwords less then 64?

 

 

 

Cheers!

That's what it takes to be a hero, a little gem

of innocence inside of you that makes you want

to believe that there still exists a right and wrong,

that decency will somehow triumph in the end.

--Lise Hand

I have a few throwaway ones I use for sites I either don't trust or am rarely going to use. Then there are two that are 15-digit hex strings that I use for more secure things that I use often, but still need to remember a password for, and anything super-important (banks, servers, other stuff with actual money/credit card info) is a freakishly long random generated one I use with keepass.

 

 

 

None are actual words though.

my passwords are usually just 6-7 word/letter combinations that I don't really remember and set it to auto-remember in my browser, infact I don't even know what my Tip.it password is and just have it re-emailed to me something happens.

eggzs.png

I'm kind of in the same boat as you. I have some long passwords for things like my windows logon, or important sites, but then there are throwaway ones for like ebaumsworld (because what's the most I lose there....e-rep points? Oh what a loss).

 

 

 

I'll probably just make a random password generator for myself in VB or maybe C++ since I need the practice. The hard part is making sure it's hard to crack (ie using upper and lower cases, numbers, and symbols), but easy to remember...The remembering part is what gets me.

 

 

 

The problem with your password scheme is that you use words. You shouldn't use any words in your password, for dictionary attacks. And so what if there are a million words. The fastest password cracker can do more than 76 billion passwords per second. Even going though all possible capitilization, it's less than a second to find your "longword".

 

 

 

Go with something that is rather long, but makes sense to you, but nobody else..Maybe remember "I work at Wal-Mart 5 days at $7.00 per hour" as IwaW-M5d@$7...Pretty easy to remember, but a has upper case, lower case, numbers, and symbols, and is 11 characters long...That's how I came up with a few of my current passwords.

[hide=Funny Quotes]

So you sucker punched a kid in the back of the head? Good job.
What scares me is that you're like 10 years old.
-.- im not that freaking young
You were a couple years ago.
It's not racist if its true.
Hmm... I wonder how one goes about throwing someone out a window in a mystic fashion :-k

 

The mental image for that is freaking awesome.

[/hide]

- I dont need to "get a life." I'm a gamer - I have LOTS of lives!

I'm pretty much the same too, I have several passwords that are a mix of letters, numbers and even (dang can't remember the word, but I have a lot of periods(.) as well in my passwords). I do have a throwaway one for sites I don't use often and sites I know I will only use once.

  • Author
I'm kind of in the same boat as you. I have some long passwords for things like my windows logon, or important sites, but then there are throwaway ones for like ebaumsworld (because what's the most I lose there....e-rep points? Oh what a loss).

 

 

 

I'll probably just make a random password generator for myself in VB or maybe C++ since I need the practice. The hard part is making sure it's hard to crack (ie using upper and lower cases, numbers, and symbols), but easy to remember...The remembering part is what gets me.

 

 

 

The problem with your password scheme is that you use words. You shouldn't use any words in your password, for dictionary attacks. And so what if there are a million words. The fastest password cracker can do more than 76 billion passwords per second. Even going though all possible capitilization, it's less than a second to find your "longword".

 

 

 

Go with something that is rather long, but makes sense to you, but nobody else..Maybe remember "I work at Wal-Mart 5 days at $7.00 per hour" as IwaW-M5d@$7...Pretty easy to remember, but a has upper case, lower case, numbers, and symbols, and is 11 characters long...That's how I came up with a few of my current passwords.

 

 

 

You've just scared the heck out of me... I really don't know what to think. I'm in shock. That's a lot of passes/sec. Then I did the math, and if I didn't screw it up, that still takes billions of years to crack my pass :) What I like about using words is that I can remember a word as easily as a letter - and caps kill me. So if I use v, that's 1/26, or 1/74 of we're using all the characters. But if I remember farce, that's 1/500k, which is a much better deal. I throw in a lot of numbers and characters too so that a dictionary based attack will have to start guessing random characters added in. And do you want to know a secret? Regardless of weather or not you used caps, if the software assumes you did, it will still take that long to crack it :) I know one word can be found very easily, but when you use a few words, as well as random chars... Takes a lot longer.

 

 

 

Oh, and I have several throwaway passes too, and groups of passes - I use the same pass for about 5 wikis I edit. I'm really supprised I'm the only one who uses words, though. Adding misspellings can defeat dictionary based attacks, too.

That's what it takes to be a hero, a little gem

of innocence inside of you that makes you want

to believe that there still exists a right and wrong,

that decency will somehow triumph in the end.

--Lise Hand

I use numbers+letters, 17 in total. It's good enough for me.

 

 

 

 

Adding misspellings can defeat dictionary based attacks, too.

 

 

 

 

 

 

I have a 27GB word list and it includes the most [developmentally delayed]ed ways you can ever spell a word, so no.

Dictionary attacks include misspelled words, so if you had hnad instead of hand, it would be picked up...And that's just dictionary attacks, that's leaving out brute force, which is a different subject.

 

 

 

Your password is relatively safe, except from (good) keyloggers. Especially if it's kept encrypted (after all, it took almost 5 years for the 64-bit encryption to be broken, and we're up to what, 128-bit standard now?). You shouldn't be scared, but you should use acronyms in place of words, if you really want to be safe, and remember your passwords easier. If you have 35 passwords that are like 20 characters in length, that's 700 random characters to remember (which is 70-100x more than the normal person can memorize at one time).

 

 

 

I'm not saying you aren't safe, but if you have to write down the passwords, or save them in your browser (definitely not a good idea, especially with FireFox), you may as well just have your password as abc123 or something like that. By using acronyms like what I described in my last post, you increase the chance you remember the password (make it about the site or something), while avoiding dictionary attacks, and increasing the time a brute-force would take to something so high that hackers would probably give up (unless you had something really important, and they had a lot of computers dedicated to the task, in which case not much would stop them).

 

 

 

tl;dr - you're safe, but you should pick better methods for password creation IMO.

[hide=Funny Quotes]

So you sucker punched a kid in the back of the head? Good job.
What scares me is that you're like 10 years old.
-.- im not that freaking young
You were a couple years ago.
It's not racist if its true.
Hmm... I wonder how one goes about throwing someone out a window in a mystic fashion :-k

 

The mental image for that is freaking awesome.

[/hide]

- I dont need to "get a life." I'm a gamer - I have LOTS of lives!

Mine are usually 8-10 characters of alphanumeric nonsense with some symbols thrown in. I'm starting to think that they might be too short though (Even though I've never been hacked since I set my original RS account password to my name in 2002) and a 15 character or so pass might be in order.

 

I usually use a passgen for my passwords. I also have some really crappy ones for accounts I hardly care about.

C2b6gs7.png

It depends on the site/function of the password.

 

Normally for forums I keep them short and sweet, why over complex things which have 0 monetary value.

 

Other things like ftp, admin and other important accounts get atleast 8 chars (letter) with 3 or more numbers mixed in.

 

I'm always wary about writing them down or saving them in a file as if you loss the paper or someone/thing infects your PC you can have major issues.

[hide=Drops]

  • Dragon Axe x11
    Berserker Ring x9
    Warrior Ring x8
    Seercull
    Dragon Med
    Dragon Boots x4 - all less then 30 kc
    Godsword Shard (bandos)
    Granite Maul x 3

Solo only - doesn't include barrows[/hide][hide=Stats]

joe_da_studd.png[/hide]

I usually make up a stupid sentence and then take the 1st letters from each of the words turning S into 5, A into 4 etc.

 

 

 

Here's an example:

 

 

 

ah yes, the weather here is totally naff

 

 

 

Take all the first letters you get:

 

 

 

aytwhitn

 

 

 

And after changing some of them to numerical you get:

 

 

 

4ytwh1tn

 

 

 

And I think generating passwords out of a sentence that only you know is an excellent form of password creation!

Real 1337 people don't need no sentences! We just memorize the whole alphanumeric symbol filled 38 character crap with one try!

C2b6gs7.png

Real 1337 people don't need no sentences! We just memorize the whole alphanumeric symbol filled 38 character crap with one try!

 

Well my brain does MD5 natively :D

Real 1337 people don't need no sentences! We just memorize the whole alphanumeric symbol filled 38 character crap with one try!

 

Well my brain does MD5 natively :D

 

Nice. :P

I used to do mine based on paragraphs out of random books or poems.

 

 

 

Take the Pledge of Allegance for example.

 

 

 

 

 

I pledge Allegance to the Flag...

 

 

 

I would use ipattf then use numbers to represent vowels.

 

 

 

3p7ttf....

 

 

 

In my visual basic apps when I password protect them, I use the date.dayofweek method + a randomly generated string of letters and numbers which I have to enter my full name, my past 3 addresses, and my parents' maiden name's in order to even access it.

wii_wheaton.png

[software Engineer] -

[Ability Bar Suggestion] - [Gaming Enthusiast]

All my passwords in otherwise secure places, like my hard drive encryption password, are combination of 20+ letters, numbers, spaces and symbols of varying cases. With a mix of actual words and nonsense. Using just words and symbols is generally a bad idea, because as said before if someone wants to they can crack it with a dictionary attack fairly quickly. Its still possible (if not probable) that even long passwords like mine can be cracked in a reasonable amount of time by the likes of the NSA, but there is not very many people out there with a budget of 10 billion dollars a year doing nothing but building computers to break passwords.

 

 

 

Some passwords you should not bother making long however, because there is security holes in the program that let you gain access easily anyway. For instance, a standard windows password can be cracked in a matter of minutes no matter how long it is.

I only use one passwords for everything, and it's:

 

pass

 

 

 

Naw, but I do use a long combination of letters, numbers, and other characters ({"£$%@~})

 

 

 

If it's for something I don't care to loose, then it's a simple 8 digit sequence.

 

(Gets typed in nice and quick with a beloved numpad :))

 

 

 

Regards

 

- Nucking.

I used to use something simple such as a pet name or birth date. Now, I use a random password generator for all my passwords. <3:

j0xPu5R.png

http://hackosis.com/projects/bfcalc/bfcalc.php

 

Work out how long it would take to Brute Force your password.

 

 

 

I got

 

"Your password is 34 characters long and has 20,172,372,640,422,815,101,100,739,205,390,654,115,376,267,264 combinations.

 

It takes 73,386,664,154,614,900,693,925,807,737,798,656.00 hours or 3,057,777,673,108,954,195,580,241,989,074,944.00 days to crack your password on computer that tries 137,438,953,472 passwords per hour."

 

 

 

Brute force wont work on remote systems because any sys admin with have a clue knows to deactivate the account being targeted or enforce some sort of time lockout. My 34 char pass is an encryption key. My tipit and runescape passwords are far far simpler, because I don't regard them as important enough to require over the top measures.

 

 

 

Most of my passwords are alpha-numeric I take snippets of already existing passwords and rearrange them. So if someone got one of my passwords they might have 20% of another password but unless they know where that 20% belongs to or were in the password it is. They are not going to get anywhere with it. Allot of websites I don't set passwords for I just stay logged in and have to do password recovery if I do get logged out.

 

 

 

Passwords, are a skill and it takes time for someone to build up a collection of secure passwords.

~Dan64Au

Since 27 Aug 2002

Enough letters and numbers to frustrate a brute-forcer & make him give up. Not extensively long like some examples here; Be realistic; Nobody with the capacity will *actually* try to steal a casual user's pass with 50 letters. According to that site my pass would take 2 years to crack which is fine by me.

 

 

 

My pass usually has only 6 to 8 letters combined with some numbers but during about 10 years online I've never lost control of any account or had someone steal the pass.

 

 

 

It's equally important to have quick & smooth access to services as is the pass security... I find huge passwords to fight against it's own purpose. Having over 30-50 letters in a password is being paranoid & unrealistic.

 

 

 

Passwords, are a skill and it takes time for someone to build up a collection of secure passwords.

 

 

 

If you actually *need* to protect crucial files, you wont even "make up" a password. To prevent brute force access, companies use randomly seeded cryptographic passwords that rotate at random time intervals, if you're not in the office at the main computer and access it with the employee's magnetic strip card, you can't get the current password which lasts for a few minutes.

Secure ones, which are long and use a variety of characters. And I make sure they aren't stored in plaintext.

draciontheman.png

 

"In the beginning, the universe was created. This has made a lot of people very angry and been widely regarded as a bad move."

According to that site, it would take approximately 8 years to crack my password.

j0xPu5R.png

Enough letters and numbers to frustrate a brute-forcer & make him give up. Not extensively long like some examples here; Be realistic; Nobody with the capacity will *actually* try to steal a casual user's pass with 50 letters. According to that site my pass would take 2 years to crack which is fine by me.

 

 

 

My pass usually has only 6 to 8 letters combined with some numbers but during about 10 years online I've never lost control of any account or had someone steal the pass.

 

 

 

It's equally important to have quick & smooth access to services as is the pass security... I find huge passwords to fight against it's own purpose. Having over 30-50 letters in a password is being paranoid & unrealistic.

 

 

 

Passwords, are a skill and it takes time for someone to build up a collection of secure passwords.

 

 

 

If you actually *need* to protect crucial files, you wont even "make up" a password. To prevent brute force access, companies use randomly seeded cryptographic passwords that rotate at random time intervals, if you're not in the office at the main computer and access it with the employee's magnetic strip card, you can't get the current password which lasts for a few minutes.

 

 

 

Ive always been a fan of the onetime pass, where the password changes every 30 seconds.

 

However that only works with remote systems and is not an option for encrypted drives.

 

 

 

I recommend https://www.grc.com/passwords.htm some parts of my passwords are built from there.

~Dan64Au

Since 27 Aug 2002

Create an account or sign in to comment

Important Information

By using this site, you agree to our Terms of Use.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.