Tag: passwords

PINs & Passwords

PINs and passwords are integral to first world life. Friends and I discussed how we manage our passwords and PINs. All that caused me to think and smile.

There’s an article out there about ‘things our children wouldn’t know about’ because whatever it was is now obsolete. Telephone party lines, rolodexes, TV ‘rabbit ears’ and outdoor antennas, carbon copy or carbon paper, and those sort of things. I was thinking of the reverse mode, and how astonished our children might be that we had no PINs and passwords when I was growing up in the 1950s to mid-1970s. We never had to figure out and remember a magical combination of letters, numbers and ‘special characters’ to get in and out of our online accounts. Number one, we didn’t have online accounts. We lacked the Internet and home computers. Now, there’s a PIN to learn to use a bathroom. Another PIN to access my voice mail. A different PIN to use my credit card, depending on the card reader, and to withdraw money.

I wonder, though, how many years it’ll be until the next generation is amused with our tales of PINs & Passwords and our explanations for how they were used.

4

The Password Shuffle

An email arrived. Tricare4U received and processed a recent claim.

Uh oh.

I expect to have a bout of acute passworditis soon.

Many Americans suffer from passworditis. The condition is brought on by websites not accepting passwords despite meeting all their stated requirements. Symptoms may include deep depression, a desire to drink heavily, incoherent screaming and swearing, high blood pressure, and a feeling of deep exhaustion accompanied by a temptation to go to bed and pull the covers over your head.

I also sometimes expire these symptoms of passworditis while using WordPress, but that’s about ‘features’ which act in capricious ways.

Tricare4U is part of the Defense Department’s healthcare labyrinth. I’ve been using Tricare variations since 1995, when I retired from the Air Force. Dealing with any Tricare issue is rarely fun and never easy. Logging on is usually the worse part. This is done through DS Log On.

As my friend Jill would say, GRRRRRRRRRRRRRRRRRRRRRRRRRRRR.

The passwords expire every 60 days. Installing a new one is a pain from hell. They have nine requirements. All are reasonable requirements. My new password meets all nine requirements. I know that because all nine requirements begin in red. As you fulfill one, it turns green. .

I must fill it into the new password box. Everything is green.

Then I add it again to confirm the password. These again show colors when it all works.

Despite everything showing as green, i.e., good to go, the submit button to complete the password change won’t come up. I stall out at that point every friggin’ time.

I used three different browsers.

Closed all windows and rebooted my computer.

Cleared my cache.

I have made twelve attempts in sixty-five minutes. I remain mired in password hell.

GRRRRRRRRRRRRRRRRRRRRRR.

I’m shutting it down for now. More coffee is required before I try again. All this to see what they say about my claim. Will I owe? What obtuse reasoning will they use?

Sigh. Not a fun beginning to my Twosda. It’s not good for my health. Ironic?

Don’t ask me.

6

The Password Is

It was a fascinating read about Passwords, with many intriguing links.

First, it shouldn’t surprise anyone, but people wanting to crack passwords study passwords. They buy up databases of stolen passwords, and when possible, link them to their owners, and then use the information they’ve gained to look up the owner on the Internet and social media to learn what they can. They’re not targeting these people to hack them; they’re targeting them to understand demographic patterns.

Second, people continue to use words or personal information as passwords. Cracker programs and applications have databases that automatically look for words first. Match and done, cracked. Naturally, they also look for names.

from Mark Burnett, xato.net, via https://wpengine.com/unmasked/

Third, more scary, but not surprising, is that password crackers are also including the “Leet” (or 1337) methodology so many employ. It isn’t surprising, because it’s commonly known and used (because it’s been around for a long time), so of course anyone trying to crack passwords will include that information in their processing.

Fourth, the thinking behind websites and applications about how password strength and password entropy is weighed varies. Zxcvbn (recognize the pattern?) in a remarkable post compared multiple sites and gave the results for the same passwords. Intriguing.

Returning to the Unmasked article, they also used Full Contact’s Person’s API to go through seventy eight thousand passwords to find rich and famous people. From that, they selected forty passwords that were matched to see if they could be cracked, and how long it took.

Most were too easily unmasked. That’s one thing to remember: if you’re targeted, your password can probably be cracked, but it’ll take time. Thieves typically aren’t targeting most of us because we’re not notable or wealthy. So taking the time to create challenging passwords can help remove you from the list of low hanging fruit. That’s the same reason for frequently changing passwords. Yes, it is all a pain. It’s also why you shouldn’t use the same password — or easy variations — on multiple accounts.

A Github developer, whose password had an entropy of ninety-six, was hardest to crack.

 

 

0

Blog at WordPress.com.

Up ↑