!!! PASSWORD TOO WEAK !!! - your password must contains upper and lowercase characters, digits and symbols except not a hyphen for some fucking reason, and no characters you’ve ever used in past passwords and no digits that are in your postal code, data of birth, or shoe size. Zalgo text is acceptable.
Just add one to the number each time.
I’m on “[passwordiveusedforyears]22!” at work.
For otherwebsites I’m on things like “[passwordIveusedforyears][websitename]!”
Proper 2FA is secure enough for most people to keep using the same password so long as it hasn’t been compromised. And a few things, like work passwords, email passwords, and bank passwords should be unique to thaspecific account.
Really, the biggest security hole is requiring logins for fucking everything. That’s why there’s a million password leaks. Why does a news website need me to sign in? Why do I need an account and password to order a pizza that I’m gonna pay for in-person?
For everybody commenting on passwords manager, I’ve been using one for years now and I feel this so bad. My company has a password policy of changing the LAPTOP’s password every 8 weeks and you can’t reuse any of the last 10 passwords used. I hate it because I can’t use a password manager to unlock my laptop and I’m so used to password managers by now that it’s getting really hard to come up with new passwords that follow the stupid requirements and even worse remembering them. I’m veeeery close to just start noting them down in a notebook by my machine and then send a picture to our security guy to show him where he has gotten us all to
Just use KeepAssXC.
If you don’t want to use a password manager it’s not that hard to create long passwords. Just create a nonsense sentence with a misspelling with a character between each word and add some obscure personal info that isn’t directly linked to you, like a phone number of an old childhood friend or pizza place you used to call often when you were young so it’s easy to remember but not info another person can find about you. Then add a special character.
Like:
Wideo1Pasta1Is1The1Grawy1555-22334!!!
And in six weeks… It’s time to change your password! No repeats.
Here’s what you do: Generate long random string, for example: P5edM5Ce0SGE0rOr9k&#T*wG@d$ogqyBTk2@%dmO@2akbm!b5p!bH8w7Ei7gPSIR1Er&hab3ae@0odk3h76Ka48kYtXrsburM$7rf^vPRwXz1s5guO&$PZz3@w
Memorize it.
For each site just choose a number and select 16 characters starting at this number.
Remember which page uses what number. E.g. google = 32 -> &#T*wG@d$og^qyBTk2
Done. You don’t have to remember any more passwords for the rest of your life.
Hmm… if a bunch of matchsticks fall on the floor, do you immediately know how many there are? If you do, I may have some news for you 🤣
Only if it’s less than 5.
i’m sorry memorise that? i’d rather get hacked
Security is not easy.
It is. Use a password manager.
Me too but I’m halfway through memorizing 128 random chars and then bye bye Bitwarden.
Get a password manager. It’s a lot more secure and easier to only have to remember one strong main password and have the rest randomly generated
FWIW, LastPass is bullshit. DYOR, and stay safe, citizens!
Also, it could be taken as a positive that BitWarden is the example Wikipedia uses to define password strength. 🤌🏼
Randomly generate your master password too. It takes a bit to memorize, but becomes muscle memory pretty quickly. And since random passwords have the highest possible entropy per character you can use a shortish one, which allows for fast typing while still being impossible to brute force (I use 16 chars).
Both Bitwarden and 1Password can also generate passphrases with high entropy that are much easier to memorize and enter. I use that for my master password.
There’s a xkcd for that of course! Linking directly to the explain as it has more info but the important thing is: password guidelines tricked humans into thinking in a machine way about safe passwords but long pass phrases are more secure from an entropy point of view and way easier to remember!
https://www.explainxkcd.com/wiki/index.php/936:_Password_Strength
The xkcd-suggested passwords have 44 bits of entropy. Assuming a weak hash like SHA1, a single 4090 could crack such a password in under 10 minutes (source).
My 16 character password, with 70 symbols per character, has log₂70 * 16 ≈ 98 bits of entropy. That corresponds to a cracking time of over 200 billion years with the same parameters.
xkcd’s password system is quite terrible for security. Its only advantage is that it’s relatively secure for how easy it is to remember. If you’re someone who really struggles to remember passwords and would otherwise use something even weaker, go for it, but if you want security then random characters are the way to go.
Take a sentence with 200 characters then.
And your opinion is exactly that and doesnt match security research:
For the following you’re not the target group but others reading this who might want to make their lifes easier. Just from your way of writing I at least don’t expect that minor sources like okta or the NCSC will change your mind.
( article links with high level descriptions and links to their primary sources)
https://www.okta.com/identity-101/password-vs-passphrase/
https://www.4bis.com/passphrase-vs-complicated-passwords-passphrases-are-best/
https://specopssoft.com/blog/passphrase-best-practice-guide/
I’m not arguing that random passwords are better for everyone, just that they’re most secure for their length. A 9 word passphrase is just as secure as a 16 character random password, but is far longer.
A 4 word xkcd passphrase is more or less equivalent to a 7 character random password, and is secure with xkcd’s threat model (online brute force attack) but not with other threat models, like a brute force of a weak hash, which is many orders of magnitude faster.
If you’d like to verify the math:
4 word xkcd passphrase: 2048 (possible words) ^ 4 (number of words) = 44 bits of entropy ≈ 17.6 trillion possibilities.
7 word password: 70 (possible characters) ^ 7 (number of characters) ≈ 42.9 bits of entropy ≈ 8.2 trillion possibilities.
(Adding an eighth character raises the number to 576 trillion).
Once you forget it, you lose everything
I’m not prone to forgetting things, but if you are, it’s easy enough to write down and store somewhere secure like a safe deposit box. If you have people you trust, you should have a backup copy anyways so they can access your password manager if you die suddenly.
Ah yeah ok I got you covered
RasputiaSalmon87876@
There you go, real easy.
BatmanSupermanSpidermanCaptainAmerica@2025
Just 4 characters are enough. And it includes Cap.
I just started merging 3 common passwords I use through my life in chronological order. It’s a 32 letter behemoth with lowercase, uppercase, numbers, and symbols. All in random patterns.
The middle password is one that I started using 2 years ago when I wanted a new password for my new OS installation called FreeBSD at the time. It had numbers and symbols but also “Frbsd” to stand for that name.
Now when I am signing up to a new service I change that portion in the middle of the 32 letter password so “…Frbsd…” becomes “…Gthb…” or “…Dscrd…” etc.
This way even if someone finds my password for gml it won’t work for others either.
TheDoctor&CaptainJack
16 characters and a cap
Huh, I only see ****************
Captain Carter always has a password
It’s not so bad once you develop a system.
Buttliquor007!
Done.
Haha! Now I have access to your blockbuster account! You Fool!
Why do you owe $322 in late fees for the movie Waterworld with Kevin Costner?
I…admitted I had a Costner addiction in the mid 90s…but these “Block Busters” kept me locked up for years! Is it all water out there?!
Why not??
