Verified:

Cerberus Game profile

Member
EE Patron
3849

Oct 19th 2012, 6:28:44

During a recent password audit by Google,
it was found that a blonde was using the following password:

"MickeyMinniePlutoHueyLouieDeweyDonaldGoofyMelbourne"

When asked why she had such a long password, she rolled her eyes and said:

"Hello! It has to be at least 8 characters
long and include at least one capital."
I don't need anger management, people need to stop pissing me off!

Dibs Ludicrous Game profile

Member
6702

Oct 19th 2012, 8:50:41

nice to know that Google can read encrypted passwords. :-P
There are no messages in your Inbox.
Elvis has left the building.

MrX Game profile

Member
265

Oct 20th 2012, 0:25:16

hmm.

its not really safe in internet..
but for that case, gives a lil tickling joke...

but again, Melbourne is not a capital i guess.. :)

edit: is this really a google password audit or a blonde iq test?
________
Join LaF { http://www.boxcarhosting.com/...pplication.php?clanID=LaF }
-+=[ Semper Paratus et Fidelis ] http://www.lafamiglia.org {iCQ: 168700501}

archaic Game profile

Member
7014

Oct 31st 2012, 1:16:45

lol, excellent
Cheating Mod Hall of Shame: Dark Morbid, Turtle Crawler, Sov

h2orich Game profile

Member
2245

Oct 31st 2012, 6:33:38

Melbourne is not a capital.

The capital of Australia is Canberra

kean Game profile

Member
38

Oct 31st 2012, 15:32:36

BONUS !!

Gut Game profile

New Member
10

Nov 3rd 2012, 14:10:37

Actually, its far more safer to have a password oomposed of three words or numbers you can remember. Like RhinoFallWine86

SAM_DANGER Game profile

Member
1236

Nov 3rd 2012, 20:04:01

Originally posted by h2orich:
Melbourne is not a capital.

The capital of Australia is Canberra


HENCE MAKING THE BLONDE JOKE EVEN FUNNIER!


Fooglmog Game profile

Member
1149

Nov 3rd 2012, 21:25:12

Originally posted by Gut:
Actually, its far more safer to have a password oomposed of three words or numbers you can remember. Like RhinoFallWine86


No it's not.

It's a safe assumption that the vast majority of people will choose words from their own language, and that this language is not difficult to determine. In my case, English.

There's right around 200,000 words in English... but most people's working vocabularies are between 5,000 and 6,000 words. Since the whole point of choosing words is to make them easier to remember, it seems reasonable to assume that the words will have to come out of this working vocabulary.

6,000^3 = 216,000,000,000 possibilities.

With a number included (let's say anywhere from 1-100 since yours was 86), 216,000,000,000 * 100 = 21,600,000,000,000 possibilities.

But, of course, we can't assume placement of the number, it could be at the beginning or between words too, so 21,600,000,000,000 * 4 = 86,400,000,000,000

Now, for comparison, a randomly generated 8 character password has 26 letters, 10 digits, and 32 special characters to choose from (I just counted the characters I can get on my standard qwerty keyboard with one key stroke, or shift+1 key stroke).

That's 68 characters.

The standard length of a password is 8 characters.

68^8 = 457,163,239,653,376 possibilities.

This means that a standard 8 character random password is right around 5 times as secure as your suggestion. Of course, no one suggests 8 character password, the most common suggestion for anyone security minded is a 12 character random password.

68^12 = 9.775*10^21

That's a little over 100,000x as many options as your method.

-Fooglmog
Guy with no clue.

SAM_DANGER Game profile

Member
1236

Nov 3rd 2012, 22:12:31

Originally posted by Fooglmog:
Originally posted by Gut:
Actually, its far more safer to have a password oomposed of three words or numbers you can remember. Like RhinoFallWine86


No it's not.

It's a safe assumption that the vast majority of people will choose words from their own language, and that this language is not difficult to determine. In my case, English.

There's right around 200,000 words in English... but most people's working vocabularies are between 5,000 and 6,000 words. Since the whole point of choosing words is to make them easier to remember, it seems reasonable to assume that the words will have to come out of this working vocabulary.

6,000^3 = 216,000,000,000 possibilities.

With a number included (let's say anywhere from 1-100 since yours was 86), 216,000,000,000 * 100 = 21,600,000,000,000 possibilities.

But, of course, we can't assume placement of the number, it could be at the beginning or between words too, so 21,600,000,000,000 * 4 = 86,400,000,000,000

Now, for comparison, a randomly generated 8 character password has 26 letters, 10 digits, and 32 special characters to choose from (I just counted the characters I can get on my standard qwerty keyboard with one key stroke, or shift+1 key stroke).

That's 68 characters.

The standard length of a password is 8 characters.

68^8 = 457,163,239,653,376 possibilities.

This means that a standard 8 character random password is right around 5 times as secure as your suggestion. Of course, no one suggests 8 character password, the most common suggestion for anyone security minded is a 12 character random password.

68^12 = 9.775*10^21

That's a little over 100,000x as many options as your method.

-Fooglmog
Guy with no clue.


I KNOW! HILARIOUS, ISN'T IT? I MEAN... CHARACTERS! HAHA! CAPITAL! ROFL!

AH, BLONDES.

martian Game profile

Game Moderator
Mod Boss
7841

Nov 12th 2012, 19:44:21

@fooglemog: xkcd would disagree with you:P

http://xkcd.com/936/
just string more words together. Easier to remember:p
you are all special in the eyes of fluff
(|(|
( ._.) -----)-->
(_(' )(' )

RUN IT IS A KILLER BUNNY!!!

Gut Game profile

New Member
10

Nov 12th 2012, 20:25:41

Originally posted by martian:
@fooglemog: xkcd would disagree with you:P

http://xkcd.com/936/
just string more words together. Easier to remember:p


Ty martian. Precisely the point (and source) I was referencing!

Gut Game profile

New Member
10

Nov 12th 2012, 20:31:38

While we are on the subject of security and cracking...

Even Google was hacked.

http://www.businessinsider.com/...f-a-job-interview-2012-10

Fooglmog Game profile

Member
1149

Nov 13th 2012, 5:39:40

xkcd's suggestion is just an incremental step, and it has one fatal flaw which Gut so poignantly demonstrated here.

Going from "troubador" to "Tr0ub4dor&3" was one incremental step. Going from "Tr0ub4dor&3" to "correcthorsebatterystaple" may be the next. But a series of random characters will always be the most secure option.

This becomes especially so when people don't understand the concepts involved. Instead of suggesting the 4 common words of the comic, which is more secure than "Tr0ub4dor&3", Gut suggested 3 words plus a number. It turns out, that this method is actually within only a couple layers of entropy of the original "Tr0ub4dor&3" method.

I don't know why Gut did this (maybe he thought adding a number would make it better?), but the point is he did -- presumably without realizing he was sacrificing the supposed improvement in security. This is going to be an on-going concern with this method... I'd expect a majority of people forced to adopt it wouldn't be able to resist making their words into a phrase; "bobhateshisjob", for example.

Now, I don't really think everyone ought to understand the underlying concepts. But this is why a method which is as mistake-proof as possible is best. 8-12 random characters is fairly unambiguous... either you do it (and get the security benefit) or don't (and don't). But you don't get people trying to find ways to improve on the security and make it worse (like Gut did) or try to be clever while still thinking they're within the "rules".

-Fooglmog
Guy with no clue.

Grackus01 Game profile

Member
55

Nov 20th 2012, 7:10:03

Good old blonde jokes.

legionx Game profile

Member
52

Dec 1st 2012, 5:05:56

Lol

whyseeyellow Game profile

Member
51

Feb 14th 2013, 14:51:47

My friend once used a 24-letter chemical name

downsay2

Member
95

Feb 18th 2013, 17:08:55

lovely

Serpentor Game profile

Member
2800

Mar 2nd 2013, 4:44:39

Originally posted by Fooglmog:
Originally posted by Gut:
Actually, its far more safer to have a password oomposed of three words or numbers you can remember. Like RhinoFallWine86


No it's not.

It's a safe assumption that the vast majority of people will choose words from their own language, and that this language is not difficult to determine. In my case, English.

There's right around 200,000 words in English... but most people's working vocabularies are between 5,000 and 6,000 words. Since the whole point of choosing words is to make them easier to remember, it seems reasonable to assume that the words will have to come out of this working vocabulary.

6,000^3 = 216,000,000,000 possibilities.

With a number included (let's say anywhere from 1-100 since yours was 86), 216,000,000,000 * 100 = 21,600,000,000,000 possibilities.

But, of course, we can't assume placement of the number, it could be at the beginning or between words too, so 21,600,000,000,000 * 4 = 86,400,000,000,000

Now, for comparison, a randomly generated 8 character password has 26 letters, 10 digits, and 32 special characters to choose from (I just counted the characters I can get on my standard qwerty keyboard with one key stroke, or shift+1 key stroke).

That's 68 characters.

The standard length of a password is 8 characters.

68^8 = 457,163,239,653,376 possibilities.

This means that a standard 8 character random password is right around 5 times as secure as your suggestion. Of course, no one suggests 8 character password, the most common suggestion for anyone security minded is a 12 character random password.

68^12 = 9.775*10^21

That's a little over 100,000x as many options as your method.

-Fooglmog
Guy with no clue.


Not only a blonde test, but a nerd test too it seems. Hehe
The EEVIL Empire

flgatorboy89 Game profile

Member
1620

Apr 20th 2013, 22:44:58

true serpentor
Jon
ZT, SoL


<jon> off to bed fluffbeater :p
<mrford> i dont beat fluffs
<mrford> i eat them
<mrford> gosh
<jon> well, fluffeater
<Kat> oookay....

stupidasamofo Game profile

Member
24

May 14th 2013, 0:40:45

lol nice joke should have left it @ that without all the tech(impressive formula by the way Fooglmog). also Canberra is known to most as the capital(cause it is) but most ozzies like myself think Canberra is more of a parliament capital and Melbourne as our capital mayb this is where ppl get the common misconception :)

mikie3ars Game profile

Member
15

May 21st 2013, 13:29:27

Grau random words have worked well for me. 16 charcters

ducko

Member
63

Aug 8th 2013, 17:35:52

bonus

Cerberus Game profile

Member
EE Patron
3849

Oct 21st 2013, 22:08:50

Geez, ducko resurrected this thread. LOL Necrophiliac!
I don't need anger management, people need to stop pissing me off!