An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Previous Thread
Next Thread
Print Thread
Page 2 of 4 1 2 3 4
Re: Cocktail and Mountain
alternaut #24316 11/27/12 07:51 PM
Joined: Dec 2009
kevs Offline OP
OP Offline

Joined: Dec 2009
thanks Artie, A , and Joe, I'm reading everything here, nothing is being ignored, will study all the links.

Re: Cocktail and Mountain
kevs #24317 11/27/12 08:02 PM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Just remember that even if you're shooting craps with Zocchihedrons, boxcars snake-eyes is gonna come up sooner or later.

Last edited by artie505; 11/27/12 08:08 PM.

The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Cocktail and Mountain
kevs #24318 11/27/12 08:51 PM
Joined: Aug 2009
Likes: 8
Offline

Joined: Aug 2009
Likes: 8
Originally Posted By: kevs
ONe thing about excel is the true user names and passwords are not listed. The user often something I memorized, and I just put "standard", and the pass often lead with some digits I've memorized with a dash and a couple of new characters. I don't think you can beat that. With those software you are supposed to put the actual uncoded user and password. what is the upside to that?


I suppose memorizing all of your passwords is the most secure method—until you forget! crazy

Some password software gives you the option to display or not display the actual password (it can be toggled off and on), but the whole point of using password software is that everything is readily accessible if the user knows the password required to decrypt the password database. One password gains access to all passwords.

While this might sound scary and high risk, this example shows how four simple words can provide more protection than some exotic multi-symbol single "word".

And as always, what we choose to do is often dictated by our personal comfort level with our choice. smile


On a Mac since 1984.
Currently: 24" M1 iMac, M2 Pro Mac mini with 27" BenQ monitor, M2 Macbook Air, MacOS 14.x; iPhones, iPods (yes, still) and iPads.
Re: Cocktail and Mountain
kevs #24323 11/28/12 02:07 AM
Joined: Aug 2009
Likes: 16
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 16
I am not an expert on Adobe's strategy for protecting their digital rights but I know that it is arcane. I am betting the two installed copies of Photoshop are both on your computer. Possibly one copy on your regular hard drive and another on a clone drive (assuming you have one), or if you have installed a new hard drive and restored Photoshop from a backup Adobe is seeing the new drive as a new machine, or Adobe thinks the Photoshop installation on your HD is on a different machine because you have upgraded your OS X version. Or some variation on one of those scenarios. I suspect a call to Adobe tech support can clear up the problem.

Hackers are generally not interested in stealing your software, they are primarily focused on obtaining items of real value such as your name, social security number, date of birth, etc. With that information they have all they need to steal your identity, open credit cards and charge accounts, take out loans, mortgage your house, and leave you holding the bag. If they can get your bank account numbers along with the other information they can withdraw all your money from the bank, max out your credit cards, and in general leave you penniless. Don't be fooled into thinking the police can or will be able to help you — they can't and won't. The police agencies that are capable of tracking and prosecuting these felons can be counted on the fingers of one hand and all too often the thief that steals your data lives and works in a country that has no extradition to the U.S. or Canada. That person then sells your data to yet another person, or persons, who then use your data to steal your money, your property, your credit rating, and your good name.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Cocktail and Mountain
joemikeb #24325 11/28/12 09:11 AM
Joined: Aug 2009
Likes: 14
Offline

Joined: Aug 2009
Likes: 14
Very well stated....short and to the point. I'll be quoting you as I keep pressing (nagging?) my daughters about the importance of using, and periodically changing, good passwords and being cautious on the internet.


ryck

"What Were Once Vices Are Now Habits" The Doobie Brothers

iMac (Retina 5K, 27", 2020), 3.8 GHz 8 Core Intel Core i7, 8GB RAM, 2667 MHz DDR4
OS Ventura 13.6.3
Canon Pixma TR 8520 Printer
Epson Perfection V500 Photo Scanner c/w VueScan software
TM on 1TB LaCie USB-C
Re: Cocktail and Mountain
kevs #24328 11/28/12 02:12 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
More from Joe Kissel (from my previous post) on the password topic: How to remember passwords (and which ones you should).


alternaut moderator
Re: Cocktail and Mountain
alternaut #24337 11/28/12 05:37 PM
Joined: Dec 2009
kevs Offline OP
OP Offline

Joined: Dec 2009
thanks love joe kissell, corresponded with him once a while back about an ebook he wrote.
Ira, I still think my coded excel file is fine — I don't think the software is needed, but I'm not closed minded.

Joe, thanks again. I concur. I do have clones of PHotoshop, and maybe the old laptop is what they think is the 2nd. I can't deactivate that now, as I deleted the whole app off it!

I chatted with Adobe for 40 min with some guy from India probably. HE said he fixed the license, but still it did not work. He said he would send a case number in 5-10 min, after the chat, but never sent it. He said to call Adobe tech. I called and it was a 5 hour wait, so I'm still battling!

Re: Cocktail and Mountain
kevs #24341 11/29/12 03:17 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1


alternaut moderator
Re: Cocktail and Mountain
alternaut #24347 12/01/12 03:26 AM
Joined: Dec 2009
kevs Offline OP
OP Offline

Joined: Dec 2009
thanks A, nice Kissel post.
He says you don't necessarily need upper/ lower/ symbols. He says if you just do a really long password with all lower case it could be great. So I thought, cool I'll test that.

So I googled for two sites.

This one says, Ijoggedtothestore is a great password, would take 8 million years for a computer to crack.
http://howsecureismypassword.net/

However,
this site does not say how long it would take a computer to crack (which is a good measure as that's how hackers crack passwords, right? ), but it says it's totally weak because it has all lowercase!
http://www.passwordmeter.com/

Re: Cocktail and Mountain
kevs #24348 12/01/12 05:52 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
By way of comparison, here's here's what OS X's "Password Assistant" says, i.e. not very strong.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Cocktail and Mountain
artie505 #24350 12/02/12 12:20 AM
Joined: Dec 2009
kevs Offline OP
OP Offline

Joined: Dec 2009
thanks Artie.
Where is password assistant? Don't see it in utilities.

So you think then that website which said it would take years... just delete that site, it's not accurate at all?

Re: Cocktail and Mountain
kevs #24351 12/02/12 12:37 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Navigate to /Apps/SysPrefs > Accounts, click on "Change Password," and click on the "key" icon adjacent to the "New Password" field to bring up Password Assistant.

I can't begin to do the math necessary to answer your second question, kevs, but I can see why a phrase such as you chose...intelligible English, all l. c. letters, and no gibberish, may be considered both strong and weak at the same time.

Personally, I'd pass on the Web site that says "strong."

Edit: Another comparison... Look what happens when you simply add a space between "I" and "jogged." (Like before, the math is beyond me.)

Last edited by artie505; 12/02/12 04:06 AM.

The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Cocktail and Mountain
artie505 #24352 12/02/12 02:11 AM
Joined: Dec 2009
kevs Offline OP
OP Offline

Joined: Dec 2009
the is crazy.
this site, which I thought you would say is more accurate:
http://www.passwordmeter.com/

give a "weak" for ijoggedtothe store with the space!

Password assistant says its stronger than the one I just made that is much harder to remember and has upper and lower case and symbols.

But thanks for showing that assistant. If apple made it, it must be on the top of the tool list for this.

So should I stay with my 10 digit that is memorized and complex or just go with a short sententce (with a space) that is easy to remember and maybe 20 characters. I could come up with many sentences that are easy to remember.

also:
Funny I just opened cocktail, do it at beginning of each month. So now I have a long secure password instead of just enter key. But do I want that to be part of the keychain?

Last edited by kevs; 12/02/12 02:29 AM.
Re: Cocktail and Mountain
artie505 #24354 12/02/12 05:21 AM
Joined: Aug 2009
Likes: 1
Offline

Joined: Aug 2009
Likes: 1
There's an XKCD about this, actually:

http://xkcd.com/936/

In essence, the all-lower-case password is in fact more secure than passwords of mixed cases, assuming the mixed-case password is shorter. Many people don't really understand password strength. It's assumed that mixed-case passwords are stronger than same-case passwords because mixed-case passwords add more variability.

But password strength can be measured in terms of 'information entropy,' the amount of randomness they contain. As a crude example, a password like 'aaaa' contains almost no entropy, whereas '3?/vdZ' contains high entropy. The greater the entropy, the harder it is to break a password, all other things being equal.

The "all other things being equal" part is important, of course. A high-entropy password that's very short is easy to crack; a low-entropy password that's 28 characters long is hard to crack. So cryptographers will talk about the number of bits of entropy a password has--that is, the total measure of possible randomness in the password. There's an equation you can use to determine the entropy in a password, which is in the Wikipedia article on the subject:

http://en.wikipedia.org/wiki/Password_strength#Entropy_as_a_measure_of_password_strength

Password evaluation systems that just look for certain criteria (like "Does it have mixed case? Does it have numbers? Does it have punctuation?") will not necessarily give the same results as evaluation systems that calculate the entropy of the password.


Photo gallery, all about me, and more: www.xeromag.com/franklin.html
Re: Cocktail and Mountain
tacit #24357 12/02/12 09:24 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Both your Wikipedia link and your explanation of how entropy enters into the password picture should help kevs understand things a bit better. (The XKCD link was posted earlier by Ira.)

You can get a bit of a "real-world" idea of how entropy works by playing around with OS X's Password Assistant and watching strength ratings change as you change length, characters used, etc, and, as opposed to kevs's linked Web sites, it's right on your own Mac.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Cocktail and Mountain
kevs #24358 12/02/12 09:29 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
You need to digest tacit's post to get a better understanding of password strength.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Cocktail and Mountain
artie505 #24359 12/02/12 04:03 PM
Joined: Dec 2009
kevs Offline OP
OP Offline

Joined: Dec 2009
thanks Artie, Tacit.

Tacit, first, that article, xkcd, I did see that before, and I get nothing from it, so sloppy kid writing, what is it trying to say?

2nd- so should I ditch my 11 digit passwords, which has upper lower case and characters and it not easy to remember in any way, and just make a sentence, with spaces, like i went to the house and bought a car. (36 characters and easy to remember)


Lastly, should I check the keyword chain box on cocktail for my long important computer password? thanks!
It would seem that latter route is better to deal with in the long run no?

Re: Cocktail and Mountain
kevs #24360 12/03/12 12:11 AM
Joined: Aug 2009
Likes: 1
Offline

Joined: Aug 2009
Likes: 1
Essentially, the quick-and-dirty simplification is that you can figure out password strength by figuring out the possible number of combinations of the password; that's one measure of the password's "entropy" and therefore its strength.

Most places want you to have a password that is at least six characters long and prefer eight characters let's look at two cases: an eight-character password with a mix of upper and lowercase letters, numbers, and punctuation, and a password that is made up of four English words that are all lower case. Which is stronger?

There are 24 letters in the English alphabet. If we count upper and lower case as different, that's 48 possible letters. There are 10 digits and let's say 28 punctuation and special characters. Each character of our eight-character password can therefore be any one of 48+10+28 symbols, for 86 possible characters that can appear. Therefore, the total number of different passwords you cam make is 8 to the 86 power, or 4x10 to the 77th power combinations. A lot, to be sure.

Now let's consider the four-word password that's all lower case. The Oxford English Dictionary currently lists about 600,000 words. Most "abridged" dictionaries list about 200,000 words. If we choose four words from an abridged dictionary, the number of password combinations is 4 to the 200,000 power combinations, many, many, many times more possible combinations than the 8-character random password! Use 4 words selected randomly from the OED and it goes up to a number so large it's thousands of orders of magnitude greater than the number of atoms in the universe.

It's important to consider, though, that complete, meaningful English sentences are far less secure. Word combinations like "heavy today spirited bellicose" aren't meaningful sentences; when you limit the combinations to meaningful English phrases, like "big red cat toy," the number of possible combinations drops dramatically. You're far better off by choosing words at random than by making passwords that are meaningful sentences or phrases.


Photo gallery, all about me, and more: www.xeromag.com/franklin.html
Re: Cocktail and Mountain
tacit #24361 12/03/12 03:40 AM
Joined: Dec 2009
kevs Offline OP
OP Offline

Joined: Dec 2009
Tacit,
I can't figure out anything are you kidding me? I need those sites/ tools.

So which of those two website would you keep? and you like apples password assistant?

Dang, so you say don't use a random sentence like iwalkedmydogtothe park yesterday.

Even though Apples password assistant, and one of those two website says it a super strong password?

Lastly, should I check the keyword chain box on cocktail for my long important computer password?

xkcd, did not get that page at all.

Re: Cocktail and Mountain
tacit #24363 12/03/12 08:42 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
1. I suspect that a large majority of users would, as opposed to searching dictionaries, simply draw on their own vocabularies to come up with their passwords, thereby severely limiting entropy (but making for more easily remembered and, of course, cracked passwords tongue ).

2. Doesn't the "three strikes and you're out" rule followed by many, if not all, (e.g.) financial Web sites means that a hacker would have to crack a password in a non-secure location, i.e. your own machine?


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Cocktail and Mountain
artie505 #24364 12/04/12 12:37 AM
Joined: Dec 2009
kevs Offline OP
OP Offline

Joined: Dec 2009
Artie, did not understand #2.

Anyone— should I check the keyword chain box on cocktail for my long important computer password?

Re: Cocktail and Mountain
artie505 #24365 12/04/12 03:02 AM
Joined: Aug 2009
Likes: 16
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 16
Originally Posted By: artie505
2. Doesn't the "three strikes and you're out" rule followed by many, if not all, (e.g.) financial Web sites means that a hacker would have to crack a password in a non-secure location, i.e. your own machine?

Do a YouTube search for "hack website" and you will find any number of tutorials on different techniques for hacking into a web site. Some of these tutorials are an hour or more in length so I didn't wade through all of them but from what I did see, "Three strikes" did not appear to be any obstacle at all.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Cocktail and Mountain
kevs #24370 12/05/12 03:51 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
Today's Diane Rehm Show on NPR discussed The Illusion Of Online Security, which you may find interesting as well as bewildering. Perhaps more importantly, you can find among the listener comments the link to Gibson Research's How big is your haystack? page. This deals with determining the time it takes a hacker to search for your password by trial and error etc., in which longer is better. That in turn tells you how best to construct passwords to suit your purposes. The approach used by Gibson complements what tacit mentioned above on the topic, and what the xkcd cartoon was all about. It may also help you understand why password strength meters/sites vary the way they do.


alternaut moderator
Re: Cocktail and Mountain
kevs #24372 12/05/12 09:24 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
in 10.7 and 10.8 it won't let you create a new account with a blank password. but it will let you change it to blank later. blank as mentioned above will not work in terminal, but works with APIs and with applescripts "using administrator privileges" clause.


I work for the Department of Redundancy Department
Re: Cocktail and Mountain
Virtual1 #24373 12/06/12 12:04 AM
Joined: Dec 2009
kevs Offline OP
OP Offline

Joined: Dec 2009
thanks Haystack link great! maybe better than those other two I found. I think that online article is reference more what happens when hackers find passwords or reset them as opposed to finding them from scratch.

Page 2 of 4 1 2 3 4

Moderated by  alternaut, dianne, dkmarsh 

Link Copied to Clipboard
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Release build 20200307)
Responsive Width:

PHP: 7.4.33 Page Time: 0.038s Queries: 65 (0.029s) Memory: 0.7120 MB (Peak: 0.8937 MB) Data Comp: Zlib Server Time: 2024-03-28 13:52:38 UTC
Valid HTML 5 and Valid CSS