this post was submitted on 19 Dec 2023
1013 points (99.1% liked)

xkcd

9487 readers
147 users here now

A community for a webcomic of romance, sarcasm, math, and language.

founded 2 years ago
MODERATORS
koraro
1013
xkcd #2869: Puzzles (imgs.xkcd.com)
submitted 1 year ago by randomaccount43543 to c/xkcd
114 comments fedilink hide all child comments
 

https://xkcd.com/2869

Alt text:

Why couldn't the amulet have been hidden by Aunt Alice, who understands modern key exchange algorithms?

you are viewing a single comment's thread
view the rest of the comments
[–] Evotech 35 points 1 year ago (15 children)

Password guessing is always like that in popular media too. Oh he loved houses so his pw is obviously "Stallion"

Uhm no, it was probably zkl+7+:$(89?

[–] Maggoty 12 points 1 year ago* (last edited 1 year ago) (9 children)

Well. Cyber security professionals wish it were that way. Instead it's usually 1234 or their kid's birthday or some shit. Having a connection in your mind between houses and horses and then using that to remember something like Green4Stallion8 would actually be more secure than most people's passwords. It's even more better if you can remember a nonsense word that phonetically matches and change up the capital like, kreeN4stauLion8.

Of course most people don't need to worry about social hacking. Black hats aren't going through random social media profiles when they have millions of password and email combinations they ripped from a few websites. So unless you're the CEO of LifeLock or dealing with abusive family the above password would totally work even if everyone around you knew you loved Horse Cottages.

Just don't forget to change it in 30 days...

[–] [email protected] 5 points 1 year ago (2 children)

Ironically only the passwords I'm forced to change frequently (i.e. my work password) are something simple and easy to type. All of my personal passwords are like 40 characters of gibberish my password manager invented and the password to that is similar to the xkcd batteryhorsestaple and is changed from time to time as well.

But my work doesn't allow password managers, so I just have a rolling window of like 12 passwords since that's their history limit.

[–] LwL 3 points 1 year ago* (last edited 1 year ago)

Yes, password expiry is generally considered bad practice and should only be triggered on demand if there's suspicion of a security breach, precisely because it's much more likely to lead to simple, less secure passwords. And when users change it, they will probably just add a number or something anyway, so it's not going to stop a determined attacker from finding the new pw regardless.

Which doesn't stop a ton of organizations from requiring it anyway.

load more comments (1 replies)
load more comments (7 replies)
load more comments (12 replies)