PSA: Change all your passwords

[Blank]

In case you haven't heard of the news of Cloudbleed, go change all your passwords.  An unknown amount of people's passwords have been made vulnerable.  Accounts like Uber, Fitbit, OKC, 1password (ironically) are vulnerable.

[Laughing Hyena]

Does it apply here as well?

[Cassandra LeMay]

Does it apply here as well?

I suspect not. Elliquiy staff are usually on top of things like that and I think we would have had an official announcement about it by now, if E were in danger.

[Vekseid]

I was personally pestered by Cloudflare's peoples when they were just getting started, but no, we don't use Cloudflare.

[aouser626]

A simple tip for people who are interested in memorizing somewhat complex passwords, is to utilize algorithms, this is basically the basis for the fields of, for example, cryptography.

The simplest encryption algorithms could just be a single shift, for example, googlepassword would become hpphmfqbttxpse. The alphabetical frequency distribution function still follows, however, to a very, very severely limited extent due to the limited number of letters, however, most simple brute force techniques targeted at the average person's password does not test for everysingle shift possibilities.

To make it more secure, make sure that your encryption algorithm, is an algorithm, that is, a series of steps. Thus, it becomes less uniform. For example, for each even numbered letter, change them into a capital letter: hPpHmFgBtTxPsE

Then, for each 3n numbered letter, choose the number for which they are associated with in the alphabet from 1 - 26: hP15Hm6gB19Tx15sE

And continue however you want. Of course, this may not be the most practical in speed when you're sitting there counting, however, that is the tradeoff for security, or, this could be your complex password for your password vault. And, keep in mind that passwords for specific accounts may have a maximum character limit of 16.

[midnightblack]

xkcd had a memorable one on this topic.  ::)

[aouser626]

Using www.passwordmeter.com (note, the connection is not secure, so don't type in your own password, only tests), the initial sequence yields 100%, while the 4 word sequence yields 25%.

From the entropy calculation:
log2[(10+26+26+33)^11] = 72.268...
Approximation: (2^72.268)/1000 ≈ 6.6*10^(13) days
-
-
log2[(171,476)^4] = 69.55

171,476 is the total number of words contained within the The Second Edition of the 20-volume Oxford English Dictionary.

The cartoon is indeed correct that if the entropy is as: 2^28, whereby (2^28)/1000 ≈ 3.1 days

However, I do not know how he/she arrived on such conclusion, and thus, I would only suggest that the attack algorithm is such that the entropy calculation from each character of the first sequence is not considered from 1/(10 + 26 + 26 + 33).

10 number of numbers
26 number of lowercase alphabetical letters
26 number of uppercase alphabetical letters
33 number of symbols

[aouser626]

CORRECTIONS:

The initial sequence yields 75%, sorry for my mistake.

[aouser626]

CORRECTIONS
I am very, very sorry, as I am unable to edit, and I do not want to mislead or confuse.

The reason why 1/171,476 is considered is because of dictionary attacks. So instead of considering the letters, I decided to consider the words as I believe was the author's intention. The cartoon is very unclear to me, as I do not understand the attack method, and am sorry for any potential confusions.

[AmberStarfire]

Or you could write it down in a notebook and guard it with your life. :D

I remember when I was studying web design a few years ago, we had some reason to be on this web site that had the most common passwords converted into MD5, and that was like the list of passwords you shouldn't use ever if you have common sense. Usually the annoying jumble of alphanumeric characters and symbols are a safe bet to use.

[Hunter]

You should regularly change all your passwords anyways, something that I do that at least once a year.   I'm also a big fan of using Ccleaner often and an updated anti-virus.