Whenever I see a box like this, I’m not sure what to type in. I usually end up putting in some combination of my social security number, credit card number, and checking account information.
Update (25Jun08): Added OSX version below.
Search
Recent Posts
- Sketch Book 47: Female Back 2
- Morning Keys
- Sketch Book 46: Eagle
- Parallel Parking Fail
- Sketch Book 45: Female Front
Categories
- Advice (6)
- Automobiles (16)
- Blog Updates (24)
- Book Reviews (7)
- Cultural (35)
- Digital Art (6)
- Education (6)
- English Language (14)
- Gaming (11)
- Humor (33)
- Knowledge (3)
- Links (31)
- Linux (17)
- Lists (6)
- News (18)
- Photography (25)
- Political (45)
- Random Thought (23)
- Ridiculing Stupidity (51)
- Sketch Book (45)
- Small Talk (100)
- Software (43)
- Teaching (1)
- Tech-Rambling (25)
- Traditional Art (7)
- Uncategorized (1)
- Web Pages (48)
- Writing (6)
Ian,
I don’t think you should use any part of your SSN or your credit card number or your checking account number. Of course that may make it easier to remember.
I sometimes put in the year before I was born. That seems easy to remember.
Of course you could put in your initials followed by 314159… or 161…. or 1414…. That would probably be too obvious to mathematicians but mathematicians would probably think that you had done something more complicated.
Robert
Personally, I attempt logins with my mother’s maiden name, my student id and pin, and my locker combo from the YMCA. So far I’ve had a surprisingly low success rate and strangely increased incidences of my gym shorts being stolen.
Good note, John.
I’ve only twice had anything stolen at the Y:
Once, money — nothing surprising there.
Second, wet swim suit — I thought, maybe a dry swim suit but who would steal a wet one. It was one whose colors and design I really liked and there was one very similar to the stolen one at a local store. So I went out and bought it.
After these two misadventures, I just never take anything into the Y with me except my membership card and my car key….
and my shorts!
… OK — I usually do have a swim suit and a towel and a few other items.
Robert
Robert-
Personally, the way I create safe passwords for myself is by doing a binomial expansion of the Taylor serious and then pipe it through some sort of Fourier transformation heuristic where I then grab the first 10 numbers as my password. I find that this makes for a pretty safe and secure password that especially protects me from evil mathematicians.
-Robert
Robert,
I am glad to see that Ian has friends who have a sense of humor as well as having some cents of “smarts.”
Robert
Why is it that the number of comments on a post is inversely proportional to the effort I spend writing it? For the record, I’ve never based any password on my social, credit card numbers, or anything else that sensitive. Most of mine aren’t even real words or related to real words. I’m great at memorizing patterns and random numbers, so that’s what my passwords usually are. For anyone who thought otherwise: Sorry, I’m afraid that my sarcasm knows no bounds.
Robert (Podosek), that sounds like the type of weak password that a telemarketing auto-dialer can crack. You might try something more difficult to crack. For instance, instead of the common “root/root” username/password, you can easily fool all but the most 1337 crackers by using the “root/notroot” username/password combo. Then you can further strengthen the password by making it something like “007butnotroot!” and you’re pretty much invincible.
If anyone is curious, the dialog seems to come from Firefox 3 when restarting a session. I think it is related to basic HTTP authentication, but a “proper” dialog usually accompanies it, so I’m not sure. Canceling seems to have no effect.
Ian,
I never had the slightly suspicion that you were doing anything suggested in your original post.
I have never tried to hack into anything and don’t think that I want to go to all that work and effort but I always say that, if I were going to be serious about hacking, I would seek to write a program that would make the entry point believe that I had the password without actually having it. Do you think that is possible?
Robert
Robert,
Where computers are concerned, virtually everything is possible. An exploit like you are talking about is more likely to work online where cookies store login information. Essentially, you can “steal” a session by storing a cookie that validates you as logged in without having to enter the username or password. Obviously, most sites protect against this (by storing unique, identifying information in a database, plus unique information in the cookie, and limit session time, among other things), but you’d be surprised how many sites are not as secure as they should be.
Without checking any statistics, I’d guess the most common type of desktop exploit is one that seeks escalated privileges. This is one of the big problems that has plagued Windows, because most users run their system as an administrator and, prior to Vista, this largely meant that any program could access and manipulate any file. That means a vulnerability in one program can compromise the whole system instead of just that program and its associated files
But, you’re right: It’s more work that it’s worth.