Ursprünglich geschrieben von Teksura:

Ursprünglich geschrieben von BossGalaga:

That means if that password gets compromised then everything he uses it for will be "reliably" compromised.

Try three random words, capitalize the words, 2 random numbers, 2 symbols.

I like making it a phrase that includes the word "to", "too", or "for". 4-Obvious-Reasons!

The number of variants are near-limitless, but it's super easy to remember.

That doesn't make your password strong, it makes it weak. Words found in a dictionary should never be used because simple brute-forcing isn't the only tool in a bad guy's toolbox...

Ursprünglich geschrieben von Gekkibi:

Ursprünglich geschrieben von Teksura:

I like making it a phrase that includes the word "to", "too", or "for". 4-Obvious-Reasons!

The number of variants are near-limitless, but it's super easy to remember.

That doesn't make your password strong, it makes it weak. Words found in a dictionary should never be used because simple brute-forcing isn't the only tool in a bad guy's toolbox...

https://xkcd.com/936/

Ursprünglich geschrieben von Teksura:

Ursprünglich geschrieben von Gekkibi:

That doesn't make your password strong, it makes it weak. Words found in a dictionary should never be used because simple brute-forcing isn't the only tool in a bad guy's toolbox...

https://xkcd.com/936/

Well, technically[xkcd.com], anyone who quotes Xkcd isn't wrong...

Ursprünglich geschrieben von Gekkibi:

Ursprünglich geschrieben von Teksura:

https://xkcd.com/936/

Well, technically[xkcd.com], anyone who quotes Xkcd isn't wrong...

Hey, look at that weird bug!

Tell him to write it down.


He'll get used to it.

It really is that simple, it's not all that hard to do. As long as he's not trying to log on to public computers and leaving a sticky note with his password on it there, why should it matter? He doesn't have to memorize anything, just be smart.

Just use a good password manager, then you`ll only need to remember one password (for the manager).
It will remember all the other (strong) passwords you assign to each log in, you only need to set it up once, then you only need to remember a single password. It remembers the rest.
Btw, using the same `easy to remember` password on multiple sites is like using no password at all. - its pretty stupid. `easy to remember` = `easy to crack`

One password for the free open source password manager.
Thats what your friend tries to achieve, but havent used yet.
He is doing it wrong

Ursprünglich geschrieben von Gekkibi:

Ursprünglich geschrieben von Teksura:

I like making it a phrase that includes the word "to", "too", or "for". 4-Obvious-Reasons!

The number of variants are near-limitless, but it's super easy to remember.

That doesn't make your password strong, it makes it weak. Words found in a dictionary should never be used because simple brute-forcing isn't the only tool in a bad guy's toolbox...

Try to bruteforce THIS password!

(That was the password)

Ursprünglich geschrieben von Muppet among Puppets:

One password for the free open source password manager.
Thats what your friend tries to achieve, but havent used yet.
He is doing it wrong

Ursprünglich geschrieben von Gekkibi:

That doesn't make your password strong, it makes it weak. Words found in a dictionary should never be used because simple brute-forcing isn't the only tool in a bad guy's toolbox...

Try to bruteforce THIS password!

(That was the password)

No no you got to do it like this:

Try2Brute4ceTHISPassword!

Otherwise it doesn't pass checks for at least 2 numbers.

And for clarification how careless one password for everything is:
Each "site" owner knows your password!

And if the account requires an email,
they know your email and its password.


Its just mindbending to not see it. But getting angry at someone pointing it out.

Ursprünglich geschrieben von Redguard:

Ursprünglich geschrieben von Robin3sk:

That's not recommended at all.

:yinyangflip:

Who the ♥♥♥♥ are you to not recommend someone if you are not asked to?

Two things, #1, it seems everyone is forgetting one of the rules of basic security, if you make your security too strong or cumbersome to use the authorized people won't get in at all, or will circumvent the protocols(writing down passwords, using "password vaults", proping a door open, etc..) & compromise security much more than if just a simple measure was used
#2, If there's soo many of these bad passwords that MUST be changed NOW (just tried to log in & found my pw had been totally deleted, assuming it got added to the list), why keep the damn list secret?! There's no point to hiding that list other than just pissing people off & forcing them to play "whack-a-mole" with the password resetter, i'd like to see an answer from a Steam rep on this, but am not holding my breath as i'm guessing all it'd be is either a "no comment" or "we do not discuss internal security details". If this keeps up Steam & other sites are gonna find thier users per day dropping off pretty fast, either from frustration or simply the security's too strong to let anyone in.

Sorry to rant, but i'm kinda ticked off (or is that needing to be censored too?) about this

Tell him to reverse the order on the password.

Ursprünglich geschrieben von Redguard:

Ursprünglich geschrieben von Robin3sk:

That's not recommended at all.

:yinyangflip:

Who the ♥♥♥♥ are you to not recommend someone if you are not asked to?

Anyone.

Regardless Valve doesn't allow it so that's that.

And of course it's not a good password and is one with high risk even more so now since Valve doesn't allow it.

You can even use space in steam passwords. It should be easy to insert an unique password that is easy to remember.