Text only | Text with Images

Motorcycle Racing Forum

Non-Motorcycle stuff => Safe for work => Topic started by: Biketographer on January 25, 2026, 07:37:28 AM

Title: Passwords - how good are they ?
Post by: Biketographer on January 25, 2026, 07:37:28 AM
Very informative analysis of passwords and a lot of information on how they are 'guessed.'
https://www.hivesystems.com/blog/are-your-passwords-in-the-green

#1 thing is never re-use a password on any other site or software. 

What I question a great deal about this Hivesystems.com article is that they do not mention the log-in rate limit.  You have likely experienced the "too many login attempts: locked out for 10 minutes" because, hey, our fingers do not always hit the keys we intended.  So the hacking computers can not really try hundreds of times per second.

I worked one place that implemented new password policy.  It was the stupidest in the world.  We had to create a new password every 14 days, even if you were on a 21 day vacation.  They required all the stupid uppercase/lowercase/special-character/numbers rules and the worst part it could not contain a word in the English dictionary.  

So how did most of the employees deal with it?  They wrote the passcode on a post-it note and stuck it to the monitor.  I swear, I walked around the cubicles and half of them had the post-it note in plain view.

There are 175,000 words in the English dictionary on my shelf.  Use three words (that do not make a sentence or recognizable phrase) and you have 175,000 x 175,000 x 175,000 possibilities;  that is 5,359,375,000,000,000 possible combinations, even if you used all lowercase letters.  Use four English language words increases that to 937,890,625,000,000,000,000 possible word combinations.  And that's if you TOLD them you used four English language words and all lower-case letters.

Most of the "hacking" that I have heard about is due to re-used passwords.  Think about it, how many websites etc, want your username to be your email address?  Most!  When a database is breached, the bad people's computers just start trying your email address and that password 'everywhere.'

Some sites, including this one, allow your username to be different from your log-in name.  So the hacking computers might be trying your username and would still be unaware of your log-in name.

Do you use a 'password manager' program?  I never will.  Someday some machine will find a way into password managers.  When they do, they will have ALL of your passwords and logins.

Now I would like to say what I believe is your most important passwords;  your email password !  Seems like every website,etc, has a 'reset password' function and they work by sending a link to your email.  So when, someday, the hacking industry gets your email address (it is everywhere) and your email password, it will be only a matter of minutes that they have changed all your passwords.

Your thoughts ?
Text only | Text with Images