GG, Ah, you mean obsolete in the sense that they will no longer be useful as a security barrier... Too easy to crack.

I find myself unable to imagine another option which will offer secure (ie. private) information storage.

We could get ridiculously obscure and complex in trying to make something too difficult to unlock. At what point do we reach the point of no privacy? That's if we aren't there already...

Scary thought time... If we are no longer able to keep a secret... well, secret, then how will that change us a human beings?

And this thread started as a recommendation on how to lock down your browser... I love thread drift

A true quantum computer will be able to apply thousands, hundreds of thousands, millions or hundreds of million passwords at the same time, settling into the minimal energy quantum solution state containing the actual password. They are not serial processors like the ones we are presently using. They aren't even parallel processing like today's "super" computers that have hundreds of thousands of cores. A bit in those computers can be EITHER a zero or a one, but not both at the same time. A qubit can be both at the same time. In 1994 mathematician Peter Shor hit upon a killer app: a quantum algorithm that could find the prime factors of massive numbers, i.e., the kinds of numbers used for encryption algorithms. It has been estimated that a 2,048 bit RSA key can be broken in seconds by a quantum computer with 10,000 qubits. D-Wave 2X has, IIRC, 2,048 qubits, but it is not a true quantum computer. Some say it isn't even a quantum computer at all, just a fast classical computer. I've read that the Chinese are closer to a true quantum computer than anyone else.

whatthefunk;

I've never trusted password managers because they store the encrypted passwords on my harddrive, which means they can be stolen and subjected to decryption. Sure, it is at least 512bit encryption, but that doesn't make it secure, just very costly to crack.

And no, I don't store the secrets to antigravity or longevity on my systems... So I'm not a likely target, but somebody else might be...

The password would be hashed and then the hash would be stored in a database table. Because the hash algorithm would always create the same hash from a password, it would be easy to compare hashes to find out if a password was unique.

I use auto-generated 30 character long random passwords and keep them in a password manager like KeePass.

Rotfl

Dave: "Open the pod bay doors, HAL"
HAL: "I'm sorry, Dave. I'm afraid I can't do that."
Dave: "What's the problem?"
HAL: "I think you know what the problem is just as well as I do."
Dave: "What are you talking about, HAL?"
HAL: "Your password is too weak for you to continue."

Is that because the computer will make your choices for you? Or because it will use some new security feature? Perhaps each computer will have a truly unique ID embedded in the hardware (scary thought)...

HAL: "What are you going Dave?"

IF a true quantum computer is ever made it is claimed that passwords would become obsolete.

Dictionary attacks get exponentially harder when more than one words are used. for example, in a language with around 150000 words in a common dictionary, the number of possible combinations for four words is roughly 5 00000 00000 00000 00000 (equivalent of about 12 character length random alphanumeric password)...there are certainly a lot of easier targets out there.

Of course it gets even harder if you also use some capitalization, punctuation or special chars between words (or within words).

I hope you at least obfuscate that list through something like Google(r) Translate, before printing it to paper? Oh, wait, that would put the whole list into the Google(r) database, not a good idea, forget I mentioned it.

I do something similar, but I also have three double sided pages of passwords printed out which I consult often because regardless of how "simple" I make my passwords I still can't remember them.

oshunluver; You're correct.

Another way to generate a password is to pick a phrase which you will remember, for example "My Grandmother Went To Church In Tennis Shoes" and create the password using the Initial letter of each word AND change "to" to "2", ie: "mgw2cits".

It can be any arbitrary length, with longer being better. Other characters and mixed case can (should) be inserted to further randomize the password and still be something which can be remembered without writing it down. "m*G-w2Cits"

If you're really a geek, you can convert them to ascii binary, but I would have trouble getting that right every time I used it.

At some point, the dumb user says to heck with it and uses a bonehead simple password. Those people are called "targets".

I really hope that I'm "preaching to the choir" here and most people on this forum already know these things, For those who are new to the topic, perhaps this will help you pick your passwords with care.

Yes, technically, it should be possible, however...

In a real life situation (not a joke like this one), the bank should never acknowledge that a submitted password already exists, that breaks security and makes it easier to break their security. In this hypothetical case (joke), all I would need to do is find the account name which matches the password. Admittedly that is not easy, but a malefactor would be half way there after being told that a password already is in the system.

That is why many worms will use a list of those common passwords and do an attack by trying all of the passwords on the list in a attempt to find someone dumb enough to use a common password.

I used "qwertyuiop" as a joke because it is one of the most common passwords being used, along with "123456", 'password" and similar bonehead simple passwords.

Not preaching, just clarifying for future "newbies" on the forum.

Only the former makes any sense. They wouldn't compare users' passwords as they would be encrypted as they are stored anyway, wouldn't they be? I would expect a bank to use a high level of caution. i bet they have a list of "dumb" passwords and/or rules that exclude "abcdefgh", "password", and other really bad ideas.

I read once long ago that the best password was four random words, but it seemed to me like a simple dictionary attack would be successful.

I take a long (8 letters or more) word that's meaningful to me, like a nickname or pet name for one of my kids. Then I substitute a couple symbols and numbers in a way I can remember, like "@" instead of "o" or "1" for "i". That way I end up with a strong password but one I can still remember at this age

Thats either really good or really bad. If they don't accept that password because its a terrible password, thats good. If they don't accept that password because another user is using it, they have questionable developers. There is no reason why two users can't have the same password.