How safe is encryption actually?

GDB2222

It's worth using a couple of words, some punctuation, and a date. Preferably not in that order. That's a reasonable compromise between 'possible to remember' and 'non-trivial to crack'. 

These days, any decent browser stores a password list, so you maybe don't need to remember more than one or two passwords, anyway. 

Olinda99

if you want to remember a sequence of random letters choose an obscure song or poem and use the first letter of each word

shvhaggtrougstq

(send her victorious happy and ..)

ps that is not obscure enough

k_man

Olinda99 said:

if you want to remember a sequence of random letters choose an obscure song or poem and use the first letter of each word

shvhaggtrougstq

(send her victorious happy and ..)

ps that is not obscure enough

Just make sure it indeed obscure, and not by your favourite artists, or your mobile ringtone (do people still have ringtones)

Song lyric password lists are available, by artist etc, for use in more targeted password attacks.

JustAnotherSaver

2 question time....

1) So if you're supposed to have all these 100 character passwords that can't be remembered & you're only supposed to really have 1 password that you do - the master password to your password manager

Then, at least for password managers that are online based (e.g. LastPass) & not just on your device (e.g. KeePass), how do you meet the requirements?

The amount of times per day I either need a username, password or some kind of info (think: logging in to Halifax requires more than username & password) is quite a bit.

So if my master password is memorable, therefore it is poor by default.

Yet you don't want a 100 character pass for it because you'll be there all day typing in all these random uppers, lowers, numbers & symbols.

I also suspect anything stored on your PC, unless it's not connected to the internet (but then who has one that isn't & then another that is?!) to make copying & pasting is a bad idea

But likewise so is on scraps of paper.

"oh you're taking this too far" some of you may say.

Well no I'm not. I'm taking it just as far as some of you are suggesting to take it.

So really, what's the best deal with these master passwords??

2) I can't remember what thread I asked on now but i think it got instantly bypassed. Sorry if someone answered it and I missed it.

I bought an 8TB hard drive within the past 2 week. Ironwolf 8TB. I asked why is it making a noise whenever I access anything on the drive whereas the 6TB version of the same drive was silent?

k_man said:

(do people still have ringtones)

Yes.

Because I found it incredibly irritating being in a crowd & hearing a default phone tone, thinking that's my phone going off & it was 10 other people instead. Very annoying.

So changed it to something nobody else will have.

k_man

The passwords you need to remember, still need to be strong (but can be written down somewhere safe, ideally not with LastPass written next to it).
If you use these regularly, and there are only a few, most people can remember them, even if they are long and complex (easier if phrase based).

You mentioned previously you knew your keyboard smash password (which should have been strong), the issue was reuse.

The problem is remembering lots of different ones.

2FA also helps mitigate if this password isn't quite as strong as a 100 character random one!

Also the master password doesn't need to be entered every time you want a stored password, assuming the device is secured by other means (secure location, or mobile lock etc). But should be used regularly, even if not forced, lest you forget it!

Emergency access to the password manager also mitigates a forgotten master password, but as above, if you use your manager fully (i.e for virtually all other passwords), you should be logging in often enough for it to imprinted.

JustAnotherSaver

I see the point you're making.

Though I wonder how many people would remember

shwPbTKA621/.@##aF!!3biapTAHLE92^

[Deleted User]

JustAnotherSaver said:

2) I can't remember what thread I asked on now but i think it got instantly bypassed. Sorry if someone answered it and I missed it.

I bought an 8TB hard drive within the past 2 week. Ironwolf 8TB. I asked why is it making a noise whenever I access anything on the drive whereas the 6TB version of the same drive was silent?

Yes so noise levels vary a lot even for the same brand / model - you can usually find the details on the data sheets for the drives, typically anything from 20dBA to 40dBA which is quite a difference (10 dBA difference is approx twice as loud). Your 6TB isn't silent, just much quieter.

The noise you are hearing is the "seek" in which the heads accelerate rapidly from stationary to around 20mph and stop instantly all in about 0.02 seconds. Totally normal to hear this noise but is does vary a lot between different makes / models / sizes.

Bigger and faster drives tend to make more noise than smaller slower ones. Low energy, desktop and laptop drives will be fairly quiet. Enterprise drives tend to be louder as it doesn't really matter how loud they are in a data centre - I have a Seagate EXOS which thumps away and is louder than my 4x WD reds put together.

Some drives have settings via the SMART interface to adjust the acoustics but it will slow the access times down as it will reduce the head acceleration / deceleration to cut back on the noise.

The actual mounting of the drives makes a difference, using acoustic silicon grommets can reduce the noise being transferred to the case - you'll find most NAS enclosures have a number of dampening mountings to reduce noise and vibration whereas a PC case will often screw the HD directly to the frame.

And on that note, Ironwolf are NAS drives and as such designed for a multi-bay NAS with said sound dampening so it isn't really a design priority.

In short, it is what it is, if you want a quiet drive then check the data sheets and reviews / tests before buying to see if they meet your needs but don't expect all the different sized drives in a model range to be the same noise wise.

goodValue

If you use a unique password for each online account, is it necessary to have a strong password for every site?

For example, this site (mse) has no:
  financial links 
  sensitive information

So if it is hacked, there are no grave consequences (or are there?).
  

JustAnotherSaver

Deleted_User said:

And on that note, Ironwolf are NAS drives and as such designed for a multi-bay NAS with said sound dampening so it isn't really a design priority.

In short, it is what it is, if you want a quiet drive then check the data sheets and reviews / tests before buying to see if they meet your needs but don't expect all the different sized drives in a model range to be the same noise wise.

Thanks for the explanation.

This bit of your post though. Every high capacity drive I looked at seemed to be geared towards NAS'. Do people not put large drives in their PC or something? Certainly seems that they don't. I feel abnormal for going above 1TB-2TB when you read other peoples posts on other sites.

And I could read the data sheets but then what would I do with that really?

They could tell me that the noise level is <insertwhatevernumberhere>. It's just a number on a screen to me. I don't know what that translates in to what my ears will be hearing. I know 20 is louder than 10, 30 is louder than 20, so on & so forth but so what? Shifting from 20 to 30 could be like a jet engine vs a whisper for all I know, or it could be not detectable by the human ear, also for all I know.

And at any rate, I was just curious. More than anything I was just checking there wasn't anything sinister going on. Had enough of that.

goodValue said:

If you use a unique password for each online account, is it necessary to have a strong password for every site?

For example, this site (mse) has no:
  financial links 
  sensitive information

So if it is hacked, there are no grave consequences (or are there?).
  

I personally wouldn't have thought so (but I don't know a lot), UNLESS they can connect your email & your password & then go well let's try actually accessing their gmail...and then leading on from there.

Olinda99

goodValue said:

If you use a unique password for each online account, is it necessary to have a strong password for every site?

For example, this site (mse) has no:
  financial links 
  sensitive information

So if it is hacked, there are no grave consequences (or are there?).
  

I use a 'insecure' password for sites like this

The highest security password plus 2FA should be used for your email account as that is where password resets are processed

Funnily enough, weak passwords are OK on financial eg bank login as they restrict the number of incorrect attempts before locking you out.