Dear anyone,
Your duolingo forum registration isn't automaticaly transferred to duome forum so in order to join duome forums you need to register with your existing or any other username and email; in any case it's advised that you choose a new password for the forum.
~ Duome Team

Passphrases vs passwords

These Duome Forum guides have step-by-step instructions and screenshots on how to achieve the desired results. So read the relevant ones before you ask again.


User avatar
dakanga

Passphrases vs passwords

Post by dakanga »

Importance of Passwords ; [GUIDE] Password reset


The 31st March is World Backup Day.

Check out :

p.s. do be cautious of sites that are NOT https. Note the " s".
Could someone explain what https is, compared to http ?

The reason I bring this up here, is that in the news I read today, due to World Backup Day, is the concept of Passphases.

A Passphrase is a string of words used to access accounts/services on the internet. It is a type of password.

Passphrases : advice

  1. Four words should be sufficient. Five words is better.
  2. Don't choose from the most common words, and don't choose quotes or sayings. The words should be as random as possible.
  3. Use a unique passphrase for every account you own.
  4. Use of at least three of the following character sets in passphrases: lower-case alphabetical characters (a-z), upper-case alphabetical characters (A-Z), numeric characters (0-9) or special characters.

Especially check out the comic by blogger Randal Munroe, xkcd.com.

![](https://imgs.xkcd.com/comics/password_strength.png)


Fun fact : March 31st happens in Australia a day ahead of when it happens in the United States. For more information on Time Zones, check out : [GUIDE] Time zones


Do people have other advice on account security?
After all, I just learned about this one today. I am sure there are many other things as well I am unaware of.


Importance of Passwords ; [GUIDE] Password reset

User avatar
dakanga

Re: Passphrases vs passwords

Post by dakanga »

originally posted by Indo.chine

I think using words in different langauges, as part of my passcode, is helpful.

It's always a good idea to make sure you have the basics covered - a firewall, anti-virus, etc. And keep those programs up-to-date.

A program like DriverBooster is also helpful, as searches your device for updates to all your programs...without those updates, your computer/device is easier to hack into; hackers find loopholes, the updates close the loopholes. Same for things such as Windows updates. Keep everything up-to-date, and close the loopholes.

An on-screen keyboard can be handy for entering passwords. You might have malicious software on your computer called a key-logger, which will basically then show all your keystrokes - like the keystrokes for your passwords - to others. If you use an on-screen keyboard, since you just use the mouse to tap each letter, all that is logged is a mouse-click.

If you use public wi-fi, use a VPN.

Those are the only basic things I can really think of right now. I know most folks probably know all this already, but, you know, just in case they don't, and it might be helpful.


I thought it was especially fun to mention the idea of using words in different langauges on a language-learning site.

I just realized that I mentioned the wrong program, though - Driverbooster updates your drivers, not your programs. (But update both). You can use something like Patch My PC for program updates.

The only other tips I can think of are - try a more secure browser (Vivaldi, Brave, etc.). You don't have to use Chrome, Firefox, etc., if you don't want to. Use a pop-up blocker, if your browser doesn't have a built-in one. And, please be safe on your phone/tablet...what I mean, is, for some reason, I see a lot of people who are not careful with their mobile devices, the way they are with their laptops.

Oh, and, on some sites - Facebook, for example - you can see, in settings, where you are logged in. So it will say, like, 'Calgary, Alberta, Canada, on Chome', or whatever. It's worth taking a peek at these once in a while, to see if others are logged into your account.

User avatar
dakanga

Re: Passphrases vs passwords

Post by dakanga »

originally posted by ARCANA-MVSA

For the conlangers out there, using a conlang as a base can also be a great way to go, as it is even less predictable than a natural language. :)

Volgav vitsenanieff nivya kevach varatsach.

User avatar
dakanga

Re: Passphrases vs passwords

Post by dakanga »

originally posted by Callux8

I'll play, here's a few more:

• Never reuse a passphrase or password. Louder for the people in the back?

NEVER REUSE A PASSPHRASE OR PASSWORD FOR MORE THAN ONE ACCOUNT

Password details

  • Don't use any sort of personally identifying information as part of your phrase, not your last name, not your mother's maiden name, not the name of any street you have ever lived on. Not the name of your town or the school you attend.

  • Include at least one not-a-real-word. I like to generate non-words from a random password generation website like this one: https://passwordsgenerator.net/

Why? Thieves also use what are called "dictionary" cracking tools. These tools run all the words in a dictionary. They can use LEET AKA 733t substitutions, so it's better to just be random. I assume these dictionary tools exist for all latin character languages as well as cyrillic ones.

  • Make sure all the other words contain either a number or an allowed punctuation mark.

One way to make sure you never reuse passwords is to use a Password Manager. It's basically one ring to rule them all. Lastpass and 1Password are two well-known companies with good reputations. 1Password is better for people fully integrated across Apple products.

Another layer of protection (not offered on Duolingo, but on other sites) is something called 2FA (two-factor authentication). If you use Facebook or Reddit, you will have seen this. Usually your cell phone is your 2nd authentication piece and you receive a SMS or email in order to log in. However, there are also mobile apps such as google authenticator that add another level of security.

Lastly you can get physical keys. If you work for a bank, or a tech company, you are probably forced to use one at work if you access their central systems as part of your job. One example of a physical key is called YUBI KEY. This will be overkill for this forum, but if you're into security, I'd say check it out.

User avatar
dakanga

Re: Passphrases vs passwords

Post by dakanga »

originally posted by Hakase_

In short, HTTPS adds security measures to HTTP. HTTPS is known as HTTP over TLS or HTTP Secure.

It ensures that:

  • Data sent and received (after negotiating cryptographic keys) is encrypted
  • Data is from the server you want, not from a hacker who is pretending to be the server you want (authenticity)
  • Tampered data is obvious (integrity)

HTTPS ensures that communication between you and the server you want is secure. However, it does not protect you if you mistype the URL like www.duolingoo.com or if you click on a link to www.duoIingo.com (note the uppercase i instead of a lowercase L). It does not remove viruses from the website you go to and it does not prove that the website is legitimate (i.e. not malicious).

So, if you type your password on a malicious site that starts with https, HTTPS won't save you.


HTTPS represents more than that a website has an SSL certificate. An alternate way to read HTTPS (other than HTTP Secure) is HTTP over TLS. Transport Layer Security (TLS) is a protocol which encrypts network traffic.

An SSL certificate is sent by the server to prove its authenticity (the server that returns you the data is really from let's say https://www.google.com). This, in conjunction with a digital signature of the response proves that the server really sent the whole message.

However, this is not all the server sends. The TLS protocol also specifies that the client and server exchange a secret cryptographic key used for encrypting all communication. These keys are exchanged in a clever way, such that attackers looking at what is sent cannot figure out what the keys are (check out Diffie-Hellman Key Exchange).

Once your browser and the server has agreed on the cryptographic keys, all network traffic is encrypted from then on.

User avatar
dakanga

Re: Passphrases vs passwords

Post by dakanga »

User avatar
dakanga

Re: Passphrases vs passwords

Post by dakanga »

User avatar
dakanga

Re: Passphrases vs passwords

Post by dakanga »

For the most common English words, check out:

Basic English is an English-based controlled language created by linguist and philosopher Charles Kay Ogden as an international auxiliary language, and as an aid for teaching English as a second language. see: http://ogden.basic-english.org/ (again note, this is a http)

Perhaps it may be something to bear in mind to avoid these frequent words ?

Also to consider word frequency resources:

User avatar
dakanga

Re: Passphrases vs passwords

Post by dakanga »

originally posted by Jileha

One way to create a complex password is to come up with a sentence consisting of as many words as you like and still can remember, and use only the first letter of each word.

Example: every summer we go to the zoo and look at our favorite animal the elephant > eswgttzalaofate

Or with numbers and capital letters for (proper) nouns: Christmas day is always on December 25 unless the Grinch steals Christmas again > CdiaoD25utGsCa

If you want to use different passwords for each different site you use, come up with a sentence that stays the same except for the name of the site where you want to use it.

E.g. for a bank’s online service: my Father used to work at the Bank but now he has been retired for 6 Years and lives in Spain > mFutwatBbnhhbrf6YaliS

For a library account: my Father used to work at the Library but now he has been retired for 6 Years and lives in Spain > mFutwatLbnhhbrf6YaliS

User avatar
dakanga

Re: Passphrases vs passwords

Post by dakanga »

Helping to make the UK the safest place to live and work online

User avatar
dakanga

Re: Passphrases vs passwords

Post by dakanga »

asked by : CX948

I'd like to understand more about what entropies are, why it's easier for computers to guess passwords, and how the amount of time is calculated.

First, lets start with a definition:

password entropy : is a measurement of how unpredictable a password is.

ps entropy when used in scientific and information terms has different nuances of meanings. I recommend checking it out ;P

There are different formula for detecting this entropy.
Here is some more information on this:

The time to crack a password depends on the "strength" of the password, and details of how the password is stored.

It is faster for computer programs to do this, to produce candidate passwords, and check it - to see if it opens the account/file. Rather than a human to do this.

And if you use the same password across many different sites/services, then, if the password is cracked on one site/service, this will then most likely become one selected to use initially to crack into other sites/services you may use.

This is why it is important to use different passwords on different sites/services.

If you use the same password across all sites/services, the strength of you security is equivalent to the weakest link across all the sites/services you use.
If ANY ONE of the sites you use has a very weak system, to the extent that it even "publishes" all its users passwords, then that can put all your accounts potentially at risk, if you have used the same or a similar password.

references

User avatar
dakanga

Re: Passphrases vs passwords

Post by dakanga »

Memory palaces / loci

Perhaps consider using memory palaces
Not just for creating unique passwords for yourself (I hope).

Also check out :

Do people have other suggestions on "The method of loci"/memory palace ?

User avatar
sandygaletoo
United States of America

Re: Passphrases vs passwords

Post by sandygaletoo »

dakanga wrote: Sat Mar 19, 2022 5:31 am

originally posted by Callux8

One way to make sure you never reuse passwords is to use a Password Manager. It's basically one ring to rule them all. Lastpass and 1Password are two well-known companies with good reputations. 1Password is better for people fully integrated across Apple products.

Another layer of protection (not offered on Duolingo, but on other sites) is something called 2FA (two-factor authentication). If you use Facebook or Reddit, you will have seen this. Usually your cell phone is your 2nd authentication piece and you receive a SMS or email in order to log in. However, there are also mobile apps such as google authenticator that add another level of security.

I also suggest using Bitwarden's password manager. Their free version is much better than Lastpass, now that the free version of Lastpass is only valid for one device. And if one uses it on their phone, it is no longer possible to use the website without paying.

Other benefits of a password manager:

  • generating long passwords, using all 4 character sets.
  • ability to save additional data, such as identification numbers, credit card information (no more typing in fields)

Microsoft Authenticator is also very good for 2-Factor Authentication. And it is useful for any login, not just Microsoft products.

sandygaletoo
Native: :us:
Learning: :de: :fr:

User avatar
lrai
United States of America

Re: Passphrases vs passwords

Post by lrai »

As you get older it isn't always easy to remember which password you used for what. I keep a book at home and for each site I put a code that I can remember to remind me which password is for what.

Another trick is to use a word from a language that isn't English. The worst for me at this time is that Windows keeps asking me to change my password and i'd really like to switch that option off but I can't find a way to do it. Its really annoying. :(

lrai
what's your legacy
Image 🇨🇳 🇷🇺 Learning Yiddish, Chinese, Russian

User avatar
duome

Re: Passphrases vs passwords

Post by duome »

https://www.netmux.com/blog/one-time-grid - see if you like the idea

and here you can generate and print a random password grid - https://www.geogebra.org/m/pGHF5SDV

User avatar
luo-ning

Re: Passphrases vs passwords

Post by luo-ning »

Just use Bitwarden. Simple and secure, and you only ever have to remember 1 master password (which should itself be long and have high entropy, so you can use memory palaces etc. to remember that one).

🦀 Pensando en la inmortalidad del cangrejo 🏴‍☠️ Flags Are Not Languages

Post Reply

Return to “Duome's How-to Guides”