Episode: 3595 Title: HPR3595: I am sure I changed my password last...??? Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr3595/hpr3595.mp3 Transcribed: 2025-10-25 01:54:49 --- This is Hacker Public Radio Episode 3595 for Friday the 13th of May 2022. Today's show is entitled, I am sure I changed my password last. It is part of the series' privacy and security. It is the first show by Newhost Lurking Pryon and is about 11 minutes long. It carries a clean flag. The summary is pilot episode. Change your password. Hello, welcome to password 1234. My name is Lurking Pryon. Yes, just like Magcow disease, that little protein that gets in your brain, it's alive. It shouldn't be. But it is. And it does bad things to you. But hopefully this won't be bad. It will be good. Password 1234 is all about information security for the average human. As we know, password 1234 is a common password for people. I am hoping to change your mind about this and hopefully convince you to pick a different password among other things. I have been information security specialist for approximately 20 plus years. I am not going to go into the details about that, but hey, let's just say I have done lots of fun and interesting things. With that being said, I want to state that this program will be open for a request. In the meantime, I have my own agenda and I will be working on that. I want to begin by talking about something simple, something near and dear to you, and it's the title of the show, Your Password. Yes, Your Password. Some of you have had a password that you have used for years. Yes, years. And if you think about it, you probably use the same password everywhere you go. Matter of fact, while we're on the topic, let's talk about the same pen that you probably also use. Now, I just want to point out that over the course of this past year or years, plural, you may have experienced some breakups, there may be some X's in your life, and of course, if you have kids, I can guarantee you that the kids and probably your X's all know your password, slash passwords, and pens. So if you have not changed a password in a while, you might want to get on that quickly. Think about it. Do you really want your X having access to the passwords to all of your common things? No, I know. You'd say they're telling yourself, but hey, they would never do anything bad, right? Right? That's why they're your X. Right? Just saying. So, maybe change that stuff. Now, most people are like, but hey, I have no idea how to keep track of my passwords. Well, for this, I'm going to recommend a password manager. What password manager? Well, that largely depends on you. I can cover this in future episodes if you would choose. Like an episode on password managers, then leave me a message, and I will hop on that at my earliest convenience. Now, passwords, this is something that is of a much debate. Over the years, we've heard people tell us that you need two special characters, two other case, two lower case, and two numbers, who in randomization. In reality, that's really not quite the case. What really matters is how long your password is. Yes, my friends, size matters. So if you think about it, if you were to have a lock that has two possible combinations, zero through nine, it's not going to take you too long to figure out what all the possible combinations are. However, if you increase the number of possible characters from two to four, it's not a linear increase in the number of possible combinations. It's an exponential increase in the number of possible combinations. This is the thing that people don't realize. Because it for every character that you add to a password, it's an exponential increase in the number of possible combinations. When it comes to hackers, they are banking on the fact that they will be able to guess your password within a set period of time. Once you put in a set number of characters, then you have increased the amount of time it's going to take for them to crack your password to a point where it is no longer beneficial for them to mess with you. Now this is a point that I get in trouble with sometimes, but hey, let's be real. Security does not exist. There's a quote by Helen Keller that goes something along those lines. Security does not exist within nature nor among man. It is not a natural occurring phenomenon, and there really is no such thing as secure. If you've seen Ocean's 11, Ocean's 12, Ocean's 13, Ocean's 8, Ocean's 24, Ocean's 52, I don't know how many they're up to. But the point is, no matter how much you protect something, if somebody has enough time, enough resources, and enough determination, they will get access to it. So the name of the game when it comes to security is really not about being secure. If you were to think about it, imagine yourself in prison, and you want to be the least attractive person in prison. Yup, you want to be the unperturbed boy there. Or gal, I'm not going to judge. But hey, we want to make sure that somebody else is an easier target than we are. So when it comes to security, it really is about having more security than other potential victims. By doing this, you can remove yourself from the potential victim pool for the average evil Steve. Now keep in mind, if somebody sets their sights on you, it really doesn't matter what kind of security you have in place. Let's say that even in the Soviet Russia, or not so yet Russia, I don't know, depends how you call it these days. But if he sets the sights on you, or if Chinese Steve sets the sights on you, he's probably going to get your stuff. So is that saying that you should just roll over and die? No. There's plenty of bad actors out there who will pray upon you simply because you are easy to victimize. So let's make ourselves a harder victim. Now I know the passwords are a touchy subject for people. People are like, oh, but I don't want to have a 40 character password. Well, I'm going to tell you that you really do. Let's think about this. You're like, oh my gosh, a 40 character password. Now I've really already told you that the complexity requirements, the entropy, all of that random crap really goes out the window when you talk about the size of the password, key space. So if I have a 40 character password, let's just say that my passphrase is, I love to watch my kids play soccer in the summer. Well, that's an incredibly long password. I'm not going to have to write it down. I can remember it. It's not a lot of complex things, and in fact, it's just simple plain text characters. And yet the key space alone makes it a very difficult password. Now, let's say that you wanted to have a different passphrase, yes, passphrases. I want to get you out of the mindset of having a password passphrases. So let's say that you want to have a different passphrase for a website. So let's just say, for instance, I love to surf the internet on facebook.com in my past leisure time. Well that is a very complex passphrase. It is very long, and it is going to be very good at protecting your account. And you could probably do the same thing with Twitter and live journal or whatever other social media you happen to subscribe to, if you're one of those kind of people. Just saying, there's lots of them out there. You're probably one of them, statistically speaking that is. So passwords, let's go, let's change them. Let's increase the length of the passwords. Let's use a password manager. Again, if you want help picking out a password manager, I am more than happy to go through a few that I am familiar with, or if you have one that you're like, hey, I would really like to know more about this, is this a good choice for me? Let me know, I will look into it. I know people, I have resources, I can do these kinds of things. So in the meantime, I would encourage you to just sit there, and while you're sleeping tonight, just sit there and say, hmm, when's the last time I changed any password? And how many of my exes know said passwords? I don't want my exes know of my passwords, you probably don't either. This is my first episode, this will be a weekly podcast if you all find this of use. So in the meantime, this is Lurking Pryon, hoping to get in your brain and scratch an edge that maybe you didn't know was there. And hopefully it will be a good thing. Think about your passwords, change them. And if you have any comments, suggestions, or anything else, leave me some feedback. I would love to hear from you. Until next time, enjoy! You have been listening to Hacker Public Radio, as Hacker Public Radio doesn't work. Today's show was contributed by a HBR listener like yourself, if you ever thought of recording a podcast, then click on our contribute link to find out how easy it really is. Hosting for HBR has been kindly provided by an honesthost.com, the Internet Archive and our Sync.net. On this otherwise stated, today's show is released under Creative Commons, Attribution 4.0 International License.