<article>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#article10_01_21_1313235</id>
	<title>Analysis of 32 Million Breached Passwords</title>
	<author>CmdrTaco</author>
	<datestamp>1264081320000</datestamp>
	<htmltext>An anonymous reader writes <i>"Imperva released a study <a href="http://www.net-security.org/secworld.php?id=8742">analyzing 32 million passwords exposed in the Rockyou.com breach</a>. The data provides a unique glimpse into the way that users select passwords and an opportunity to evaluate the true strength of these as a security mechanism. In the past, password studies have focused mostly on surveys. Never before has there been such a high volume of real-world passwords to examine."</i>  Most interesting to me was that in the sample, less than 4\% used any non alpha-numerics in their #$#\%'ing passwords.</htmltext>
<tokenext>An anonymous reader writes " Imperva released a study analyzing 32 million passwords exposed in the Rockyou.com breach .
The data provides a unique glimpse into the way that users select passwords and an opportunity to evaluate the true strength of these as a security mechanism .
In the past , password studies have focused mostly on surveys .
Never before has there been such a high volume of real-world passwords to examine .
" Most interesting to me was that in the sample , less than 4 \ % used any non alpha-numerics in their # $ # \ % 'ing passwords .</tokentext>
<sentencetext>An anonymous reader writes "Imperva released a study analyzing 32 million passwords exposed in the Rockyou.com breach.
The data provides a unique glimpse into the way that users select passwords and an opportunity to evaluate the true strength of these as a security mechanism.
In the past, password studies have focused mostly on surveys.
Never before has there been such a high volume of real-world passwords to examine.
"  Most interesting to me was that in the sample, less than 4\% used any non alpha-numerics in their #$#\%'ing passwords.</sentencetext>
</article>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846170</id>
	<title>Re:Password strength vs. how often you change it</title>
	<author>dintech</author>
	<datestamp>1264090680000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>Did I mention that they pay our IT department $11/hour</p></div></blockquote><p>So it's true that if you you pay peanuts...</p></div>
	</htmltext>
<tokenext>Did I mention that they pay our IT department $ 11/hourSo it 's true that if you you pay peanuts.. .</tokentext>
<sentencetext>Did I mention that they pay our IT department $11/hourSo it's true that if you you pay peanuts...
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845136</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30848648</id>
	<title>Re:Password strength vs. how often you change it</title>
	<author>GroovinWithMrBloe</author>
	<datestamp>1264101120000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>One thing some companies do, is require X of Y characteristics.
i.e. Your password must be at least 8 characters long, and contain at least 3 out of the following 4: {lowercase letter, uppercase letter, number, special character}.</p><p>So your keyspace is far larger than: Must have a lowercase, uppercase, digit and special character. I think it's a nice compromise - but of course as this report shows, a hacker would still probably target [a-z0-9]{8}.</p><p>What would be interesting if the change password form predetermined the password requirements for this particular password, and these requirements are randomised each time the user wants to change the password. E.g. one time it may require a password of at least 8 characters, the next time it might require it to be 10 characters. One time it may require digits, another time it may require special characters. So an attacker in this case couldn't rely on a large populus having simple passwords of the bare minimum length as the system forces some variances in those minimums. Sure, it'll probably piss off users even more... (And I'm the first to admit I'd be pissed off by such an approach too).</p></htmltext>
<tokenext>One thing some companies do , is require X of Y characteristics .
i.e. Your password must be at least 8 characters long , and contain at least 3 out of the following 4 : { lowercase letter , uppercase letter , number , special character } .So your keyspace is far larger than : Must have a lowercase , uppercase , digit and special character .
I think it 's a nice compromise - but of course as this report shows , a hacker would still probably target [ a-z0-9 ] { 8 } .What would be interesting if the change password form predetermined the password requirements for this particular password , and these requirements are randomised each time the user wants to change the password .
E.g. one time it may require a password of at least 8 characters , the next time it might require it to be 10 characters .
One time it may require digits , another time it may require special characters .
So an attacker in this case could n't rely on a large populus having simple passwords of the bare minimum length as the system forces some variances in those minimums .
Sure , it 'll probably piss off users even more... ( And I 'm the first to admit I 'd be pissed off by such an approach too ) .</tokentext>
<sentencetext>One thing some companies do, is require X of Y characteristics.
i.e. Your password must be at least 8 characters long, and contain at least 3 out of the following 4: {lowercase letter, uppercase letter, number, special character}.So your keyspace is far larger than: Must have a lowercase, uppercase, digit and special character.
I think it's a nice compromise - but of course as this report shows, a hacker would still probably target [a-z0-9]{8}.What would be interesting if the change password form predetermined the password requirements for this particular password, and these requirements are randomised each time the user wants to change the password.
E.g. one time it may require a password of at least 8 characters, the next time it might require it to be 10 characters.
One time it may require digits, another time it may require special characters.
So an attacker in this case couldn't rely on a large populus having simple passwords of the bare minimum length as the system forces some variances in those minimums.
Sure, it'll probably piss off users even more... (And I'm the first to admit I'd be pissed off by such an approach too).</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845798</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845166</id>
	<title>Look at the user base for RockYou...</title>
	<author>Anonymous</author>
	<datestamp>1264085880000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext>RockYou is a MySpace photo/video sharing site (from what I could gather from googling, never used it myself) and it's certainly no excuse that people implement bone-head password choices such as the 10 shame shame list FTFA.  However, I didn't really see the article address or even consider that their target users on the RockYou site aren't generally what geek, wanna-be security folks on<nobr> <wbr></nobr>/. are security conscious.  I'm glad the analysis and study was done, but I'm really not surprised.  If people are picking '123456' as the #1 password, as much as we have a <a href="http://en.wikipedia.org/wiki/User\_error" title="wikipedia.org" rel="nofollow">PEBKAC</a> [wikipedia.org] situation on our hands, fault RockYou for not implementing some sort of semi-secure password standard.</htmltext>
<tokenext>RockYou is a MySpace photo/video sharing site ( from what I could gather from googling , never used it myself ) and it 's certainly no excuse that people implement bone-head password choices such as the 10 shame shame list FTFA .
However , I did n't really see the article address or even consider that their target users on the RockYou site are n't generally what geek , wan na-be security folks on / .
are security conscious .
I 'm glad the analysis and study was done , but I 'm really not surprised .
If people are picking '123456 ' as the # 1 password , as much as we have a PEBKAC [ wikipedia.org ] situation on our hands , fault RockYou for not implementing some sort of semi-secure password standard .</tokentext>
<sentencetext>RockYou is a MySpace photo/video sharing site (from what I could gather from googling, never used it myself) and it's certainly no excuse that people implement bone-head password choices such as the 10 shame shame list FTFA.
However, I didn't really see the article address or even consider that their target users on the RockYou site aren't generally what geek, wanna-be security folks on /.
are security conscious.
I'm glad the analysis and study was done, but I'm really not surprised.
If people are picking '123456' as the #1 password, as much as we have a PEBKAC [wikipedia.org] situation on our hands, fault RockYou for not implementing some sort of semi-secure password standard.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30858392</id>
	<title>Re:Some banks limit password strenght</title>
	<author>Aaron B Lingwood</author>
	<datestamp>1264167840000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Heritage Building Society in Australia only allow a 5 character password for netbanking.<br>Case-insensitive alpha-numeric only.</p><p>Furthermore, the login interface uses a 'virtual keyboard' which is unusable from my secure Blackberry.<br>I need IE with Javascript to log in.</p></htmltext>
<tokenext>Heritage Building Society in Australia only allow a 5 character password for netbanking.Case-insensitive alpha-numeric only.Furthermore , the login interface uses a 'virtual keyboard ' which is unusable from my secure Blackberry.I need IE with Javascript to log in .</tokentext>
<sentencetext>Heritage Building Society in Australia only allow a 5 character password for netbanking.Case-insensitive alpha-numeric only.Furthermore, the login interface uses a 'virtual keyboard' which is unusable from my secure Blackberry.I need IE with Javascript to log in.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846716</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846716</id>
	<title>Some banks limit password strenght</title>
	<author>aggressivepedestrian</author>
	<datestamp>1264093140000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I have a credit card with Chase: they don't even allow non alpha-numeric characters in hteir passwords. What possible reason could they have for limiting characters to letters and numbers?</htmltext>
<tokenext>I have a credit card with Chase : they do n't even allow non alpha-numeric characters in hteir passwords .
What possible reason could they have for limiting characters to letters and numbers ?</tokentext>
<sentencetext>I have a credit card with Chase: they don't even allow non alpha-numeric characters in hteir passwords.
What possible reason could they have for limiting characters to letters and numbers?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845932</id>
	<title>Anyone else use two-factor authentication?</title>
	<author>spamking</author>
	<datestamp>1264089720000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>We use a smartcard/PIN combination to access our systems . . . but some still require at least an 8 digit alphanumeric password.  Admins must use at least a 16 digit password, and we must change them every 90 days.  I really hope we're able to switch to 100\% two-factor authentication soon . . . and that it works.</htmltext>
<tokenext>We use a smartcard/PIN combination to access our systems .
. .
but some still require at least an 8 digit alphanumeric password .
Admins must use at least a 16 digit password , and we must change them every 90 days .
I really hope we 're able to switch to 100 \ % two-factor authentication soon .
. .
and that it works .</tokentext>
<sentencetext>We use a smartcard/PIN combination to access our systems .
. .
but some still require at least an 8 digit alphanumeric password.
Admins must use at least a 16 digit password, and we must change them every 90 days.
I really hope we're able to switch to 100\% two-factor authentication soon .
. .
and that it works.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846702</id>
	<title>Re:Why does password strength matter?</title>
	<author>DiegoBravo</author>
	<datestamp>1264093080000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>&gt;&gt;<nobr> <wbr></nobr>...Most interesting to me was that in the sample, less than 4\% used any non alpha-numerics in their #$#\%'ing passwords.<br>&gt; On a related note, what pisses me off even more is going to a website and trying to use a strong password and their system doesn't allow it.</p><p>I always avoid non-alpha chars in my passwords because I have to deal with several layouts of keyboards and is really a PITA when you inadvertently enter a "super strange password" but you really don't know what you actually typed because it is unreadable.</p><p>Because of that rule, I had to try a lot to figure out if my passwords were x\-x( or x~/xx=<nobr> <wbr></nobr>... etc.</p></htmltext>
<tokenext>&gt; &gt; ...Most interesting to me was that in the sample , less than 4 \ % used any non alpha-numerics in their # $ # \ % 'ing passwords. &gt; On a related note , what pisses me off even more is going to a website and trying to use a strong password and their system does n't allow it.I always avoid non-alpha chars in my passwords because I have to deal with several layouts of keyboards and is really a PITA when you inadvertently enter a " super strange password " but you really do n't know what you actually typed because it is unreadable.Because of that rule , I had to try a lot to figure out if my passwords were x \ -x ( or x ~ /xx = ... etc .</tokentext>
<sentencetext>&gt;&gt; ...Most interesting to me was that in the sample, less than 4\% used any non alpha-numerics in their #$#\%'ing passwords.&gt; On a related note, what pisses me off even more is going to a website and trying to use a strong password and their system doesn't allow it.I always avoid non-alpha chars in my passwords because I have to deal with several layouts of keyboards and is really a PITA when you inadvertently enter a "super strange password" but you really don't know what you actually typed because it is unreadable.Because of that rule, I had to try a lot to figure out if my passwords were x\-x( or x~/xx= ... etc.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845094</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846194</id>
	<title>What about the account importance?</title>
	<author>Anonymous</author>
	<datestamp>1264090740000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I wonder how applicable this is for "real" passwords -- the kind of password you'd use to secure your on-line bank account or your personal email, for example?  It's generally a good idea not to use the same password you use for your on-line bank account when creating a shopping cart account for every Tom, Dick, and Harry.com website that you happen to buy chotchkies from.  I wonder how many of these passwords are weak because of people just really not caring so much about their account on rockyou.com rather than being clueless about creating strong passwords...</p></htmltext>
<tokenext>I wonder how applicable this is for " real " passwords -- the kind of password you 'd use to secure your on-line bank account or your personal email , for example ?
It 's generally a good idea not to use the same password you use for your on-line bank account when creating a shopping cart account for every Tom , Dick , and Harry.com website that you happen to buy chotchkies from .
I wonder how many of these passwords are weak because of people just really not caring so much about their account on rockyou.com rather than being clueless about creating strong passwords.. .</tokentext>
<sentencetext>I wonder how applicable this is for "real" passwords -- the kind of password you'd use to secure your on-line bank account or your personal email, for example?
It's generally a good idea not to use the same password you use for your on-line bank account when creating a shopping cart account for every Tom, Dick, and Harry.com website that you happen to buy chotchkies from.
I wonder how many of these passwords are weak because of people just really not caring so much about their account on rockyou.com rather than being clueless about creating strong passwords...</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30847118</id>
	<title>My usual password is "password"</title>
	<author>\_TinCho</author>
	<datestamp>1264095000000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Most of the time, I don't care about the supposed security.
<br>
You have to create an account for some random forum to read a comment? You'll never probably log in again? Even if you go there once in a while, do I really care if someone discovers what my password is?
<br>
Do I have a secure and unique password for my bank account? Sure.
<br>
My Facebook account? Yes.
<br>
My Slashdot account? Maybe.
<br>
My somerandomforumthatmademeregistertoseeapic.com? "password". Or "Password", "password1", "Password1!", if the admin is paranoid.
<br>
Is it secure? No.
<br>
<b>Who cares?</b></htmltext>
<tokenext>Most of the time , I do n't care about the supposed security .
You have to create an account for some random forum to read a comment ?
You 'll never probably log in again ?
Even if you go there once in a while , do I really care if someone discovers what my password is ?
Do I have a secure and unique password for my bank account ?
Sure . My Facebook account ?
Yes . My Slashdot account ?
Maybe . My somerandomforumthatmademeregistertoseeapic.com ?
" password " . Or " Password " , " password1 " , " Password1 !
" , if the admin is paranoid .
Is it secure ?
No . Who cares ?</tokentext>
<sentencetext>Most of the time, I don't care about the supposed security.
You have to create an account for some random forum to read a comment?
You'll never probably log in again?
Even if you go there once in a while, do I really care if someone discovers what my password is?
Do I have a secure and unique password for my bank account?
Sure.

My Facebook account?
Yes.

My Slashdot account?
Maybe.

My somerandomforumthatmademeregistertoseeapic.com?
"password". Or "Password", "password1", "Password1!
", if the admin is paranoid.
Is it secure?
No.

Who cares?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30848518</id>
	<title>Re:Have they released the list anywhere?</title>
	<author>Anonymous</author>
	<datestamp>1264100520000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>It's hunter1.</p></htmltext>
<tokenext>It 's hunter1 .</tokentext>
<sentencetext>It's hunter1.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845492</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845392</id>
	<title>Password strength is relative</title>
	<author>ugen</author>
	<datestamp>1264087080000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Strength of a chosen password is a function of information it protects. I am sure most users follow this rule even without specifically identifying it.<br>In this sense, services like Rockyou are at the very bottom - the only reason users select a password for such a service is because it requires them to. I would bet that if it let users have an optopn of not having a password at all - they would gladly do so.</p><p>While I don't have a sample to prove this, it would be interesting to compare these to passwords selected for a major email provider (gmail, yahoo) and an online banking service. I would bet that (even without any specific controls and limits on characters used) these would be quite a bit more complicated, proportionately. I.e. somewhat more difficult to guess for the email, depending on how important the particular mailbox is to its owner, and quite complex for a bank account.</p><p>In any case, this selection of users is hardly a random sample and drawing any general conclusions based on it would be premature to say the least.</p></htmltext>
<tokenext>Strength of a chosen password is a function of information it protects .
I am sure most users follow this rule even without specifically identifying it.In this sense , services like Rockyou are at the very bottom - the only reason users select a password for such a service is because it requires them to .
I would bet that if it let users have an optopn of not having a password at all - they would gladly do so.While I do n't have a sample to prove this , it would be interesting to compare these to passwords selected for a major email provider ( gmail , yahoo ) and an online banking service .
I would bet that ( even without any specific controls and limits on characters used ) these would be quite a bit more complicated , proportionately .
I.e. somewhat more difficult to guess for the email , depending on how important the particular mailbox is to its owner , and quite complex for a bank account.In any case , this selection of users is hardly a random sample and drawing any general conclusions based on it would be premature to say the least .</tokentext>
<sentencetext>Strength of a chosen password is a function of information it protects.
I am sure most users follow this rule even without specifically identifying it.In this sense, services like Rockyou are at the very bottom - the only reason users select a password for such a service is because it requires them to.
I would bet that if it let users have an optopn of not having a password at all - they would gladly do so.While I don't have a sample to prove this, it would be interesting to compare these to passwords selected for a major email provider (gmail, yahoo) and an online banking service.
I would bet that (even without any specific controls and limits on characters used) these would be quite a bit more complicated, proportionately.
I.e. somewhat more difficult to guess for the email, depending on how important the particular mailbox is to its owner, and quite complex for a bank account.In any case, this selection of users is hardly a random sample and drawing any general conclusions based on it would be premature to say the least.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30855332</id>
	<title>Re:repost from my comment on nyt:</title>
	<author>Anonymous</author>
	<datestamp>1264085760000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>the point is: having one password across all websites is a vulnerability, and having simple passwords is a vulnerability. so instead, don't remember a password, remember an ALGORITHM that you can use to recreate your password for any site on the fly</p><p>by the way, i got this idea from a slashdot thread, and it was an eureka moment for me, and i went about resetting all my passwords</p><p>i forget the thread or the user id of whoever made the comment, but it was a password related subject matter and i think it was in the last 6 months or so</p><p>whoever you are, and i hope you read this: thank you!</p></div><p>Passwords selection, like encryption, are subject to some fundamental rules to be effective.</p><p>One of THE most fundamental rules is that the the system SHOULD be just as secure regardless if you know the algorithm or not.  Security through obscurity is just a time bomb because once the algorithm is discovered, everything protected by it's secrecy is easier to get at.  This is why encryption algorithms themselves are open and the only secret is the keys.</p><p>I agree that practically speaking it is a convenience that helps the user remember and that security and convenience are 'trade offs'.  However, the real game is in making the system COMPUTATIONALLY difficult to crack.  Creating that difficulty is all about forcing the most exhaustive key search possible.</p><p>Password selection algorithm or encryption algorithm, if the password space can be reduced by knowledge of either algorithm, you have reduced the computational difficulty a great deal because you have introduced a pattern.</p><p>Realistically, it is a great approach as long as you never disclose the password algorithm.  Also, you just have to assume the encryption algorithm is known.  DES, DES3, Blowfish, AES, IDEA, etc... are algorithms that are freely available - there is even implementation code published in multiple languages such as C, C++ and Java.</p><p>Its a fine idea I think - a good balance of security and practicality.  However, I think it's wise to ASSUME the password gen algorithm is compromised when estimating the real security of the password.  By the same token, ideally, it's wise to account for the encryption algorithm used in the system.  I'd certainly knock down DES a lot vs. AES when using the same password for example.</p><p>Say the encryption algorithm is subject to a known plain text attack - if you have a pattern in your password generation (by using an algorithm), its that much easier to get a known plain text to use.</p><p>Or if say two passwords generated by the same algorithm are known (however), a differential attack could help find the rest.  At that point the encryption algorithm doesn't matter.</p><p>Or say you use a system with a weak algorithm (which you may not know).  Your password is discovered and then a differential attack on the password could bipass the far stronger encryption algorithms used in other systems.  (unknown to you, a gaming site uses ROT13.  Your password is found in a second.  Now that password is used to find or predict other password that are used on say, your banking website even though it uses AES).  In a case like that, the AES didn't help - the weakness of ROT13 + the predictability of the fact you use an algorithm for your password means there is a much smaller keyspace to attempt on your strong AES bank's site.</p><p>Attackers don't go for the strong link in the chain - your bank's encryption algorithm.  They go after your weak links - the game site you logon to and your password gen methods.</p><p>Be computationally unattractive and computationally unpredictable.  Also consider the value of what your are protecting.  The bank should have strong encryption and the password should be strong, random and not predictable.  Your game forum site that uses ROT13 isn't that important so use 123 for all that it matters.</p><p>Key management is as important as key selection is as important as the encryption algorithm - the first should be lock tight, the second should be random and the third should be public and still not broken ideally if your goal is to have actual security.</p><p>If the goal is to balance practicality with reasonable security, then there must be a reasonable, informed compromise.</p><p>At work for instance, the average joe that just needs to read normal email doesn't need as strong a password as the accountants that can access my mother's maiden name, my full name, my mailing address and my SSN.</p></div>
	</htmltext>
<tokenext>the point is : having one password across all websites is a vulnerability , and having simple passwords is a vulnerability .
so instead , do n't remember a password , remember an ALGORITHM that you can use to recreate your password for any site on the flyby the way , i got this idea from a slashdot thread , and it was an eureka moment for me , and i went about resetting all my passwordsi forget the thread or the user id of whoever made the comment , but it was a password related subject matter and i think it was in the last 6 months or sowhoever you are , and i hope you read this : thank you ! Passwords selection , like encryption , are subject to some fundamental rules to be effective.One of THE most fundamental rules is that the the system SHOULD be just as secure regardless if you know the algorithm or not .
Security through obscurity is just a time bomb because once the algorithm is discovered , everything protected by it 's secrecy is easier to get at .
This is why encryption algorithms themselves are open and the only secret is the keys.I agree that practically speaking it is a convenience that helps the user remember and that security and convenience are 'trade offs' .
However , the real game is in making the system COMPUTATIONALLY difficult to crack .
Creating that difficulty is all about forcing the most exhaustive key search possible.Password selection algorithm or encryption algorithm , if the password space can be reduced by knowledge of either algorithm , you have reduced the computational difficulty a great deal because you have introduced a pattern.Realistically , it is a great approach as long as you never disclose the password algorithm .
Also , you just have to assume the encryption algorithm is known .
DES , DES3 , Blowfish , AES , IDEA , etc... are algorithms that are freely available - there is even implementation code published in multiple languages such as C , C + + and Java.Its a fine idea I think - a good balance of security and practicality .
However , I think it 's wise to ASSUME the password gen algorithm is compromised when estimating the real security of the password .
By the same token , ideally , it 's wise to account for the encryption algorithm used in the system .
I 'd certainly knock down DES a lot vs. AES when using the same password for example.Say the encryption algorithm is subject to a known plain text attack - if you have a pattern in your password generation ( by using an algorithm ) , its that much easier to get a known plain text to use.Or if say two passwords generated by the same algorithm are known ( however ) , a differential attack could help find the rest .
At that point the encryption algorithm does n't matter.Or say you use a system with a weak algorithm ( which you may not know ) .
Your password is discovered and then a differential attack on the password could bipass the far stronger encryption algorithms used in other systems .
( unknown to you , a gaming site uses ROT13 .
Your password is found in a second .
Now that password is used to find or predict other password that are used on say , your banking website even though it uses AES ) .
In a case like that , the AES did n't help - the weakness of ROT13 + the predictability of the fact you use an algorithm for your password means there is a much smaller keyspace to attempt on your strong AES bank 's site.Attackers do n't go for the strong link in the chain - your bank 's encryption algorithm .
They go after your weak links - the game site you logon to and your password gen methods.Be computationally unattractive and computationally unpredictable .
Also consider the value of what your are protecting .
The bank should have strong encryption and the password should be strong , random and not predictable .
Your game forum site that uses ROT13 is n't that important so use 123 for all that it matters.Key management is as important as key selection is as important as the encryption algorithm - the first should be lock tight , the second should be random and the third should be public and still not broken ideally if your goal is to have actual security.If the goal is to balance practicality with reasonable security , then there must be a reasonable , informed compromise.At work for instance , the average joe that just needs to read normal email does n't need as strong a password as the accountants that can access my mother 's maiden name , my full name , my mailing address and my SSN .</tokentext>
<sentencetext>the point is: having one password across all websites is a vulnerability, and having simple passwords is a vulnerability.
so instead, don't remember a password, remember an ALGORITHM that you can use to recreate your password for any site on the flyby the way, i got this idea from a slashdot thread, and it was an eureka moment for me, and i went about resetting all my passwordsi forget the thread or the user id of whoever made the comment, but it was a password related subject matter and i think it was in the last 6 months or sowhoever you are, and i hope you read this: thank you!Passwords selection, like encryption, are subject to some fundamental rules to be effective.One of THE most fundamental rules is that the the system SHOULD be just as secure regardless if you know the algorithm or not.
Security through obscurity is just a time bomb because once the algorithm is discovered, everything protected by it's secrecy is easier to get at.
This is why encryption algorithms themselves are open and the only secret is the keys.I agree that practically speaking it is a convenience that helps the user remember and that security and convenience are 'trade offs'.
However, the real game is in making the system COMPUTATIONALLY difficult to crack.
Creating that difficulty is all about forcing the most exhaustive key search possible.Password selection algorithm or encryption algorithm, if the password space can be reduced by knowledge of either algorithm, you have reduced the computational difficulty a great deal because you have introduced a pattern.Realistically, it is a great approach as long as you never disclose the password algorithm.
Also, you just have to assume the encryption algorithm is known.
DES, DES3, Blowfish, AES, IDEA, etc... are algorithms that are freely available - there is even implementation code published in multiple languages such as C, C++ and Java.Its a fine idea I think - a good balance of security and practicality.
However, I think it's wise to ASSUME the password gen algorithm is compromised when estimating the real security of the password.
By the same token, ideally, it's wise to account for the encryption algorithm used in the system.
I'd certainly knock down DES a lot vs. AES when using the same password for example.Say the encryption algorithm is subject to a known plain text attack - if you have a pattern in your password generation (by using an algorithm), its that much easier to get a known plain text to use.Or if say two passwords generated by the same algorithm are known (however), a differential attack could help find the rest.
At that point the encryption algorithm doesn't matter.Or say you use a system with a weak algorithm (which you may not know).
Your password is discovered and then a differential attack on the password could bipass the far stronger encryption algorithms used in other systems.
(unknown to you, a gaming site uses ROT13.
Your password is found in a second.
Now that password is used to find or predict other password that are used on say, your banking website even though it uses AES).
In a case like that, the AES didn't help - the weakness of ROT13 + the predictability of the fact you use an algorithm for your password means there is a much smaller keyspace to attempt on your strong AES bank's site.Attackers don't go for the strong link in the chain - your bank's encryption algorithm.
They go after your weak links - the game site you logon to and your password gen methods.Be computationally unattractive and computationally unpredictable.
Also consider the value of what your are protecting.
The bank should have strong encryption and the password should be strong, random and not predictable.
Your game forum site that uses ROT13 isn't that important so use 123 for all that it matters.Key management is as important as key selection is as important as the encryption algorithm - the first should be lock tight, the second should be random and the third should be public and still not broken ideally if your goal is to have actual security.If the goal is to balance practicality with reasonable security, then there must be a reasonable, informed compromise.At work for instance, the average joe that just needs to read normal email doesn't need as strong a password as the accountants that can access my mother's maiden name, my full name, my mailing address and my SSN.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845402</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846406</id>
	<title>Re:The Top 10</title>
	<author>SpitfireSMS</author>
	<datestamp>1264091700000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Something tells me that a lot of these come from meaningless accounts that people make when they know theyre never coming back to the site.<br>Iv made something like asd123 as username and pass for stupid sites that MAKE you sign up just to access something.</p><p>I have a feeling that if you actually surveyed people to find out what they used for passwords and they were honest, like 90\% of people would have their pet's name or something similar.</p></htmltext>
<tokenext>Something tells me that a lot of these come from meaningless accounts that people make when they know theyre never coming back to the site.Iv made something like asd123 as username and pass for stupid sites that MAKE you sign up just to access something.I have a feeling that if you actually surveyed people to find out what they used for passwords and they were honest , like 90 \ % of people would have their pet 's name or something similar .</tokentext>
<sentencetext>Something tells me that a lot of these come from meaningless accounts that people make when they know theyre never coming back to the site.Iv made something like asd123 as username and pass for stupid sites that MAKE you sign up just to access something.I have a feeling that if you actually surveyed people to find out what they used for passwords and they were honest, like 90\% of people would have their pet's name or something similar.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845544</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846394</id>
	<title>Re:actual list of passwords?</title>
	<author>enbody</author>
	<datestamp>1264091640000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext><p><a href="http://thepiratebay.org/torrent/5232943/RockYou.com\_UserAccount-passwords" title="thepiratebay.org">http://thepiratebay.org/torrent/5232943/RockYou.com\_UserAccount-passwords</a> [thepiratebay.org]</p></htmltext>
<tokenext>http : //thepiratebay.org/torrent/5232943/RockYou.com \ _UserAccount-passwords [ thepiratebay.org ]</tokentext>
<sentencetext>http://thepiratebay.org/torrent/5232943/RockYou.com\_UserAccount-passwords [thepiratebay.org]</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845120</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846380</id>
	<title>Re:Why does password strength matter?</title>
	<author>Hoi Polloi</author>
	<datestamp>1264091640000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>What pisses me off even more is that every damn website requires a username/password so either I use the same password for every site, making me vulnerable to a hack on one breaking all of them, or I choose different ones.  If I choose different ones I have to either write them down somewhere or use a password manager, again making me vulnerable to a single point of failure.</p></htmltext>
<tokenext>What pisses me off even more is that every damn website requires a username/password so either I use the same password for every site , making me vulnerable to a hack on one breaking all of them , or I choose different ones .
If I choose different ones I have to either write them down somewhere or use a password manager , again making me vulnerable to a single point of failure .</tokentext>
<sentencetext>What pisses me off even more is that every damn website requires a username/password so either I use the same password for every site, making me vulnerable to a hack on one breaking all of them, or I choose different ones.
If I choose different ones I have to either write them down somewhere or use a password manager, again making me vulnerable to a single point of failure.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845094</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845402</id>
	<title>repost from my comment on nyt:</title>
	<author>circletimessquare</author>
	<datestamp>1264087140000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><blockquote><div><p>intelligent password management:</p><p>pick something you will always remember say "frankie45"</p><p>lets say the website you are visiting is facebook.com</p><p>so your password there will be "frankie45face"</p><p>and your password at twitter.com would be "frankie45twit"</p><p>in other words, you want to use what's called an algorithm</p><p>make your ALGORITHM unique, not your password. so maybe your algorithm would be "'twenty23' plus the second through fifth letters in the website's name plus my daughter's birthday" or whatever</p><p>the point is: having one password across all websites is a vulnerability, and having simple passwords is a vulnerability. so instead, don't remember a password, remember an ALGORITHM that you can use to recreate your password for any site on the fly</p></div></blockquote><p>by the way, i got this idea from a slashdot thread, and it was an eureka moment for me, and i went about resetting all my passwords</p><p>i forget the thread or the user id of whoever made the comment, but it was a password related subject matter and i think it was in the last 6 months or so</p><p>whoever you are, and i hope you read this: thank you!</p></div>
	</htmltext>
<tokenext>intelligent password management : pick something you will always remember say " frankie45 " lets say the website you are visiting is facebook.comso your password there will be " frankie45face " and your password at twitter.com would be " frankie45twit " in other words , you want to use what 's called an algorithmmake your ALGORITHM unique , not your password .
so maybe your algorithm would be " 'twenty23 ' plus the second through fifth letters in the website 's name plus my daughter 's birthday " or whateverthe point is : having one password across all websites is a vulnerability , and having simple passwords is a vulnerability .
so instead , do n't remember a password , remember an ALGORITHM that you can use to recreate your password for any site on the flyby the way , i got this idea from a slashdot thread , and it was an eureka moment for me , and i went about resetting all my passwordsi forget the thread or the user id of whoever made the comment , but it was a password related subject matter and i think it was in the last 6 months or sowhoever you are , and i hope you read this : thank you !</tokentext>
<sentencetext>intelligent password management:pick something you will always remember say "frankie45"lets say the website you are visiting is facebook.comso your password there will be "frankie45face"and your password at twitter.com would be "frankie45twit"in other words, you want to use what's called an algorithmmake your ALGORITHM unique, not your password.
so maybe your algorithm would be "'twenty23' plus the second through fifth letters in the website's name plus my daughter's birthday" or whateverthe point is: having one password across all websites is a vulnerability, and having simple passwords is a vulnerability.
so instead, don't remember a password, remember an ALGORITHM that you can use to recreate your password for any site on the flyby the way, i got this idea from a slashdot thread, and it was an eureka moment for me, and i went about resetting all my passwordsi forget the thread or the user id of whoever made the comment, but it was a password related subject matter and i think it was in the last 6 months or sowhoever you are, and i hope you read this: thank you!
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845484</id>
	<title>One had to dig deep for this gem...</title>
	<author>pongo000</author>
	<datestamp>1264087620000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext><p>I don't know if anyone bothered to read the <a href="http://www.imperva.com/docs/WP\_Consumer\_Password\_Worst\_Practices.pdf" title="imperva.com">full report</a> [imperva.com], but I found this recommendation tucked in at the end of the report:<br>ast character in the password. (pg. 3)</p><p><i>Allow and encourage passphrases instead of passwords.</i> (pg. 5)</p><p>And I say amen, amen to that.  I've done quite a bit of personal research in this area, and have found passphrase systems to be far superior in terms of security and ease of use/recall over random combinations of characters.  For years I've used the list provided at <a href="http://www.diceware.com/" title="diceware.com">Diceware</a> [diceware.com] to generate my passphrases, and I have no problem still recalling little-used 5- or 6-phrase passphrases years later.</p><p>The idea that random sequences of characters is somehow superior to a passphrase of equal entropy is a myth borne of ignorance and a resistance to change.  So long as companies that know better keep forcing their minions to adhere to a strict range of letter/number combinations, we'll continue to be saddled with the problem presented by the Rockyou.com crack.</p></htmltext>
<tokenext>I do n't know if anyone bothered to read the full report [ imperva.com ] , but I found this recommendation tucked in at the end of the report : ast character in the password .
( pg. 3 ) Allow and encourage passphrases instead of passwords .
( pg. 5 ) And I say amen , amen to that .
I 've done quite a bit of personal research in this area , and have found passphrase systems to be far superior in terms of security and ease of use/recall over random combinations of characters .
For years I 've used the list provided at Diceware [ diceware.com ] to generate my passphrases , and I have no problem still recalling little-used 5- or 6-phrase passphrases years later.The idea that random sequences of characters is somehow superior to a passphrase of equal entropy is a myth borne of ignorance and a resistance to change .
So long as companies that know better keep forcing their minions to adhere to a strict range of letter/number combinations , we 'll continue to be saddled with the problem presented by the Rockyou.com crack .</tokentext>
<sentencetext>I don't know if anyone bothered to read the full report [imperva.com], but I found this recommendation tucked in at the end of the report:ast character in the password.
(pg. 3)Allow and encourage passphrases instead of passwords.
(pg. 5)And I say amen, amen to that.
I've done quite a bit of personal research in this area, and have found passphrase systems to be far superior in terms of security and ease of use/recall over random combinations of characters.
For years I've used the list provided at Diceware [diceware.com] to generate my passphrases, and I have no problem still recalling little-used 5- or 6-phrase passphrases years later.The idea that random sequences of characters is somehow superior to a passphrase of equal entropy is a myth borne of ignorance and a resistance to change.
So long as companies that know better keep forcing their minions to adhere to a strict range of letter/number combinations, we'll continue to be saddled with the problem presented by the Rockyou.com crack.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30863452</id>
	<title>Re:Given the sample set, is it a surprise?</title>
	<author>NorthernerWuwu</author>
	<datestamp>1264154580000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Precisely.

I have intentionally (and laughably) insecure passwords I use for certain sites that require an account to view content. I pair that with a throw-away email account and other general measures on purpose so I'll be conscious of my insecure state when accessing such sites and don't give out any information I care about.

Now, for other purposes I have a dozen or so high to very high strength passwords that I rely on and by limiting their use I can limit their exposure. It is still a compromise but hey, for things that actually require extremely high levels of security I rely on physical means.</htmltext>
<tokenext>Precisely .
I have intentionally ( and laughably ) insecure passwords I use for certain sites that require an account to view content .
I pair that with a throw-away email account and other general measures on purpose so I 'll be conscious of my insecure state when accessing such sites and do n't give out any information I care about .
Now , for other purposes I have a dozen or so high to very high strength passwords that I rely on and by limiting their use I can limit their exposure .
It is still a compromise but hey , for things that actually require extremely high levels of security I rely on physical means .</tokentext>
<sentencetext>Precisely.
I have intentionally (and laughably) insecure passwords I use for certain sites that require an account to view content.
I pair that with a throw-away email account and other general measures on purpose so I'll be conscious of my insecure state when accessing such sites and don't give out any information I care about.
Now, for other purposes I have a dozen or so high to very high strength passwords that I rely on and by limiting their use I can limit their exposure.
It is still a compromise but hey, for things that actually require extremely high levels of security I rely on physical means.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845126</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846416</id>
	<title>Biometrics?</title>
	<author>RivenAleem</author>
	<datestamp>1264091760000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Many computer keyboards and laptops (even a good enough webcam) can use biometrics to grant access.</p><p>The laptops we have here at work all have fingerprint scanners, eliminating the need to remember the password. A webcam can take a picture of the user (not a retinal scan, just a regular picture of the face, though to protect against someone using a photo, a panoramic shot is usually used and the user turns head in left/right directions to snap the sides of head too) and compare that against a database.</p><p>Where I work, our signature on paper, and electronic, is very important, so I usually have to type in a password 20 times a day. Having a long and awkward one is great, but I rarely need to type it as I can scan my fingerprint.</p><p>Websites should start offering this feature too, though there would be issues regarding who you would trust your one, universal, password with. A PasswordPal (Paypal) service should be created so that you can trust your password with one secure, insured and trustworthy group, and the other sites would operate with some sort of single sign-on. So if you log in to your computer then that IP becomes you wherever you go.</p><p>I hope that functionality such as this gets incorporated into the new version of the internet that is in the works.</p></htmltext>
<tokenext>Many computer keyboards and laptops ( even a good enough webcam ) can use biometrics to grant access.The laptops we have here at work all have fingerprint scanners , eliminating the need to remember the password .
A webcam can take a picture of the user ( not a retinal scan , just a regular picture of the face , though to protect against someone using a photo , a panoramic shot is usually used and the user turns head in left/right directions to snap the sides of head too ) and compare that against a database.Where I work , our signature on paper , and electronic , is very important , so I usually have to type in a password 20 times a day .
Having a long and awkward one is great , but I rarely need to type it as I can scan my fingerprint.Websites should start offering this feature too , though there would be issues regarding who you would trust your one , universal , password with .
A PasswordPal ( Paypal ) service should be created so that you can trust your password with one secure , insured and trustworthy group , and the other sites would operate with some sort of single sign-on .
So if you log in to your computer then that IP becomes you wherever you go.I hope that functionality such as this gets incorporated into the new version of the internet that is in the works .</tokentext>
<sentencetext>Many computer keyboards and laptops (even a good enough webcam) can use biometrics to grant access.The laptops we have here at work all have fingerprint scanners, eliminating the need to remember the password.
A webcam can take a picture of the user (not a retinal scan, just a regular picture of the face, though to protect against someone using a photo, a panoramic shot is usually used and the user turns head in left/right directions to snap the sides of head too) and compare that against a database.Where I work, our signature on paper, and electronic, is very important, so I usually have to type in a password 20 times a day.
Having a long and awkward one is great, but I rarely need to type it as I can scan my fingerprint.Websites should start offering this feature too, though there would be issues regarding who you would trust your one, universal, password with.
A PasswordPal (Paypal) service should be created so that you can trust your password with one secure, insured and trustworthy group, and the other sites would operate with some sort of single sign-on.
So if you log in to your computer then that IP becomes you wherever you go.I hope that functionality such as this gets incorporated into the new version of the internet that is in the works.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845244</id>
	<title>Re:Why does password strength matter?</title>
	<author>Anonymous</author>
	<datestamp>1264086420000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>trying to use a strong password and their system doesn't allow it</p></div><p>We are not representative of "normal" users.</p><p>Here is what an average teh noob thinks about <a href="http://www.youtube.com/watch?v=iNiO6dCH42Y" title="youtube.com" rel="nofollow">strong passwords</a> [youtube.com]</p></div>
	</htmltext>
<tokenext>trying to use a strong password and their system does n't allow itWe are not representative of " normal " users.Here is what an average teh noob thinks about strong passwords [ youtube.com ]</tokentext>
<sentencetext>trying to use a strong password and their system doesn't allow itWe are not representative of "normal" users.Here is what an average teh noob thinks about strong passwords [youtube.com]
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845094</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846608</id>
	<title>Re:actual list of passwords?</title>
	<author>Locke2005</author>
	<datestamp>1264092600000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Damn, those girls Nicole, Jessica, and Ashley must REALLY get around!</htmltext>
<tokenext>Damn , those girls Nicole , Jessica , and Ashley must REALLY get around !</tokentext>
<sentencetext>Damn, those girls Nicole, Jessica, and Ashley must REALLY get around!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845120</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30848198</id>
	<title>Re:12345?</title>
	<author>Anonymous</author>
	<datestamp>1264099140000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>1, 2, 3, 4, 5?</p><p>That's amazing! I've got the same combination on my luggage!</p></htmltext>
<tokenext>1 , 2 , 3 , 4 , 5 ? That 's amazing !
I 've got the same combination on my luggage !</tokentext>
<sentencetext>1, 2, 3, 4, 5?That's amazing!
I've got the same combination on my luggage!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845350</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845268</id>
	<title>Re:The Top 10</title>
	<author>Anonymous</author>
	<datestamp>1264086540000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext><p>Is there a reason to have a really strong password on "rockyou.com"?</p><p>Maybe since it integrates with facebook and the like?</p><p>I'm really annoyed when all I want to do listen to some online music (ie pandora, etc) and the web site gets pissy because I choose pandora as my password.</p><p>Why should I care?</p></htmltext>
<tokenext>Is there a reason to have a really strong password on " rockyou.com " ? Maybe since it integrates with facebook and the like ? I 'm really annoyed when all I want to do listen to some online music ( ie pandora , etc ) and the web site gets pissy because I choose pandora as my password.Why should I care ?</tokentext>
<sentencetext>Is there a reason to have a really strong password on "rockyou.com"?Maybe since it integrates with facebook and the like?I'm really annoyed when all I want to do listen to some online music (ie pandora, etc) and the web site gets pissy because I choose pandora as my password.Why should I care?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845078</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30848458</id>
	<title>Re:The Top 10</title>
	<author>Anonymous</author>
	<datestamp>1264100280000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I think I might stand a chance at remembering a few of the top 10 -- I should start using them for my online accounts!</p></htmltext>
<tokenext>I think I might stand a chance at remembering a few of the top 10 -- I should start using them for my online accounts !</tokentext>
<sentencetext>I think I might stand a chance at remembering a few of the top 10 -- I should start using them for my online accounts!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845078</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30857144</id>
	<title>Insecurities</title>
	<author>Geckomayhem</author>
	<datestamp>1264192020000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Correctly, that should read "fewer" than 4\%. But grammar aside, that's unbelievable. I guess 96\% of people just don't care whether they have a secure login or not. My most secure password belongs to my World of Warcraft account. Oh shoot, I'd better go change it. &gt;.&gt;</htmltext>
<tokenext>Correctly , that should read " fewer " than 4 \ % .
But grammar aside , that 's unbelievable .
I guess 96 \ % of people just do n't care whether they have a secure login or not .
My most secure password belongs to my World of Warcraft account .
Oh shoot , I 'd better go change it .
&gt; . &gt;</tokentext>
<sentencetext>Correctly, that should read "fewer" than 4\%.
But grammar aside, that's unbelievable.
I guess 96\% of people just don't care whether they have a secure login or not.
My most secure password belongs to my World of Warcraft account.
Oh shoot, I'd better go change it.
&gt;.&gt;</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845208</id>
	<title>Re:Have they released the list anywhere?</title>
	<author>Anonymous</author>
	<datestamp>1264086060000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>You <i>could</i> try typing them into Google or Bing...</p></htmltext>
<tokenext>You could try typing them into Google or Bing.. .</tokentext>
<sentencetext>You could try typing them into Google or Bing...</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845074</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846152</id>
	<title>Re:Why does password strength matter?</title>
	<author>BlackPignouf</author>
	<datestamp>1264090560000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>+1</p><p>I use pwdhash for all my Internet passwords.<br>This gives me a unique password for each domain, that looks like this : 7CqCEk+Gw or B5Ra7Yt8+<br>That should be enough, even for sensitive bank accounts.</p><p>The only problem is that my bank doesn't allow any password that includes non alpha-numeric character.<br>WTF????</p></htmltext>
<tokenext>+ 1I use pwdhash for all my Internet passwords.This gives me a unique password for each domain , that looks like this : 7CqCEk + Gw or B5Ra7Yt8 + That should be enough , even for sensitive bank accounts.The only problem is that my bank does n't allow any password that includes non alpha-numeric character.WTF ? ? ?
?</tokentext>
<sentencetext>+1I use pwdhash for all my Internet passwords.This gives me a unique password for each domain, that looks like this : 7CqCEk+Gw or B5Ra7Yt8+That should be enough, even for sensitive bank accounts.The only problem is that my bank doesn't allow any password that includes non alpha-numeric character.WTF???
?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845094</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845590</id>
	<title>Re:Password strength vs. how often you change it</title>
	<author>Anonymous</author>
	<datestamp>1264088100000</datestamp>
	<modclass>Funny</modclass>
	<modscore>5</modscore>
	<htmltext><p><nobr> <wbr></nobr></p><div class="quote"><p>.., followed by "1111" then "2222" then "3333" and so forth...</p></div><p>Dont you mean so 4444th.</p></div>
	</htmltext>
<tokenext>.. , followed by " 1111 " then " 2222 " then " 3333 " and so forth...Dont you mean so 4444th .</tokentext>
<sentencetext> .., followed by "1111" then "2222" then "3333" and so forth...Dont you mean so 4444th.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845136</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846252</id>
	<title>Re:Have they released the list anywhere?</title>
	<author>Anonymous</author>
	<datestamp>1264091040000</datestamp>
	<modclass>Funny</modclass>
	<modscore>3</modscore>
	<htmltext><p>Wonderful, mine is also blanked out: hunter2<nobr> <wbr></nobr>:)<br>See?</p><p>Obligatory bash.org reference: <a href="http://www.bash.org/?244321" title="bash.org" rel="nofollow">http://www.bash.org/?244321</a> [bash.org]</p></htmltext>
<tokenext>Wonderful , mine is also blanked out : hunter2 : ) See ? Obligatory bash.org reference : http : //www.bash.org/ ? 244321 [ bash.org ]</tokentext>
<sentencetext>Wonderful, mine is also blanked out: hunter2 :)See?Obligatory bash.org reference: http://www.bash.org/?244321 [bash.org]</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845492</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845340</id>
	<title>Silly password requirements</title>
	<author>Kupfernigk</author>
	<datestamp>1264086960000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>One thing that bugs me is the people who think that requiring at least one capital and one non-alphanumeric makes the password a lot stronger. Using lower case alphanumeric gives a range of 36 symbols at each point. Adding the new constraint increases this to around 70, given the limited set of non-alpha likely to be used. It doesn't take a genius to work out that, for instance, an 8-character plain lower case alphanumeric has more possible values than a 6-character mixed password. And I can easily generate a highly insecure password with the stricter requirement which will still be memorable for me and perhaps guessable - e.g. Fred-41<p>
As a simple example, test installing SQL Server 2008 refused to accept an sa password which was highly secure - 11 random lower case alphanumerics - but was quite happy with Micro$0ft. Childish I know, but I wanted to check if they had implemented an algorithm to detect "obvious" password variants.</p><p>Perhaps someone is still using MD5 hashes for passwords. Or not using any hashes at all.</p></htmltext>
<tokenext>One thing that bugs me is the people who think that requiring at least one capital and one non-alphanumeric makes the password a lot stronger .
Using lower case alphanumeric gives a range of 36 symbols at each point .
Adding the new constraint increases this to around 70 , given the limited set of non-alpha likely to be used .
It does n't take a genius to work out that , for instance , an 8-character plain lower case alphanumeric has more possible values than a 6-character mixed password .
And I can easily generate a highly insecure password with the stricter requirement which will still be memorable for me and perhaps guessable - e.g .
Fred-41 As a simple example , test installing SQL Server 2008 refused to accept an sa password which was highly secure - 11 random lower case alphanumerics - but was quite happy with Micro $ 0ft .
Childish I know , but I wanted to check if they had implemented an algorithm to detect " obvious " password variants.Perhaps someone is still using MD5 hashes for passwords .
Or not using any hashes at all .</tokentext>
<sentencetext>One thing that bugs me is the people who think that requiring at least one capital and one non-alphanumeric makes the password a lot stronger.
Using lower case alphanumeric gives a range of 36 symbols at each point.
Adding the new constraint increases this to around 70, given the limited set of non-alpha likely to be used.
It doesn't take a genius to work out that, for instance, an 8-character plain lower case alphanumeric has more possible values than a 6-character mixed password.
And I can easily generate a highly insecure password with the stricter requirement which will still be memorable for me and perhaps guessable - e.g.
Fred-41
As a simple example, test installing SQL Server 2008 refused to accept an sa password which was highly secure - 11 random lower case alphanumerics - but was quite happy with Micro$0ft.
Childish I know, but I wanted to check if they had implemented an algorithm to detect "obvious" password variants.Perhaps someone is still using MD5 hashes for passwords.
Or not using any hashes at all.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846448</id>
	<title>#$#\%'ing passwords</title>
	<author>backwardMechanic</author>
	<datestamp>1264091880000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Some of us want to type our passwords on different language keyboards. #$#\% are amongst the first to move (y's and z's are bad too).</htmltext>
<tokenext>Some of us want to type our passwords on different language keyboards .
# $ # \ % are amongst the first to move ( y 's and z 's are bad too ) .</tokentext>
<sentencetext>Some of us want to type our passwords on different language keyboards.
#$#\% are amongst the first to move (y's and z's are bad too).</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846832</id>
	<title>Re:Why does password strength matter?</title>
	<author>maxume</author>
	<datestamp>1264093740000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Most password encryption utilities generate them for free.</p><p>The only case where it is sort of inconvenient is when accessing some throwaway site from a semi-trusted computer (but the phone capable utilities handle that one).</p></htmltext>
<tokenext>Most password encryption utilities generate them for free.The only case where it is sort of inconvenient is when accessing some throwaway site from a semi-trusted computer ( but the phone capable utilities handle that one ) .</tokentext>
<sentencetext>Most password encryption utilities generate them for free.The only case where it is sort of inconvenient is when accessing some throwaway site from a semi-trusted computer (but the phone capable utilities handle that one).</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845250</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30848716</id>
	<title>non keyboard characters</title>
	<author>Anonymous</author>
	<datestamp>1264101420000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I do tech support, the best PW idea I ever heard was from a customer who used ALT key and numeric keypad to get non keyboard characters in his PW.</p></htmltext>
<tokenext>I do tech support , the best PW idea I ever heard was from a customer who used ALT key and numeric keypad to get non keyboard characters in his PW .</tokentext>
<sentencetext>I do tech support, the best PW idea I ever heard was from a customer who used ALT key and numeric keypad to get non keyboard characters in his PW.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845350</id>
	<title>12345?</title>
	<author>Anonymous</author>
	<datestamp>1264086960000</datestamp>
	<modclass>Funny</modclass>
	<modscore>2</modscore>
	<htmltext><p>That sounds like a combination that an idiot would put on his luggage.</p></htmltext>
<tokenext>That sounds like a combination that an idiot would put on his luggage .</tokentext>
<sentencetext>That sounds like a combination that an idiot would put on his luggage.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846362</id>
	<title>Re:Have they released the list anywhere?</title>
	<author>Monkeedude1212</author>
	<datestamp>1264091460000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>You take your mothers maiden name - reversed. Then you replace every second letter with its numeric value on a telephone keypad. Then you replace every second number with its symbol associated above it on the keyboard. tough to remember, but unlikely to be cracked.</p></htmltext>
<tokenext>You take your mothers maiden name - reversed .
Then you replace every second letter with its numeric value on a telephone keypad .
Then you replace every second number with its symbol associated above it on the keyboard .
tough to remember , but unlikely to be cracked .</tokentext>
<sentencetext>You take your mothers maiden name - reversed.
Then you replace every second letter with its numeric value on a telephone keypad.
Then you replace every second number with its symbol associated above it on the keyboard.
tough to remember, but unlikely to be cracked.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845074</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846104</id>
	<title>Re:actual list of passwords?</title>
	<author>Anonymous</author>
	<datestamp>1264090380000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Maybe it isn't case sensitive. Nicole is #11? Looks like Nicole peaked as a baby name in 1996, so either this is a bunch of teens/tweens using this site or Nicole is really hot.</p></htmltext>
<tokenext>Maybe it is n't case sensitive .
Nicole is # 11 ?
Looks like Nicole peaked as a baby name in 1996 , so either this is a bunch of teens/tweens using this site or Nicole is really hot .</tokentext>
<sentencetext>Maybe it isn't case sensitive.
Nicole is #11?
Looks like Nicole peaked as a baby name in 1996, so either this is a bunch of teens/tweens using this site or Nicole is really hot.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845186</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30856234</id>
	<title>Re:The Top 10</title>
	<author>mantissa128</author>
	<datestamp>1264094160000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>Whatever happened to love, secret, sex, and God?</p></div><p>They are too short to be accepted by most any password-requiring system nowadays.

Perhaps "iloveyou" has replaced them.</p></div>
	</htmltext>
<tokenext>Whatever happened to love , secret , sex , and God ? They are too short to be accepted by most any password-requiring system nowadays .
Perhaps " iloveyou " has replaced them .</tokentext>
<sentencetext>Whatever happened to love, secret, sex, and God?They are too short to be accepted by most any password-requiring system nowadays.
Perhaps "iloveyou" has replaced them.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845280</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846660</id>
	<title>Passphrase NOT Password</title>
	<author>Temujin\_12</author>
	<datestamp>1264092900000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I often wonder how much stronger passwords could be if the word "password" wasn't used to describe them and wasn't what users thought of when coming up with login credentials. You can solve many weak password issues if you train your users that they are creating a "passphrase" NOT a "password". A way to do this (that's easy for users):</p><p>1) Think of a phrase that you can memorise but is unique to you (ie: not common or easily guessable). Bonus if guessing that phrase would require intimate knowledge about you.<br>2) Take the first letter of each word (bonus points if you take second, or third, etc.)<br>3) Replace some of the letters with numbers/capitals/symbols (ie: cipher it)</p><p>So, for example:<br>1) "I do two sets of six pushups when I workout"<br>2) idtsospwiw<br>3) id2$o6pwiW</p><p>It will take entering it several times to develop the coordination until entering this becomes natural, so practising it on the keyboard is a good idea. But "id2$o6pwiW" is MUCH more secure than "workout123" and it is something that can be easily memorised since they're really just memorising "I do two sets of six pushups when I workout" (which is something they already know) plus the minor tweaking of the characters they are entering.</p></htmltext>
<tokenext>I often wonder how much stronger passwords could be if the word " password " was n't used to describe them and was n't what users thought of when coming up with login credentials .
You can solve many weak password issues if you train your users that they are creating a " passphrase " NOT a " password " .
A way to do this ( that 's easy for users ) : 1 ) Think of a phrase that you can memorise but is unique to you ( ie : not common or easily guessable ) .
Bonus if guessing that phrase would require intimate knowledge about you.2 ) Take the first letter of each word ( bonus points if you take second , or third , etc .
) 3 ) Replace some of the letters with numbers/capitals/symbols ( ie : cipher it ) So , for example : 1 ) " I do two sets of six pushups when I workout " 2 ) idtsospwiw3 ) id2 $ o6pwiWIt will take entering it several times to develop the coordination until entering this becomes natural , so practising it on the keyboard is a good idea .
But " id2 $ o6pwiW " is MUCH more secure than " workout123 " and it is something that can be easily memorised since they 're really just memorising " I do two sets of six pushups when I workout " ( which is something they already know ) plus the minor tweaking of the characters they are entering .</tokentext>
<sentencetext>I often wonder how much stronger passwords could be if the word "password" wasn't used to describe them and wasn't what users thought of when coming up with login credentials.
You can solve many weak password issues if you train your users that they are creating a "passphrase" NOT a "password".
A way to do this (that's easy for users):1) Think of a phrase that you can memorise but is unique to you (ie: not common or easily guessable).
Bonus if guessing that phrase would require intimate knowledge about you.2) Take the first letter of each word (bonus points if you take second, or third, etc.
)3) Replace some of the letters with numbers/capitals/symbols (ie: cipher it)So, for example:1) "I do two sets of six pushups when I workout"2) idtsospwiw3) id2$o6pwiWIt will take entering it several times to develop the coordination until entering this becomes natural, so practising it on the keyboard is a good idea.
But "id2$o6pwiW" is MUCH more secure than "workout123" and it is something that can be easily memorised since they're really just memorising "I do two sets of six pushups when I workout" (which is something they already know) plus the minor tweaking of the characters they are entering.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846272</id>
	<title>Re:actual list of passwords?</title>
	<author>Inda</author>
	<datestamp>1264091100000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Number 7 makes me giggle. When I ran a site of 3,000 members, the name of the site also ranked 7th in the list of passwords.</htmltext>
<tokenext>Number 7 makes me giggle .
When I ran a site of 3,000 members , the name of the site also ranked 7th in the list of passwords .</tokentext>
<sentencetext>Number 7 makes me giggle.
When I ran a site of 3,000 members, the name of the site also ranked 7th in the list of passwords.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845120</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30847664</id>
	<title>I feel lied to</title>
	<author>swilde23</author>
	<datestamp>1264096920000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I thought 'god' was the most common password. Stupid Angelina Jolie...</htmltext>
<tokenext>I thought 'god ' was the most common password .
Stupid Angelina Jolie.. .</tokentext>
<sentencetext>I thought 'god' was the most common password.
Stupid Angelina Jolie...</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846706</id>
	<title>Re:Limited in Password size and chars</title>
	<author>andyh-rayleigh</author>
	<datestamp>1264093140000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Compare that to the password "PIN" on your credit card. 4 digits, that's all<br>(perhaps 3 more for the validation code on the back)</p><p>Most of the web sites I access are likely to be of much lower value than my credit account.</p><p>Andy</p></htmltext>
<tokenext>Compare that to the password " PIN " on your credit card .
4 digits , that 's all ( perhaps 3 more for the validation code on the back ) Most of the web sites I access are likely to be of much lower value than my credit account.Andy</tokentext>
<sentencetext>Compare that to the password "PIN" on your credit card.
4 digits, that's all(perhaps 3 more for the validation code on the back)Most of the web sites I access are likely to be of much lower value than my credit account.Andy</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845098</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30847688</id>
	<title>Re:Password strength vs. how often you change it</title>
	<author>Anonymous</author>
	<datestamp>1264097040000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I can't imagine anyone working in IT -- unless you're just Help Desk -- making that low of a salary. Time to upgrade your skills in a way that either your company will appreciate or find a new company. Best of luck.</htmltext>
<tokenext>I ca n't imagine anyone working in IT -- unless you 're just Help Desk -- making that low of a salary .
Time to upgrade your skills in a way that either your company will appreciate or find a new company .
Best of luck .</tokentext>
<sentencetext>I can't imagine anyone working in IT -- unless you're just Help Desk -- making that low of a salary.
Time to upgrade your skills in a way that either your company will appreciate or find a new company.
Best of luck.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845136</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845292</id>
	<title>Your account has been breached.</title>
	<author>Anonymous</author>
	<datestamp>1264086720000</datestamp>
	<modclass>Funny</modclass>
	<modscore>1</modscore>
	<htmltext>How else do you explain all these people posting as "Anonymous Coward"?</htmltext>
<tokenext>How else do you explain all these people posting as " Anonymous Coward " ?</tokentext>
<sentencetext>How else do you explain all these people posting as "Anonymous Coward"?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845054</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845842</id>
	<title>passwords and websites</title>
	<author>Shivetya</author>
	<datestamp>1264089300000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I have two password styles.</p><p>On frivolous sites, like Slashdot or game fan site, I use a dead simple password along the lines of "ilikedogs1" or "iamfrank".   Why?  Because nothing of interest to me is on those sites.  Nothing anyone finds there gives anyone financial or other leverage.</p><p>On sites where I need to secure I use complex passwords not related to me or the entity I am using.  Keep is simple where it really doesn't matter and password security becomes less of a burden.  Still I like the one time keys provided by devices similar to what Blizzard uses for WOW access (authenticators)</p></htmltext>
<tokenext>I have two password styles.On frivolous sites , like Slashdot or game fan site , I use a dead simple password along the lines of " ilikedogs1 " or " iamfrank " .
Why ? Because nothing of interest to me is on those sites .
Nothing anyone finds there gives anyone financial or other leverage.On sites where I need to secure I use complex passwords not related to me or the entity I am using .
Keep is simple where it really does n't matter and password security becomes less of a burden .
Still I like the one time keys provided by devices similar to what Blizzard uses for WOW access ( authenticators )</tokentext>
<sentencetext>I have two password styles.On frivolous sites, like Slashdot or game fan site, I use a dead simple password along the lines of "ilikedogs1" or "iamfrank".
Why?  Because nothing of interest to me is on those sites.
Nothing anyone finds there gives anyone financial or other leverage.On sites where I need to secure I use complex passwords not related to me or the entity I am using.
Keep is simple where it really doesn't matter and password security becomes less of a burden.
Still I like the one time keys provided by devices similar to what Blizzard uses for WOW access (authenticators)</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845094</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30847684</id>
	<title>Faulty Data in Report Linked in Summary</title>
	<author>mnslinky</author>
	<datestamp>1264097040000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>2</modscore>
	<htmltext><p>I've been playing around with the password file, and there are some gross errors in the report.</p><p>First, their top 20 list has many passwords with capital letters, where none actually exist in the 'real' top 20.  Also, their numbers are off.  I am guess they used a case-insensitive match, which for most passwords will not work.  The 'real' top 20, which case respected is:</p><p>290729 123456<br>79076 12345<br>76789 123456789<br>59462 password<br>49952 iloveyou<br>33291 princess<br>21725 1234567<br>20901 rockyou<br>20553 12345678<br>16648 abc123<br>16227 nicole<br>15308 daniel<br>15163 babygirl<br>14726 monkey<br>14331 lovely<br>14103 jessica<br>13984 654321<br>13981 michael<br>13488 ashley<br>13456 qwerty</p><p>You can download my list of all common passwords used by more than 1000 people at <a href="http://www.secure-computing.net/files/count\_gt\_1k.txt" title="secure-computing.net">http://www.secure-computing.net/files/count\_gt\_1k.txt</a> [secure-computing.net] (1KB file) which maintains case.  A file without the counts is at <a href="http://www.secure-computing.net/files/gt\_1k.txt" title="secure-computing.net">http://www.secure-computing.net/files/gt\_1k.txt</a> [secure-computing.net] for use with john, etc.</p></htmltext>
<tokenext>I 've been playing around with the password file , and there are some gross errors in the report.First , their top 20 list has many passwords with capital letters , where none actually exist in the 'real ' top 20 .
Also , their numbers are off .
I am guess they used a case-insensitive match , which for most passwords will not work .
The 'real ' top 20 , which case respected is : 290729 12345679076 1234576789 12345678959462 password49952 iloveyou33291 princess21725 123456720901 rockyou20553 1234567816648 abc12316227 nicole15308 daniel15163 babygirl14726 monkey14331 lovely14103 jessica13984 65432113981 michael13488 ashley13456 qwertyYou can download my list of all common passwords used by more than 1000 people at http : //www.secure-computing.net/files/count \ _gt \ _1k.txt [ secure-computing.net ] ( 1KB file ) which maintains case .
A file without the counts is at http : //www.secure-computing.net/files/gt \ _1k.txt [ secure-computing.net ] for use with john , etc .</tokentext>
<sentencetext>I've been playing around with the password file, and there are some gross errors in the report.First, their top 20 list has many passwords with capital letters, where none actually exist in the 'real' top 20.
Also, their numbers are off.
I am guess they used a case-insensitive match, which for most passwords will not work.
The 'real' top 20, which case respected is:290729 12345679076 1234576789 12345678959462 password49952 iloveyou33291 princess21725 123456720901 rockyou20553 1234567816648 abc12316227 nicole15308 daniel15163 babygirl14726 monkey14331 lovely14103 jessica13984 65432113981 michael13488 ashley13456 qwertyYou can download my list of all common passwords used by more than 1000 people at http://www.secure-computing.net/files/count\_gt\_1k.txt [secure-computing.net] (1KB file) which maintains case.
A file without the counts is at http://www.secure-computing.net/files/gt\_1k.txt [secure-computing.net] for use with john, etc.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846138</id>
	<title>High quality report</title>
	<author>Smallpond</author>
	<datestamp>1264090500000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>Most interesting to me was that in the sample, less than 4\% used any non alpha-numerics in their #$#\%'ing passwords.</p></div><p>Most interesting to me was that the chart showing use of case, numbers and special characters is titled "Password Length Distribution"</p></div>
	</htmltext>
<tokenext>Most interesting to me was that in the sample , less than 4 \ % used any non alpha-numerics in their # $ # \ % 'ing passwords.Most interesting to me was that the chart showing use of case , numbers and special characters is titled " Password Length Distribution "</tokentext>
<sentencetext>Most interesting to me was that in the sample, less than 4\% used any non alpha-numerics in their #$#\%'ing passwords.Most interesting to me was that the chart showing use of case, numbers and special characters is titled "Password Length Distribution"
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845698</id>
	<title>Re:Password strength vs. how often you change it</title>
	<author>Opportunist</author>
	<datestamp>1264088640000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>You get what you pay for.</p><p>But rest assured, they'll hire a security expert when (not if) they encounter a security breach and his 1.something million $ advice will be to change it. And then it will change.</p></htmltext>
<tokenext>You get what you pay for.But rest assured , they 'll hire a security expert when ( not if ) they encounter a security breach and his 1.something million $ advice will be to change it .
And then it will change .</tokentext>
<sentencetext>You get what you pay for.But rest assured, they'll hire a security expert when (not if) they encounter a security breach and his 1.something million $ advice will be to change it.
And then it will change.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845136</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846314</id>
	<title>Cypher Lock</title>
	<author>Anonymous</author>
	<datestamp>1264091280000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Many years ago, I worked on a secret DoD project in a room with a cypher lock, which only had digits to choose from. The password was 1234. One day, we came in after a weekend, and discovered that the wall next to the door was missing. When we dutifully reported the problem to security, we learned that contractors had been in over the weekend doing some work that entailed removing the wall, and they didn't replace it when they were done. I suspect that either the construction contract didn't require the replacement of the wall, or the contract was a fixed bid, and they 'ran out of money', like the robocops chasing THX1138.</p><p>---<br>Google returns over 50M results on a search for political short stories. Why is my blog first?</p></htmltext>
<tokenext>Many years ago , I worked on a secret DoD project in a room with a cypher lock , which only had digits to choose from .
The password was 1234 .
One day , we came in after a weekend , and discovered that the wall next to the door was missing .
When we dutifully reported the problem to security , we learned that contractors had been in over the weekend doing some work that entailed removing the wall , and they did n't replace it when they were done .
I suspect that either the construction contract did n't require the replacement of the wall , or the contract was a fixed bid , and they 'ran out of money ' , like the robocops chasing THX1138.---Google returns over 50M results on a search for political short stories .
Why is my blog first ?</tokentext>
<sentencetext>Many years ago, I worked on a secret DoD project in a room with a cypher lock, which only had digits to choose from.
The password was 1234.
One day, we came in after a weekend, and discovered that the wall next to the door was missing.
When we dutifully reported the problem to security, we learned that contractors had been in over the weekend doing some work that entailed removing the wall, and they didn't replace it when they were done.
I suspect that either the construction contract didn't require the replacement of the wall, or the contract was a fixed bid, and they 'ran out of money', like the robocops chasing THX1138.---Google returns over 50M results on a search for political short stories.
Why is my blog first?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845106</id>
	<title>Most of them are zip codes anyway</title>
	<author>140Mandak262Jamuna</author>
	<datestamp>1264085460000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>At least in Alaska, ZIP codes seem to be the most popular choice, according to a survey of one known case.</htmltext>
<tokenext>At least in Alaska , ZIP codes seem to be the most popular choice , according to a survey of one known case .</tokentext>
<sentencetext>At least in Alaska, ZIP codes seem to be the most popular choice, according to a survey of one known case.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845322</id>
	<title>Re:Have they released the list anywhere?</title>
	<author>g0bshiTe</author>
	<datestamp>1264086840000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Why not just hash out your password, and try to crack it with John The Ripper or something similar?<br> <br>That would give you a good indication of how good it is.</htmltext>
<tokenext>Why not just hash out your password , and try to crack it with John The Ripper or something similar ?
That would give you a good indication of how good it is .</tokentext>
<sentencetext>Why not just hash out your password, and try to crack it with John The Ripper or something similar?
That would give you a good indication of how good it is.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845074</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845186</id>
	<title>Re:actual list of passwords?</title>
	<author>khchung</author>
	<datestamp>1264085940000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Amazing!  All small letters "password" is not in the top 20?!</p></htmltext>
<tokenext>Amazing !
All small letters " password " is not in the top 20 ?
!</tokentext>
<sentencetext>Amazing!
All small letters "password" is not in the top 20?
!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845120</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845172</id>
	<title>Re:Why does password strength matter?</title>
	<author>xgadflyx</author>
	<datestamp>1264085940000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I have to agree. It's especially frustrating when FEDERAL sites don't allow the use of complex (~!@#$\%^&amp;*-+) passwords. "Eight characters with at least one capital and one numeric" just doesn't sit well with me.</htmltext>
<tokenext>I have to agree .
It 's especially frustrating when FEDERAL sites do n't allow the use of complex ( ~ !
@ # $ \ % ^ &amp; * - + ) passwords .
" Eight characters with at least one capital and one numeric " just does n't sit well with me .</tokentext>
<sentencetext>I have to agree.
It's especially frustrating when FEDERAL sites don't allow the use of complex (~!
@#$\%^&amp;*-+) passwords.
"Eight characters with at least one capital and one numeric" just doesn't sit well with me.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845094</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846722</id>
	<title>Re:Why surprising?</title>
	<author>Dr\_Barnowl</author>
	<datestamp>1264093200000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I keep wanting a full keystream to be acceptable as a password - including backspaces and other control characters, which would allow you to define passwords like "type 'tortoise' then move two left and press backspace THEN delete", but I think that would seem a bit too hardass for some people.</p></htmltext>
<tokenext>I keep wanting a full keystream to be acceptable as a password - including backspaces and other control characters , which would allow you to define passwords like " type 'tortoise ' then move two left and press backspace THEN delete " , but I think that would seem a bit too hardass for some people .</tokentext>
<sentencetext>I keep wanting a full keystream to be acceptable as a password - including backspaces and other control characters, which would allow you to define passwords like "type 'tortoise' then move two left and press backspace THEN delete", but I think that would seem a bit too hardass for some people.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845278</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846482</id>
	<title>Use pass phrases</title>
	<author>yalap</author>
	<datestamp>1264092000000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Which of the following is a better password: "v6@!Tt3#" or "The name of my dog is Spot." ?  8 chars vs 27 chars The *length* of the password is more important than the complexity of the password. And users are more likely remember (and not write down) a pass phrase.</htmltext>
<tokenext>Which of the following is a better password : " v6 @ ! Tt3 # " or " The name of my dog is Spot .
" ?
8 chars vs 27 chars The * length * of the password is more important than the complexity of the password .
And users are more likely remember ( and not write down ) a pass phrase .</tokentext>
<sentencetext>Which of the following is a better password: "v6@!Tt3#" or "The name of my dog is Spot.
" ?
8 chars vs 27 chars The *length* of the password is more important than the complexity of the password.
And users are more likely remember (and not write down) a pass phrase.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845412</id>
	<title>Not Important Website = Not Important Passwords</title>
	<author>TheNinjaroach</author>
	<datestamp>1264087260000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I don't know about everyone else, but I don't use my work credentials or my root password when I visit sites that look like rockyou.com.  They just aren't important enough for me to use secure passwords.  Five letters and a digit is more than enough for me to use on most forums, Myspace, and other unimportant sites -- all of whom I don't trust to actually store my passwords in a secure manner.  So I am refraining from commenting on the horrible state of passwords when it concerns a horrible state of a website, because I don't think I'm the only one who acts this way.</htmltext>
<tokenext>I do n't know about everyone else , but I do n't use my work credentials or my root password when I visit sites that look like rockyou.com .
They just are n't important enough for me to use secure passwords .
Five letters and a digit is more than enough for me to use on most forums , Myspace , and other unimportant sites -- all of whom I do n't trust to actually store my passwords in a secure manner .
So I am refraining from commenting on the horrible state of passwords when it concerns a horrible state of a website , because I do n't think I 'm the only one who acts this way .</tokentext>
<sentencetext>I don't know about everyone else, but I don't use my work credentials or my root password when I visit sites that look like rockyou.com.
They just aren't important enough for me to use secure passwords.
Five letters and a digit is more than enough for me to use on most forums, Myspace, and other unimportant sites -- all of whom I don't trust to actually store my passwords in a secure manner.
So I am refraining from commenting on the horrible state of passwords when it concerns a horrible state of a website, because I don't think I'm the only one who acts this way.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845874</id>
	<title>Re:Why does password strength matter?</title>
	<author>Anonymous</author>
	<datestamp>1264089480000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Selecting a password at all doesn't really do much if the FBI wants to search your data.  No password will matter as soon as they just bypass it.  The reality is that you are using passwords to fend off criminals elements that do not have direct access to you systems and who are looking for drive by attacks.  Anyone, FBI or otherwise with their cross hairs specifically set on you and with enough time, will be able to compromise your wonderful password of Super.Dick in short order.</p></htmltext>
<tokenext>Selecting a password at all does n't really do much if the FBI wants to search your data .
No password will matter as soon as they just bypass it .
The reality is that you are using passwords to fend off criminals elements that do not have direct access to you systems and who are looking for drive by attacks .
Anyone , FBI or otherwise with their cross hairs specifically set on you and with enough time , will be able to compromise your wonderful password of Super.Dick in short order .</tokentext>
<sentencetext>Selecting a password at all doesn't really do much if the FBI wants to search your data.
No password will matter as soon as they just bypass it.
The reality is that you are using passwords to fend off criminals elements that do not have direct access to you systems and who are looking for drive by attacks.
Anyone, FBI or otherwise with their cross hairs specifically set on you and with enough time, will be able to compromise your wonderful password of Super.Dick in short order.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845094</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846168</id>
	<title>Passwords</title>
	<author>Stooshie</author>
	<datestamp>1264090680000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>4</modscore>
	<htmltext>I worked for a company that ran a birth/death/marriage certificate site. People were having problems logging in, so we kept a log of passwords that did not result in a successful login.<br>
<br>
We found that one of the most commonly typed passwords that was denied was "case-sensitive".<br>
<br>
Needless to say, we soon took off the "Your password is case-sensitive" text from the login page.</htmltext>
<tokenext>I worked for a company that ran a birth/death/marriage certificate site .
People were having problems logging in , so we kept a log of passwords that did not result in a successful login .
We found that one of the most commonly typed passwords that was denied was " case-sensitive " .
Needless to say , we soon took off the " Your password is case-sensitive " text from the login page .</tokentext>
<sentencetext>I worked for a company that ran a birth/death/marriage certificate site.
People were having problems logging in, so we kept a log of passwords that did not result in a successful login.
We found that one of the most commonly typed passwords that was denied was "case-sensitive".
Needless to say, we soon took off the "Your password is case-sensitive" text from the login page.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846746</id>
	<title>Re:actual list of passwords?</title>
	<author>andyh-rayleigh</author>
	<datestamp>1264093320000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I wonder what proportion use their telephone number?<br>Not easy to do a check on the data.</p></htmltext>
<tokenext>I wonder what proportion use their telephone number ? Not easy to do a check on the data .</tokentext>
<sentencetext>I wonder what proportion use their telephone number?Not easy to do a check on the data.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845120</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30849056</id>
	<title>Alphanumeric--so what?</title>
	<author>Anonymous</author>
	<datestamp>1264103100000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>One of my passwords is 8 characters, all alphanumeric, but completely random (no mnemonic, no word). There's no dictionary to give it to you. Brute force on ~2e14 (26+26+10=62, 62^8) possible passwords? Be my guest.

</p><p>Even if there were no repeats (and the attacker *knew* there were no repeats), that's still 62!/54! possibilities, ~1e14. If the attacker could guess a *million* every second, that's like three years to search exhaustively (so, given a uniform distribution, the expected time is about a year and a half).</p></htmltext>
<tokenext>One of my passwords is 8 characters , all alphanumeric , but completely random ( no mnemonic , no word ) .
There 's no dictionary to give it to you .
Brute force on ~ 2e14 ( 26 + 26 + 10 = 62 , 62 ^ 8 ) possible passwords ?
Be my guest .
Even if there were no repeats ( and the attacker * knew * there were no repeats ) , that 's still 62 ! /54 !
possibilities , ~ 1e14 .
If the attacker could guess a * million * every second , that 's like three years to search exhaustively ( so , given a uniform distribution , the expected time is about a year and a half ) .</tokentext>
<sentencetext>One of my passwords is 8 characters, all alphanumeric, but completely random (no mnemonic, no word).
There's no dictionary to give it to you.
Brute force on ~2e14 (26+26+10=62, 62^8) possible passwords?
Be my guest.
Even if there were no repeats (and the attacker *knew* there were no repeats), that's still 62!/54!
possibilities, ~1e14.
If the attacker could guess a *million* every second, that's like three years to search exhaustively (so, given a uniform distribution, the expected time is about a year and a half).</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845254</id>
	<title>Made-up words</title>
	<author>Anonymous</author>
	<datestamp>1264086480000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>My passwords tend to be words that I make up on the spot, with a couple of numbers thrown into the mix.  They don't seem too difficult on the surface...but then again it is a word that I make up, some of which don't even have vowels lol.  I have a series of seven different ones that I use.</p><p>It's worked quite well for me over the years<nobr> <wbr></nobr>:-)</p></htmltext>
<tokenext>My passwords tend to be words that I make up on the spot , with a couple of numbers thrown into the mix .
They do n't seem too difficult on the surface...but then again it is a word that I make up , some of which do n't even have vowels lol .
I have a series of seven different ones that I use.It 's worked quite well for me over the years : - )</tokentext>
<sentencetext>My passwords tend to be words that I make up on the spot, with a couple of numbers thrown into the mix.
They don't seem too difficult on the surface...but then again it is a word that I make up, some of which don't even have vowels lol.
I have a series of seven different ones that I use.It's worked quite well for me over the years :-)</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30849148</id>
	<title>Stupid</title>
	<author>Kral\_Blbec</author>
	<datestamp>1264103520000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext>There is a very simple way to prevent 100\% of brute force attacks. Permenant/temporary lockout after 3 failed attempts. Its a lot harder to make 100 million guesses when you can only make 3 per day.</htmltext>
<tokenext>There is a very simple way to prevent 100 \ % of brute force attacks .
Permenant/temporary lockout after 3 failed attempts .
Its a lot harder to make 100 million guesses when you can only make 3 per day .</tokentext>
<sentencetext>There is a very simple way to prevent 100\% of brute force attacks.
Permenant/temporary lockout after 3 failed attempts.
Its a lot harder to make 100 million guesses when you can only make 3 per day.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845250</id>
	<title>Re:Why does password strength matter?</title>
	<author>jittles</author>
	<datestamp>1264086420000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>On a related note, what pisses me off even more is going to a website and <b>trying</b> to use a strong password and their system doesn't allow it.</p></div><p>I'm afraid of using a good password at some sites because I fear they store passwords in cleartext.  No point in wasting a good password on that!</p></div>
	</htmltext>
<tokenext>On a related note , what pisses me off even more is going to a website and trying to use a strong password and their system does n't allow it.I 'm afraid of using a good password at some sites because I fear they store passwords in cleartext .
No point in wasting a good password on that !</tokentext>
<sentencetext>On a related note, what pisses me off even more is going to a website and trying to use a strong password and their system doesn't allow it.I'm afraid of using a good password at some sites because I fear they store passwords in cleartext.
No point in wasting a good password on that!
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845094</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845278</id>
	<title>Why surprising?</title>
	<author>Anonymous</author>
	<datestamp>1264086540000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext><p>"Most interesting to me was that in the sample, less than 4\% used any non alpha-numerics in their #$#\%'ing passwords."</p><p>Not surprising at all, because the rules for what you CAN use as passwords are so inconsistent.  Some places REQUIRE non alphanumerics, but have a limited choice of what you can use.  Some don't accept ANY non alphanumerics, some will accept them but again it's different from site to site.</p><p>I don't know about you, but I've probably got 100 different passwords rattling around in my brain.  I'd guess most people are like me in that they see passwords as a necessary evil but otherwise a giant pain in the ass, and so accept the slight increase in security risk by using a system that changes predictably (at least for me) from site to site.   So I'm not going to use a base-password or base-concept that includes any characters that might be disallowed on some other site.</p></htmltext>
<tokenext>" Most interesting to me was that in the sample , less than 4 \ % used any non alpha-numerics in their # $ # \ % 'ing passwords .
" Not surprising at all , because the rules for what you CAN use as passwords are so inconsistent .
Some places REQUIRE non alphanumerics , but have a limited choice of what you can use .
Some do n't accept ANY non alphanumerics , some will accept them but again it 's different from site to site.I do n't know about you , but I 've probably got 100 different passwords rattling around in my brain .
I 'd guess most people are like me in that they see passwords as a necessary evil but otherwise a giant pain in the ass , and so accept the slight increase in security risk by using a system that changes predictably ( at least for me ) from site to site .
So I 'm not going to use a base-password or base-concept that includes any characters that might be disallowed on some other site .</tokentext>
<sentencetext>"Most interesting to me was that in the sample, less than 4\% used any non alpha-numerics in their #$#\%'ing passwords.
"Not surprising at all, because the rules for what you CAN use as passwords are so inconsistent.
Some places REQUIRE non alphanumerics, but have a limited choice of what you can use.
Some don't accept ANY non alphanumerics, some will accept them but again it's different from site to site.I don't know about you, but I've probably got 100 different passwords rattling around in my brain.
I'd guess most people are like me in that they see passwords as a necessary evil but otherwise a giant pain in the ass, and so accept the slight increase in security risk by using a system that changes predictably (at least for me) from site to site.
So I'm not going to use a base-password or base-concept that includes any characters that might be disallowed on some other site.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846278</id>
	<title>Re:Why surprising?</title>
	<author>nine-times</author>
	<datestamp>1264091100000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>I don't know about you, but I've probably got 100 different passwords rattling around in my brain.</p></div><p>Yeah, I've begun to think that we should really implement some kind of a universal public key system to take care of this problem.  Instead of trying to keep a different password for every service you use, you would only have 1 private key to manage.
</p><p>A good enough system should also be able to cut back on things like identity theft.  I've run into too many companies and government organizations who treat "knowing your social security number" as a valid form of identification and authorization.
</p><p>Of course, that's easier said than done.</p></div>
	</htmltext>
<tokenext>I do n't know about you , but I 've probably got 100 different passwords rattling around in my brain.Yeah , I 've begun to think that we should really implement some kind of a universal public key system to take care of this problem .
Instead of trying to keep a different password for every service you use , you would only have 1 private key to manage .
A good enough system should also be able to cut back on things like identity theft .
I 've run into too many companies and government organizations who treat " knowing your social security number " as a valid form of identification and authorization .
Of course , that 's easier said than done .</tokentext>
<sentencetext>I don't know about you, but I've probably got 100 different passwords rattling around in my brain.Yeah, I've begun to think that we should really implement some kind of a universal public key system to take care of this problem.
Instead of trying to keep a different password for every service you use, you would only have 1 private key to manage.
A good enough system should also be able to cut back on things like identity theft.
I've run into too many companies and government organizations who treat "knowing your social security number" as a valid form of identification and authorization.
Of course, that's easier said than done.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845278</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30849718</id>
	<title>Re:actual list of passwords?</title>
	<author>Blakey Rat</author>
	<datestamp>1264105860000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Where does "princess" come from? Is that used as a password in a movie or TV show or something? Seems odd that it would be number 6 on the list.</p></htmltext>
<tokenext>Where does " princess " come from ?
Is that used as a password in a movie or TV show or something ?
Seems odd that it would be number 6 on the list .</tokentext>
<sentencetext>Where does "princess" come from?
Is that used as a password in a movie or TV show or something?
Seems odd that it would be number 6 on the list.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845120</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845218</id>
	<title>but...</title>
	<author>polle404</author>
	<datestamp>1264086240000</datestamp>
	<modclass>Troll</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>Most interesting to me was that in the sample, less than 4\% used any non alpha-numerics in their #$#\%'ing passwords.</p></div><p>
but... there's no non Alpha-numericals in 'CowboyNeal'?</p></div>
	</htmltext>
<tokenext>Most interesting to me was that in the sample , less than 4 \ % used any non alpha-numerics in their # $ # \ % 'ing passwords .
but... there 's no non Alpha-numericals in 'CowboyNeal ' ?</tokentext>
<sentencetext>Most interesting to me was that in the sample, less than 4\% used any non alpha-numerics in their #$#\%'ing passwords.
but... there's no non Alpha-numericals in 'CowboyNeal'?
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845558</id>
	<title>The definition of insanity</title>
	<author>ZorbaTHut</author>
	<datestamp>1264087980000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>is doing the same thing over and over while expecting different results.</p><p>I quote the end of this paper:</p><blockquote><div><p>"The problem has changed very little over the past 20 years," explained Shulman, referring to a 1990 Unix password study that showed a password selection pattern similar to what consumers select today. "It's time for everyone to take password security seriously; it's an important first step in data security.</p></div></blockquote><p>He's correct, of course. The problem hasn't changed. That's because the vast majority of people don't care. We've been telling people to use good passwords for 20 years, and it hasn't worked. People don't use good passwords, people have never used good passwords, people never will use good passwords.</p><p>Maybe it's time to come up with a solution that may actually work, instead of pushing the same old obviously-failed solution yet again?</p></div>
	</htmltext>
<tokenext>is doing the same thing over and over while expecting different results.I quote the end of this paper : " The problem has changed very little over the past 20 years , " explained Shulman , referring to a 1990 Unix password study that showed a password selection pattern similar to what consumers select today .
" It 's time for everyone to take password security seriously ; it 's an important first step in data security.He 's correct , of course .
The problem has n't changed .
That 's because the vast majority of people do n't care .
We 've been telling people to use good passwords for 20 years , and it has n't worked .
People do n't use good passwords , people have never used good passwords , people never will use good passwords.Maybe it 's time to come up with a solution that may actually work , instead of pushing the same old obviously-failed solution yet again ?</tokentext>
<sentencetext>is doing the same thing over and over while expecting different results.I quote the end of this paper:"The problem has changed very little over the past 20 years," explained Shulman, referring to a 1990 Unix password study that showed a password selection pattern similar to what consumers select today.
"It's time for everyone to take password security seriously; it's an important first step in data security.He's correct, of course.
The problem hasn't changed.
That's because the vast majority of people don't care.
We've been telling people to use good passwords for 20 years, and it hasn't worked.
People don't use good passwords, people have never used good passwords, people never will use good passwords.Maybe it's time to come up with a solution that may actually work, instead of pushing the same old obviously-failed solution yet again?
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845068</id>
	<title>Password strength vs. how often you change it</title>
	<author>Anonymous</author>
	<datestamp>1264085160000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext><p>My company wants me to change my pass every 2 months. Guess what happens to the password strength over time.</p></htmltext>
<tokenext>My company wants me to change my pass every 2 months .
Guess what happens to the password strength over time .</tokentext>
<sentencetext>My company wants me to change my pass every 2 months.
Guess what happens to the password strength over time.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30850974</id>
	<title>Re:actual list of passwords?</title>
	<author>KnownIssues</author>
	<datestamp>1264067400000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I find this password list very interesting. There's some interesting human psychology in there that I'd really like to understand. I get the kid's names. I get the series of numbers. I get Password and Qwerty. But why iloveyou and rockyou? There has to be a story with those. And why are all the girl names capitalized, but michael is lower case? And is this list statistically significant enough to make a password cracking dictionary more effective than any already are?</htmltext>
<tokenext>I find this password list very interesting .
There 's some interesting human psychology in there that I 'd really like to understand .
I get the kid 's names .
I get the series of numbers .
I get Password and Qwerty .
But why iloveyou and rockyou ?
There has to be a story with those .
And why are all the girl names capitalized , but michael is lower case ?
And is this list statistically significant enough to make a password cracking dictionary more effective than any already are ?</tokentext>
<sentencetext>I find this password list very interesting.
There's some interesting human psychology in there that I'd really like to understand.
I get the kid's names.
I get the series of numbers.
I get Password and Qwerty.
But why iloveyou and rockyou?
There has to be a story with those.
And why are all the girl names capitalized, but michael is lower case?
And is this list statistically significant enough to make a password cracking dictionary more effective than any already are?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845120</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30847460</id>
	<title>Re:Made-up words</title>
	<author>dex22</author>
	<datestamp>1264096320000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Your passwords sound fabulous! Can you release them under a GPL-style license so we can ALL use them?<nobr> <wbr></nobr>:)</p></htmltext>
<tokenext>Your passwords sound fabulous !
Can you release them under a GPL-style license so we can ALL use them ?
: )</tokentext>
<sentencetext>Your passwords sound fabulous!
Can you release them under a GPL-style license so we can ALL use them?
:)</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845254</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846000</id>
	<title>Re:Why surprising?</title>
	<author>DrinkDr.Pepper</author>
	<datestamp>1264089900000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext>Southwest.com allows you to create a password with non alpha-numeric characters, but then you can't log in with your password!</htmltext>
<tokenext>Southwest.com allows you to create a password with non alpha-numeric characters , but then you ca n't log in with your password !</tokentext>
<sentencetext>Southwest.com allows you to create a password with non alpha-numeric characters, but then you can't log in with your password!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845278</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845228</id>
	<title>Security should not depend on strong passwords</title>
	<author>AbbeyRoad</author>
	<datestamp>1264086300000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p>The article says that in 20 years users have not gotten better at creating good passwords.</p><p>Logically then the solution is NOT to get users to take "password security seriously". This is like trying to stop VD by convincing teens to abstain from sex - it's in the never-going-to-happen catagory.</p><p>The solution is to mitigate the damage of a brute force attack - when bots make password guess attempts, you need counter-"bots" to detect patterns of access and then block IPs, warn users, or disable accounts. This is a form of intrusion<br>detection.</p><p>This is not to mention that for most web accounts, a break in doesn't matter - what damage can the hacker really do? Like post things-you-didn't-say and trash your reputation on www.social-site-for-people-who-spend-to-much-time-online.com? Heck, that's major dude.</p><p>Just a wild guess here, but let's ask: Are there web site owners who think the logins they host are way more important to their customers than they actually are?</p><p>Hmmm</p><p>-paul</p></htmltext>
<tokenext>The article says that in 20 years users have not gotten better at creating good passwords.Logically then the solution is NOT to get users to take " password security seriously " .
This is like trying to stop VD by convincing teens to abstain from sex - it 's in the never-going-to-happen catagory.The solution is to mitigate the damage of a brute force attack - when bots make password guess attempts , you need counter- " bots " to detect patterns of access and then block IPs , warn users , or disable accounts .
This is a form of intrusiondetection.This is not to mention that for most web accounts , a break in does n't matter - what damage can the hacker really do ?
Like post things-you-did n't-say and trash your reputation on www.social-site-for-people-who-spend-to-much-time-online.com ?
Heck , that 's major dude.Just a wild guess here , but let 's ask : Are there web site owners who think the logins they host are way more important to their customers than they actually are ? Hmmm-paul</tokentext>
<sentencetext>The article says that in 20 years users have not gotten better at creating good passwords.Logically then the solution is NOT to get users to take "password security seriously".
This is like trying to stop VD by convincing teens to abstain from sex - it's in the never-going-to-happen catagory.The solution is to mitigate the damage of a brute force attack - when bots make password guess attempts, you need counter-"bots" to detect patterns of access and then block IPs, warn users, or disable accounts.
This is a form of intrusiondetection.This is not to mention that for most web accounts, a break in doesn't matter - what damage can the hacker really do?
Like post things-you-didn't-say and trash your reputation on www.social-site-for-people-who-spend-to-much-time-online.com?
Heck, that's major dude.Just a wild guess here, but let's ask: Are there web site owners who think the logins they host are way more important to their customers than they actually are?Hmmm-paul</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30848294</id>
	<title>Re:Why does password strength matter?</title>
	<author>EkriirkE</author>
	<datestamp>1264099500000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><nobr> <wbr></nobr></p><div class="quote"><p>...</p><p>On a related note, what pisses me off even more is going to a website and <b>trying</b> to use a strong password and their system doesn't allow it.</p></div><p>Notable offenders for me:<br>
American Express only allows 8 characters.  Hell, they even have a javascript alert telling you "Invalid password" if you type in more than 8.<br>
Discover Card only allows 10 characters.  These guys are a little more HTML savvy and have a MAXLENGTH=10 on the password field<br>
<br>
This suggests to me they store the password as-is or with some lame cypher so that it may be recovered plaintext. (The user database password field length limited to 8)  If they hash the passwords, then you could use any length password resulting in a same-length hash to store in the DB.</p></div>
	</htmltext>
<tokenext>...On a related note , what pisses me off even more is going to a website and trying to use a strong password and their system does n't allow it.Notable offenders for me : American Express only allows 8 characters .
Hell , they even have a javascript alert telling you " Invalid password " if you type in more than 8 .
Discover Card only allows 10 characters .
These guys are a little more HTML savvy and have a MAXLENGTH = 10 on the password field This suggests to me they store the password as-is or with some lame cypher so that it may be recovered plaintext .
( The user database password field length limited to 8 ) If they hash the passwords , then you could use any length password resulting in a same-length hash to store in the DB .</tokentext>
<sentencetext> ...On a related note, what pisses me off even more is going to a website and trying to use a strong password and their system doesn't allow it.Notable offenders for me:
American Express only allows 8 characters.
Hell, they even have a javascript alert telling you "Invalid password" if you type in more than 8.
Discover Card only allows 10 characters.
These guys are a little more HTML savvy and have a MAXLENGTH=10 on the password field

This suggests to me they store the password as-is or with some lame cypher so that it may be recovered plaintext.
(The user database password field length limited to 8)  If they hash the passwords, then you could use any length password resulting in a same-length hash to store in the DB.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845094</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30847560</id>
	<title>Passphrases and passwords</title>
	<author>spaceyhackerlady</author>
	<datestamp>1264096560000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>My favourite algorithm for passwords is the classic first letter of each word in a phrase. My standard example is "Tbontb,Titq!". It looks like garbage if anybody watches over your shoulder while you type it, but
you think "<b>T</b>o <b>b</b>e <b>o</b>r <b>n</b>ot <b>t</b>o <b>b</b>e<b>,</b>
<b>T</b>hat <b>i</b>s <b>t</b>he <b>q</b>uestion<b>!</b>". You remember it. They don't.

</p><p>No, I have never used this as a password on any system.

</p><p>...laura</p></htmltext>
<tokenext>My favourite algorithm for passwords is the classic first letter of each word in a phrase .
My standard example is " Tbontb,Titq ! " .
It looks like garbage if anybody watches over your shoulder while you type it , but you think " To be or not to be , That is the question ! " .
You remember it .
They do n't .
No , I have never used this as a password on any system .
...laura</tokentext>
<sentencetext>My favourite algorithm for passwords is the classic first letter of each word in a phrase.
My standard example is "Tbontb,Titq!".
It looks like garbage if anybody watches over your shoulder while you type it, but
you think "To be or not to be,
That is the question!".
You remember it.
They don't.
No, I have never used this as a password on any system.
...laura</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845484</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845078</id>
	<title>The Top 10</title>
	<author>Anonymous</author>
	<datestamp>1264085280000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>4</modscore>
	<htmltext><p><div class="quote"><p>
1. 123456<br>
2. 12345<br>
3. 123456789<br>
4. Password<br>
5. iloveyou<br>
6. princess<br>
7. rockyou<br>
8. 1234567<br>
9. 12345678<br>
10. abc123</p> </div><p>
By a massive coincidence, these happen to be the passwords for their respective<nobr> <wbr></nobr>/. userids!</p></div>
	</htmltext>
<tokenext>1 .
123456 2 .
12345 3 .
123456789 4 .
Password 5. iloveyou 6. princess 7. rockyou 8 .
1234567 9 .
12345678 10. abc123 By a massive coincidence , these happen to be the passwords for their respective / .
userids !</tokentext>
<sentencetext>
1.
123456
2.
12345
3.
123456789
4.
Password
5. iloveyou
6. princess
7. rockyou
8.
1234567
9.
12345678
10. abc123 
By a massive coincidence, these happen to be the passwords for their respective /.
userids!
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846408</id>
	<title>DLP - Dead Language Passwords</title>
	<author>Anonymous</author>
	<datestamp>1264091700000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>I use passwords from a long-dead language that very few people know, so they are almost as good as a random password, but easy for me to remember.</htmltext>
<tokenext>I use passwords from a long-dead language that very few people know , so they are almost as good as a random password , but easy for me to remember .</tokentext>
<sentencetext>I use passwords from a long-dead language that very few people know, so they are almost as good as a random password, but easy for me to remember.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845774</id>
	<title>Re:repost from my comment on nyt:</title>
	<author>Anonymous</author>
	<datestamp>1264088940000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>1</modscore>
	<htmltext><p>When a hacker gets access to an unencrypted database of one site's passwords (like in the case the story is about), he has your password to all other sites if he can link your usernames (Your Slashdot alias is "circletimessquare", your gmail address is "circletimessquare@gmail.com"...). The scheme you propose is hardly better than using the same password everywhere.</p></htmltext>
<tokenext>When a hacker gets access to an unencrypted database of one site 's passwords ( like in the case the story is about ) , he has your password to all other sites if he can link your usernames ( Your Slashdot alias is " circletimessquare " , your gmail address is " circletimessquare @ gmail.com " ... ) .
The scheme you propose is hardly better than using the same password everywhere .</tokentext>
<sentencetext>When a hacker gets access to an unencrypted database of one site's passwords (like in the case the story is about), he has your password to all other sites if he can link your usernames (Your Slashdot alias is "circletimessquare", your gmail address is "circletimessquare@gmail.com"...).
The scheme you propose is hardly better than using the same password everywhere.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845402</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30847670</id>
	<title>Re:Have they released the list anywhere?</title>
	<author>Anonymous</author>
	<datestamp>1264096980000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Let me try that</p><p>My password is starfish<nobr> <wbr></nobr>...hey how come I can see it? Mail me at bgates@msn.com</p></htmltext>
<tokenext>Let me try thatMy password is starfish ...hey how come I can see it ?
Mail me at bgates @ msn.com</tokentext>
<sentencetext>Let me try thatMy password is starfish ...hey how come I can see it?
Mail me at bgates@msn.com</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845492</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845404</id>
	<title>Obligatory Spaceballs Reference</title>
	<author>Anonymous</author>
	<datestamp>1264087200000</datestamp>
	<modclass>Funny</modclass>
	<modscore>5</modscore>
	<htmltext><p>Roland: One.<br>Dark Helmet: One.<br>Colonel Sandurz: One.<br>Roland: Two.<br>Dark Helmet: Two.<br>Colonel Sandurz: Two.<br>Roland: Three.<br>Dark Helmet: Three.<br>Colonel Sandurz: Three.<br>Roland: Four.<br>Dark Helmet: Four.<br>Colonel Sandurz: Four.<br>Roland: Five.<br>Dark Helmet: Five.<br>Colonel Sandurz: Five.<br>Dark Helmet: So the combination is... one, two, three, four, five? That's the stupidest combination I've ever heard in my life! The kind of thing an idiot would have on his luggage!</p><p>-----</p><p>President Skroob: What's the combination?<br>Colonel Sandurz: 1 - 2 - 3 - 4 - 5.<br>President Skroob: 1 - 2 - 3 - 4 - 5?<br>Colonel Sandurz: Yes.<br>President Skroob: That's amazing! I've got the same combination on my luggage!</p></htmltext>
<tokenext>Roland : One.Dark Helmet : One.Colonel Sandurz : One.Roland : Two.Dark Helmet : Two.Colonel Sandurz : Two.Roland : Three.Dark Helmet : Three.Colonel Sandurz : Three.Roland : Four.Dark Helmet : Four.Colonel Sandurz : Four.Roland : Five.Dark Helmet : Five.Colonel Sandurz : Five.Dark Helmet : So the combination is... one , two , three , four , five ?
That 's the stupidest combination I 've ever heard in my life !
The kind of thing an idiot would have on his luggage ! -----President Skroob : What 's the combination ? Colonel Sandurz : 1 - 2 - 3 - 4 - 5.President Skroob : 1 - 2 - 3 - 4 - 5 ? Colonel Sandurz : Yes.President Skroob : That 's amazing !
I 've got the same combination on my luggage !</tokentext>
<sentencetext>Roland: One.Dark Helmet: One.Colonel Sandurz: One.Roland: Two.Dark Helmet: Two.Colonel Sandurz: Two.Roland: Three.Dark Helmet: Three.Colonel Sandurz: Three.Roland: Four.Dark Helmet: Four.Colonel Sandurz: Four.Roland: Five.Dark Helmet: Five.Colonel Sandurz: Five.Dark Helmet: So the combination is... one, two, three, four, five?
That's the stupidest combination I've ever heard in my life!
The kind of thing an idiot would have on his luggage!-----President Skroob: What's the combination?Colonel Sandurz: 1 - 2 - 3 - 4 - 5.President Skroob: 1 - 2 - 3 - 4 - 5?Colonel Sandurz: Yes.President Skroob: That's amazing!
I've got the same combination on my luggage!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845078</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845866</id>
	<title>security now had a show about this</title>
	<author>Anonymous</author>
	<datestamp>1264089480000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>I understand why you don't want to use dictionary words for passwords, too easy to brute-force. Though how likely is it that servers these days would sit still while a single account fails login ten thousand times? I know once the hacker is in, he can then run the hash file against the dictionary and back into the passwords of other accounts. But wouldn't even a dictionary word with a number or two after it be fine? duck1234 should be just as secure as duck!@#$, right?</p><p>I'm running through the ways you can get hacked and what a secure password would mean.</p><p>1. Guessing by a person sitting at your computer, brute force hacker from outside, running the dictionary against the hash -- strong is good.<br>2. Your PC gets rooted, your keystrokes are captured -- strength doesn't matter a bit, you typed it in for the hacker and he won't even have to touch the keyboard when his scripts hit your account and drain it.<br>3. Data breach and your password is stolen -- Why was it stored in plaintext? Regardless, they have it and can copy and paste if they use it.</p><p>The consensus on security now was that draconian policies on the part of IT without any seeming rhyme or reason to the employee will simply foster non-compliance and animosity towards IT.</p></htmltext>
<tokenext>I understand why you do n't want to use dictionary words for passwords , too easy to brute-force .
Though how likely is it that servers these days would sit still while a single account fails login ten thousand times ?
I know once the hacker is in , he can then run the hash file against the dictionary and back into the passwords of other accounts .
But would n't even a dictionary word with a number or two after it be fine ?
duck1234 should be just as secure as duck !
@ # $ , right ? I 'm running through the ways you can get hacked and what a secure password would mean.1 .
Guessing by a person sitting at your computer , brute force hacker from outside , running the dictionary against the hash -- strong is good.2 .
Your PC gets rooted , your keystrokes are captured -- strength does n't matter a bit , you typed it in for the hacker and he wo n't even have to touch the keyboard when his scripts hit your account and drain it.3 .
Data breach and your password is stolen -- Why was it stored in plaintext ?
Regardless , they have it and can copy and paste if they use it.The consensus on security now was that draconian policies on the part of IT without any seeming rhyme or reason to the employee will simply foster non-compliance and animosity towards IT .</tokentext>
<sentencetext>I understand why you don't want to use dictionary words for passwords, too easy to brute-force.
Though how likely is it that servers these days would sit still while a single account fails login ten thousand times?
I know once the hacker is in, he can then run the hash file against the dictionary and back into the passwords of other accounts.
But wouldn't even a dictionary word with a number or two after it be fine?
duck1234 should be just as secure as duck!
@#$, right?I'm running through the ways you can get hacked and what a secure password would mean.1.
Guessing by a person sitting at your computer, brute force hacker from outside, running the dictionary against the hash -- strong is good.2.
Your PC gets rooted, your keystrokes are captured -- strength doesn't matter a bit, you typed it in for the hacker and he won't even have to touch the keyboard when his scripts hit your account and drain it.3.
Data breach and your password is stolen -- Why was it stored in plaintext?
Regardless, they have it and can copy and paste if they use it.The consensus on security now was that draconian policies on the part of IT without any seeming rhyme or reason to the employee will simply foster non-compliance and animosity towards IT.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30847594</id>
	<title>....password</title>
	<author>Anonymous</author>
	<datestamp>1264096680000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>that is the one i always try first....</htmltext>
<tokenext>that is the one i always try first... .</tokentext>
<sentencetext>that is the one i always try first....</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845054</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845852</id>
	<title>Re:The Top 10</title>
	<author>operagost</author>
	<datestamp>1264089360000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Missing: hunter2.</htmltext>
<tokenext>Missing : hunter2 .</tokentext>
<sentencetext>Missing: hunter2.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845078</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30848358</id>
	<title>uhhh</title>
	<author>kel-tor</author>
	<datestamp>1264099860000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I think Shulman is missing his own point.</p><p><div class="quote"><p>"The problem has changed very little over the past 20 years, explained Shulman, referring to a 1990 Unix password study that showed a password selection pattern similar to what consumers select today. Its time for everyone to take password security seriously; its an important first step in data security.</p></div><p>So 20 years later we still have all of exact same problem?  The lesson here is \_not\_ that "it's time for \_everyone\_ to take pw security seriously".  The lesson is that the basic mechanic's of passwords doesn't work.   I'm sure they tried to take pw security seriously 20 years ago.  The average user doesn't understand the math behind making a complex password.  Password requirements add to the confusion: one pw changes every 3 months, another 4, some must use mixed case, ohters 2 numbers and a special character, and don't write it down, etc, then throw in some passwords fields that cannot use special characters, my bank pw cannot start with a number, can't reuse a pw for 12 uses and the result is simplified easier to remember passwords.  Same as the last but add a '1' at the end, incriment to '2' in 3 months.</p><p>Old Dakota wisdom says that if you are riding a dead horse, get off.  Shulman seems to think that if we just get serious and dig in our heals we can suddenly get the dead horse to trot.  Meanwhile management will ignore Shulman and instead decide to double the horsepower-- by buying another dead horse.</p></div>
	</htmltext>
<tokenext>I think Shulman is missing his own point .
" The problem has changed very little over the past 20 years , explained Shulman , referring to a 1990 Unix password study that showed a password selection pattern similar to what consumers select today .
Its time for everyone to take password security seriously ; its an important first step in data security.So 20 years later we still have all of exact same problem ?
The lesson here is \ _not \ _ that " it 's time for \ _everyone \ _ to take pw security seriously " .
The lesson is that the basic mechanic 's of passwords does n't work .
I 'm sure they tried to take pw security seriously 20 years ago .
The average user does n't understand the math behind making a complex password .
Password requirements add to the confusion : one pw changes every 3 months , another 4 , some must use mixed case , ohters 2 numbers and a special character , and do n't write it down , etc , then throw in some passwords fields that can not use special characters , my bank pw can not start with a number , ca n't reuse a pw for 12 uses and the result is simplified easier to remember passwords .
Same as the last but add a '1 ' at the end , incriment to '2 ' in 3 months.Old Dakota wisdom says that if you are riding a dead horse , get off .
Shulman seems to think that if we just get serious and dig in our heals we can suddenly get the dead horse to trot .
Meanwhile management will ignore Shulman and instead decide to double the horsepower-- by buying another dead horse .</tokentext>
<sentencetext>I think Shulman is missing his own point.
"The problem has changed very little over the past 20 years, explained Shulman, referring to a 1990 Unix password study that showed a password selection pattern similar to what consumers select today.
Its time for everyone to take password security seriously; its an important first step in data security.So 20 years later we still have all of exact same problem?
The lesson here is \_not\_ that "it's time for \_everyone\_ to take pw security seriously".
The lesson is that the basic mechanic's of passwords doesn't work.
I'm sure they tried to take pw security seriously 20 years ago.
The average user doesn't understand the math behind making a complex password.
Password requirements add to the confusion: one pw changes every 3 months, another 4, some must use mixed case, ohters 2 numbers and a special character, and don't write it down, etc, then throw in some passwords fields that cannot use special characters, my bank pw cannot start with a number, can't reuse a pw for 12 uses and the result is simplified easier to remember passwords.
Same as the last but add a '1' at the end, incriment to '2' in 3 months.Old Dakota wisdom says that if you are riding a dead horse, get off.
Shulman seems to think that if we just get serious and dig in our heals we can suddenly get the dead horse to trot.
Meanwhile management will ignore Shulman and instead decide to double the horsepower-- by buying another dead horse.
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845798</id>
	<title>Re:Password strength vs. how often you change it</title>
	<author>nine-times</author>
	<datestamp>1264089120000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p><nobr> <wbr></nobr></p><div class="quote"><p>..it must be EXACTLY 2 letters, followed by EXACTLY 4 digits.</p></div><p>That's retarded.
</p><p>I've thought about this sort of thing before, where password policies also have the effect of narrowing the number of possible passwords.  For example, it's pretty standard for a company to have a policy like, "Your password must be at least 10 characters, contain at least one capital letter and one lower case letter, contain at least 1 number and one non-alpha-numeric character."  And yes, it's true that keeping these policies has the effect of increasing the number of combinations, but it also is simultaneously narrowing the combinations.
</p><p>If a hacker knows this policy and were to try a brute-force attack, they would be able to disregard any possible passwords made of 7 characters or less.  They would be able to get rid of all combinations that were all lower-case, all upper-case, or even all alphanumeric.  I haven't done the math and I'm sure that requiring some of these things are still a net gain, but it struck me as funny.  Like if someone were to try a very clever brute-force attack that didn't bother trying all-alphanumeric passwords, then "password" would in that case be a safer password than "*pQQ\K6"XSiM".  It might take him a million years to get to "*pQQ\K6"XSiM", but he'd never try "password".</p></div>
	</htmltext>
<tokenext>..it must be EXACTLY 2 letters , followed by EXACTLY 4 digits.That 's retarded .
I 've thought about this sort of thing before , where password policies also have the effect of narrowing the number of possible passwords .
For example , it 's pretty standard for a company to have a policy like , " Your password must be at least 10 characters , contain at least one capital letter and one lower case letter , contain at least 1 number and one non-alpha-numeric character .
" And yes , it 's true that keeping these policies has the effect of increasing the number of combinations , but it also is simultaneously narrowing the combinations .
If a hacker knows this policy and were to try a brute-force attack , they would be able to disregard any possible passwords made of 7 characters or less .
They would be able to get rid of all combinations that were all lower-case , all upper-case , or even all alphanumeric .
I have n't done the math and I 'm sure that requiring some of these things are still a net gain , but it struck me as funny .
Like if someone were to try a very clever brute-force attack that did n't bother trying all-alphanumeric passwords , then " password " would in that case be a safer password than " * pQQ \ K6 " XSiM " .
It might take him a million years to get to " * pQQ \ K6 " XSiM " , but he 'd never try " password " .</tokentext>
<sentencetext> ..it must be EXACTLY 2 letters, followed by EXACTLY 4 digits.That's retarded.
I've thought about this sort of thing before, where password policies also have the effect of narrowing the number of possible passwords.
For example, it's pretty standard for a company to have a policy like, "Your password must be at least 10 characters, contain at least one capital letter and one lower case letter, contain at least 1 number and one non-alpha-numeric character.
"  And yes, it's true that keeping these policies has the effect of increasing the number of combinations, but it also is simultaneously narrowing the combinations.
If a hacker knows this policy and were to try a brute-force attack, they would be able to disregard any possible passwords made of 7 characters or less.
They would be able to get rid of all combinations that were all lower-case, all upper-case, or even all alphanumeric.
I haven't done the math and I'm sure that requiring some of these things are still a net gain, but it struck me as funny.
Like if someone were to try a very clever brute-force attack that didn't bother trying all-alphanumeric passwords, then "password" would in that case be a safer password than "*pQQ\K6"XSiM".
It might take him a million years to get to "*pQQ\K6"XSiM", but he'd never try "password".
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845136</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30848344</id>
	<title>Re:actual list of passwords?</title>
	<author>Anonymous</author>
	<datestamp>1264099800000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Torrent: <a href="http://thepiratebay.org/torrent/5232943/" title="thepiratebay.org" rel="nofollow">http://thepiratebay.org/torrent/5232943/</a> [thepiratebay.org]</p></htmltext>
<tokenext>Torrent : http : //thepiratebay.org/torrent/5232943/ [ thepiratebay.org ]</tokentext>
<sentencetext>Torrent: http://thepiratebay.org/torrent/5232943/ [thepiratebay.org]</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845120</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846310</id>
	<title>Re:Why surprising?</title>
	<author>troll8901</author>
	<datestamp>1264091220000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>I've probably got 100 different passwords rattling around in my brain.</p></div><p>Let me guess<nobr> <wbr></nobr>... hotmailpassword, yahoopassword, googlepassword?</p></div>
	</htmltext>
<tokenext>I 've probably got 100 different passwords rattling around in my brain.Let me guess ... hotmailpassword , yahoopassword , googlepassword ?</tokentext>
<sentencetext>I've probably got 100 different passwords rattling around in my brain.Let me guess ... hotmailpassword, yahoopassword, googlepassword?
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845278</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30849910</id>
	<title>Re:The Top 10</title>
	<author>Darinbob</author>
	<datestamp>1264106640000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>However, this is for a site that doesn't necessarily need high security.  For a lot of throwaway web sites I use pretty basic passwords, often the same ones.  If someone steals the account, there's nothing there to lose.  It's not like this was a bank or a repository of critical personal information.</htmltext>
<tokenext>However , this is for a site that does n't necessarily need high security .
For a lot of throwaway web sites I use pretty basic passwords , often the same ones .
If someone steals the account , there 's nothing there to lose .
It 's not like this was a bank or a repository of critical personal information .</tokentext>
<sentencetext>However, this is for a site that doesn't necessarily need high security.
For a lot of throwaway web sites I use pretty basic passwords, often the same ones.
If someone steals the account, there's nothing there to lose.
It's not like this was a bank or a repository of critical personal information.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845078</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30849454</id>
	<title>low quality passwords for low quality sites</title>
	<author>danlip</author>
	<datestamp>1264104780000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>This doesn't tell us anything about how people use passwords in important situations.  I use crap passwords for crap sites like rockyou.com.  For any site I actually care about (banks, gmail) I use really good passwords (well, as good as they will let me use, some banks still don't allow non-alphanumeric characters).  So all this study really tells us is what password people use when they don't give a crap.</p></htmltext>
<tokenext>This does n't tell us anything about how people use passwords in important situations .
I use crap passwords for crap sites like rockyou.com .
For any site I actually care about ( banks , gmail ) I use really good passwords ( well , as good as they will let me use , some banks still do n't allow non-alphanumeric characters ) .
So all this study really tells us is what password people use when they do n't give a crap .</tokentext>
<sentencetext>This doesn't tell us anything about how people use passwords in important situations.
I use crap passwords for crap sites like rockyou.com.
For any site I actually care about (banks, gmail) I use really good passwords (well, as good as they will let me use, some banks still don't allow non-alphanumeric characters).
So all this study really tells us is what password people use when they don't give a crap.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845182</id>
	<title>Keep in mind, this is RockYou.com</title>
	<author>Anonymous</author>
	<datestamp>1264085940000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext><p>Is it even worth the effort of coming up with a secure password for that site?  If I had for some reason found it necessary to register with such a vapid site I would have just re-used one of my low-security passwords (which many other sites have access to).  It isn't too surprising that nobody cares whether someone else is using their account to steal their noisy, eye-burning flash videos.  What is far worse is if people are re-using passwords from much more important sites.  In this case, it doesn't matter if your password is a random string of letters, numbers and special characters.</p></htmltext>
<tokenext>Is it even worth the effort of coming up with a secure password for that site ?
If I had for some reason found it necessary to register with such a vapid site I would have just re-used one of my low-security passwords ( which many other sites have access to ) .
It is n't too surprising that nobody cares whether someone else is using their account to steal their noisy , eye-burning flash videos .
What is far worse is if people are re-using passwords from much more important sites .
In this case , it does n't matter if your password is a random string of letters , numbers and special characters .</tokentext>
<sentencetext>Is it even worth the effort of coming up with a secure password for that site?
If I had for some reason found it necessary to register with such a vapid site I would have just re-used one of my low-security passwords (which many other sites have access to).
It isn't too surprising that nobody cares whether someone else is using their account to steal their noisy, eye-burning flash videos.
What is far worse is if people are re-using passwords from much more important sites.
In this case, it doesn't matter if your password is a random string of letters, numbers and special characters.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30852268</id>
	<title>And All Were From Wifi</title>
	<author>Anonymous</author>
	<datestamp>1264071180000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>wifi is not secure people.</p></htmltext>
<tokenext>wifi is not secure people .</tokentext>
<sentencetext>wifi is not secure people.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30847546</id>
	<title>Re:Password strength vs. how often you change it</title>
	<author>JWSmythe</author>
	<datestamp>1264096560000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>
&nbsp; &nbsp; Better than that.  One place I worked, they assigned passwords for a payroll/HR site.  Once assigned, there was no way to change it.  Their method was:</p><p>
&nbsp; &nbsp; [first initial][last name][last 4 of your SSN]</p><p>
&nbsp; &nbsp; So, mine would have been...</p><p>
&nbsp; &nbsp; jsmythe0000</p><p>
&nbsp; &nbsp; If I had switched to our office's HR persons account, I could have fired everyone.<nobr> <wbr></nobr>:)  There were other options.  I could have given raises, demoted people, dropped their health insurance, or signed them up for the most expensive coverage.  Most folks weren't paid that well, so signing them up for full health coverage would have made them OWE the company at the end of each week.<nobr> <wbr></nobr>:)</p><p>
&nbsp; &nbsp;</p></htmltext>
<tokenext>    Better than that .
One place I worked , they assigned passwords for a payroll/HR site .
Once assigned , there was no way to change it .
Their method was :     [ first initial ] [ last name ] [ last 4 of your SSN ]     So , mine would have been.. .     jsmythe0000     If I had switched to our office 's HR persons account , I could have fired everyone .
: ) There were other options .
I could have given raises , demoted people , dropped their health insurance , or signed them up for the most expensive coverage .
Most folks were n't paid that well , so signing them up for full health coverage would have made them OWE the company at the end of each week .
: )    </tokentext>
<sentencetext>
    Better than that.
One place I worked, they assigned passwords for a payroll/HR site.
Once assigned, there was no way to change it.
Their method was:
    [first initial][last name][last 4 of your SSN]
    So, mine would have been...
    jsmythe0000
    If I had switched to our office's HR persons account, I could have fired everyone.
:)  There were other options.
I could have given raises, demoted people, dropped their health insurance, or signed them up for the most expensive coverage.
Most folks weren't paid that well, so signing them up for full health coverage would have made them OWE the company at the end of each week.
:)
   </sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845136</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30849120</id>
	<title>Re:repost from my comment on nyt:</title>
	<author>Hillgiant</author>
	<datestamp>1264103340000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Until you run into a site that does not accept your algorithm.  Either not h4rd enough or does not support the right length/character type.  So you figure out a "special" one for that.  Then you find another one that doesn't work for different reasons.</p><p>I agree with other commenters: The implementation (and possibly the concept itself) is broken on a fundamental level.</p></htmltext>
<tokenext>Until you run into a site that does not accept your algorithm .
Either not h4rd enough or does not support the right length/character type .
So you figure out a " special " one for that .
Then you find another one that does n't work for different reasons.I agree with other commenters : The implementation ( and possibly the concept itself ) is broken on a fundamental level .</tokentext>
<sentencetext>Until you run into a site that does not accept your algorithm.
Either not h4rd enough or does not support the right length/character type.
So you figure out a "special" one for that.
Then you find another one that doesn't work for different reasons.I agree with other commenters: The implementation (and possibly the concept itself) is broken on a fundamental level.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845402</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845192</id>
	<title>Why Is That Interesting?</title>
	<author>Anonymous</author>
	<datestamp>1264086000000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>4</modscore>
	<htmltext><p><div class="quote"><p>Most interesting to me was that in the sample, less than 4\% used any non alpha-numerics in their #$#\%'ing passwords.</p></div><p>Why is it any surprise that people tend to approach passwords as  a pass-<b>WORD</b>? It has to be something they can remember, and remembering a string of characters they can't <b>pronounce</b> is far more difficult than remembering (say) their favorite basketball team and the year they graduated high school.</p></div>
	</htmltext>
<tokenext>Most interesting to me was that in the sample , less than 4 \ % used any non alpha-numerics in their # $ # \ % 'ing passwords.Why is it any surprise that people tend to approach passwords as a pass-WORD ?
It has to be something they can remember , and remembering a string of characters they ca n't pronounce is far more difficult than remembering ( say ) their favorite basketball team and the year they graduated high school .</tokentext>
<sentencetext>Most interesting to me was that in the sample, less than 4\% used any non alpha-numerics in their #$#\%'ing passwords.Why is it any surprise that people tend to approach passwords as  a pass-WORD?
It has to be something they can remember, and remembering a string of characters they can't pronounce is far more difficult than remembering (say) their favorite basketball team and the year they graduated high school.
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30848842</id>
	<title>Re:Limited in Password size and chars</title>
	<author>horatio</author>
	<datestamp>1264102080000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>The talx website, which was where my former employer made us go to fetch our pay statements and W2s, only allowed digits, and IIRC had a minimum length of 8.  So I picked an old 10-digit phone number I don't use anymore for my password.  How the hell else am I going to remember a random 8 digit number that *isn't* my birthday or something similarly obvious?</htmltext>
<tokenext>The talx website , which was where my former employer made us go to fetch our pay statements and W2s , only allowed digits , and IIRC had a minimum length of 8 .
So I picked an old 10-digit phone number I do n't use anymore for my password .
How the hell else am I going to remember a random 8 digit number that * is n't * my birthday or something similarly obvious ?</tokentext>
<sentencetext>The talx website, which was where my former employer made us go to fetch our pay statements and W2s, only allowed digits, and IIRC had a minimum length of 8.
So I picked an old 10-digit phone number I don't use anymore for my password.
How the hell else am I going to remember a random 8 digit number that *isn't* my birthday or something similarly obvious?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845098</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30847384</id>
	<title>Re:Password strength vs. how often you change it</title>
	<author>Anonymous</author>
	<datestamp>1264095960000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>My roommate's company (actually a US Government agency) requires passwords to be at least 20 characters.</p><p>One evening he walked around looking under keyboards, a majority of them had cryptic 20 character messages written on post-it notes underneath them.</p></htmltext>
<tokenext>My roommate 's company ( actually a US Government agency ) requires passwords to be at least 20 characters.One evening he walked around looking under keyboards , a majority of them had cryptic 20 character messages written on post-it notes underneath them .</tokentext>
<sentencetext>My roommate's company (actually a US Government agency) requires passwords to be at least 20 characters.One evening he walked around looking under keyboards, a majority of them had cryptic 20 character messages written on post-it notes underneath them.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845136</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30849786</id>
	<title>There's nothing wrong with alpha-only passwords</title>
	<author>davidwr</author>
	<datestamp>1264106100000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>If your password looks like this sentence, then you should be okay even if you do not include the punctuation.</p><p>^^-- do not use this example as your password.</p><p>The key to good alpha-only passwords is they have to be long and hard to guess.</p></htmltext>
<tokenext>If your password looks like this sentence , then you should be okay even if you do not include the punctuation. ^ ^ -- do not use this example as your password.The key to good alpha-only passwords is they have to be long and hard to guess .</tokentext>
<sentencetext>If your password looks like this sentence, then you should be okay even if you do not include the punctuation.^^-- do not use this example as your password.The key to good alpha-only passwords is they have to be long and hard to guess.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30848968</id>
	<title>passwords and language?</title>
	<author>cenc</author>
	<datestamp>1264102680000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I have asked this a couple times before, but I still have not been able to find a good answer.</p><p>What happens with passwords in other languages, and more specifically forcing the use of UTF-8 double bit characters?  What about using passwords in multiple languages?</p><p>Most brute force password cracking at least uses a dictionary to get at the low hanging fruit, why not increase the size of the dictionary? What are there like million words or something like that in the English language (guess) vs millions Chinese?</p><p>It would seem just branching out to Spanish, German, or whatever combinations would greatly decrease the success of brute force attacks.</p></htmltext>
<tokenext>I have asked this a couple times before , but I still have not been able to find a good answer.What happens with passwords in other languages , and more specifically forcing the use of UTF-8 double bit characters ?
What about using passwords in multiple languages ? Most brute force password cracking at least uses a dictionary to get at the low hanging fruit , why not increase the size of the dictionary ?
What are there like million words or something like that in the English language ( guess ) vs millions Chinese ? It would seem just branching out to Spanish , German , or whatever combinations would greatly decrease the success of brute force attacks .</tokentext>
<sentencetext>I have asked this a couple times before, but I still have not been able to find a good answer.What happens with passwords in other languages, and more specifically forcing the use of UTF-8 double bit characters?
What about using passwords in multiple languages?Most brute force password cracking at least uses a dictionary to get at the low hanging fruit, why not increase the size of the dictionary?
What are there like million words or something like that in the English language (guess) vs millions Chinese?It would seem just branching out to Spanish, German, or whatever combinations would greatly decrease the success of brute force attacks.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30848098</id>
	<title>Re:Why surprising?</title>
	<author>StormReaver</author>
	<datestamp>1264098780000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>I don't know about you, but I've probably got 100 different passwords rattling around in my brain.</p></div><p>Save yourself some hassle, and do what I do.  I put all my passwords on my Facebook profile so I don't have to remember any of them.  Since no one ever looks at my Facebook profile, it's totally secure.</p></div>
	</htmltext>
<tokenext>I do n't know about you , but I 've probably got 100 different passwords rattling around in my brain.Save yourself some hassle , and do what I do .
I put all my passwords on my Facebook profile so I do n't have to remember any of them .
Since no one ever looks at my Facebook profile , it 's totally secure .</tokentext>
<sentencetext>I don't know about you, but I've probably got 100 different passwords rattling around in my brain.Save yourself some hassle, and do what I do.
I put all my passwords on my Facebook profile so I don't have to remember any of them.
Since no one ever looks at my Facebook profile, it's totally secure.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845278</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846662</id>
	<title>Ancedote</title>
	<author>Locke2005</author>
	<datestamp>1264092900000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Many years ago, the Amdahl UTS admins sent out an email to all developers, stating "We've changed the admin password for the development machines, and we can't tell you what the new password is because it's a secret." I rushed to try logging in as admin, and sure enough, their new password was "Asecret"!</htmltext>
<tokenext>Many years ago , the Amdahl UTS admins sent out an email to all developers , stating " We 've changed the admin password for the development machines , and we ca n't tell you what the new password is because it 's a secret .
" I rushed to try logging in as admin , and sure enough , their new password was " Asecret " !</tokentext>
<sentencetext>Many years ago, the Amdahl UTS admins sent out an email to all developers, stating "We've changed the admin password for the development machines, and we can't tell you what the new password is because it's a secret.
" I rushed to try logging in as admin, and sure enough, their new password was "Asecret"!</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30848464</id>
	<title>Re:Password strength vs. how often you change it</title>
	<author>Rockoon</author>
	<datestamp>1264100280000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I don't work in their IT department. I see the job posting, then nudge my direct co-workers who are standing around looking at the latest postings with me, and point at it and say "thats why."<br>
<br>
"Thats less than half of what we make. Why did they post that here?"</htmltext>
<tokenext>I do n't work in their IT department .
I see the job posting , then nudge my direct co-workers who are standing around looking at the latest postings with me , and point at it and say " thats why .
" " Thats less than half of what we make .
Why did they post that here ?
"</tokentext>
<sentencetext>I don't work in their IT department.
I see the job posting, then nudge my direct co-workers who are standing around looking at the latest postings with me, and point at it and say "thats why.
"

"Thats less than half of what we make.
Why did they post that here?
"</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30847688</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845120</id>
	<title>actual list of passwords?</title>
	<author>naz404</author>
	<datestamp>1264085520000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>4</modscore>
	<htmltext>Does anyone have the list of passwords itself?<br> <br>

It would be fun to perform one's own statistical analysis of the list<nobr> <wbr></nobr>:)<br>

Here's the top 20 most common passwords used according to the report:<br>

Rank Password # of Users<br>
1 123456 290731<br>
2 12345 79078<br>
3 123456789 76790<br>
4 Password 61958<br>
5 iloveyou 51622<br>
6 princess 35231<br>
7 rockyou 22588<br>
8 1234567 21726<br>
9 12345678 20553<br>
10 abc123 17542<br>
11 Nicole 17168<br>
12 Daniel 16409<br>
13 babygirl 16094<br>
14 monkey 15294<br>
15 Jessica 15162<br>
16 Lovely 14950<br>
17 michael 14898<br>
18 Ashley 14329<br>
19 654321 13984<br>
20 Qwerty 13856</htmltext>
<tokenext>Does anyone have the list of passwords itself ?
It would be fun to perform one 's own statistical analysis of the list : ) Here 's the top 20 most common passwords used according to the report : Rank Password # of Users 1 123456 290731 2 12345 79078 3 123456789 76790 4 Password 61958 5 iloveyou 51622 6 princess 35231 7 rockyou 22588 8 1234567 21726 9 12345678 20553 10 abc123 17542 11 Nicole 17168 12 Daniel 16409 13 babygirl 16094 14 monkey 15294 15 Jessica 15162 16 Lovely 14950 17 michael 14898 18 Ashley 14329 19 654321 13984 20 Qwerty 13856</tokentext>
<sentencetext>Does anyone have the list of passwords itself?
It would be fun to perform one's own statistical analysis of the list :)

Here's the top 20 most common passwords used according to the report:

Rank Password # of Users
1 123456 290731
2 12345 79078
3 123456789 76790
4 Password 61958
5 iloveyou 51622
6 princess 35231
7 rockyou 22588
8 1234567 21726
9 12345678 20553
10 abc123 17542
11 Nicole 17168
12 Daniel 16409
13 babygirl 16094
14 monkey 15294
15 Jessica 15162
16 Lovely 14950
17 michael 14898
18 Ashley 14329
19 654321 13984
20 Qwerty 13856</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845054</id>
	<title>My password</title>
	<author>Anonymous</author>
	<datestamp>1264085040000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext>Is password.  So damn obvious, nobody would think to try it =)</htmltext>
<tokenext>Is password .
So damn obvious , nobody would think to try it = )</tokentext>
<sentencetext>Is password.
So damn obvious, nobody would think to try it =)</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845834</id>
	<title>Re:Why does password strength matter?</title>
	<author>captainpanic</author>
	<datestamp>1264089240000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>About the FBI:</p><p>As an organisation, they are the good guys.<br>But does that guarantee that each and every one of their employees (or agents) is a good guy?</p><p>That's why it's worrying they can get warrants with a post-it, or don't need to crack your passwords.</p></htmltext>
<tokenext>About the FBI : As an organisation , they are the good guys.But does that guarantee that each and every one of their employees ( or agents ) is a good guy ? That 's why it 's worrying they can get warrants with a post-it , or do n't need to crack your passwords .</tokentext>
<sentencetext>About the FBI:As an organisation, they are the good guys.But does that guarantee that each and every one of their employees (or agents) is a good guy?That's why it's worrying they can get warrants with a post-it, or don't need to crack your passwords.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845174</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846944</id>
	<title>Re:Why does password strength matter?</title>
	<author>wtbname</author>
	<datestamp>1264094280000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>No shit.</p><p>Nothing annoys me more. I've already complained about this in another post, but I have FINANCIAL INSTITUTIONS that don't allow non-alphanumeric. And arbitrarily limit the size.</p><p>WHAT THE SHIT. WHAT IS WRONG WITH YOU ASSHOLES.</p><p>On a related note:</p><p>I once called my companies support desk to tell them their password change website did not accept !@#$\%^&amp;*()[]{} characters. And further, that the error message REPEATED THE PASSWORD YOU TYPE IN BACK TO YOU IN THE ERROR MESSAGE? The help desk lady told me that it was too much work to fix the issue just for me since NO ONE ELSE HAS THIS PROBLEM????</p><p>WHAT THE SHIT. WHAT THE SHIT.</p></htmltext>
<tokenext>No shit.Nothing annoys me more .
I 've already complained about this in another post , but I have FINANCIAL INSTITUTIONS that do n't allow non-alphanumeric .
And arbitrarily limit the size.WHAT THE SHIT .
WHAT IS WRONG WITH YOU ASSHOLES.On a related note : I once called my companies support desk to tell them their password change website did not accept !
@ # $ \ % ^ &amp; * ( ) [ ] { } characters .
And further , that the error message REPEATED THE PASSWORD YOU TYPE IN BACK TO YOU IN THE ERROR MESSAGE ?
The help desk lady told me that it was too much work to fix the issue just for me since NO ONE ELSE HAS THIS PROBLEM ? ? ?
? WHAT THE SHIT .
WHAT THE SHIT .</tokentext>
<sentencetext>No shit.Nothing annoys me more.
I've already complained about this in another post, but I have FINANCIAL INSTITUTIONS that don't allow non-alphanumeric.
And arbitrarily limit the size.WHAT THE SHIT.
WHAT IS WRONG WITH YOU ASSHOLES.On a related note:I once called my companies support desk to tell them their password change website did not accept !
@#$\%^&amp;*()[]{} characters.
And further, that the error message REPEATED THE PASSWORD YOU TYPE IN BACK TO YOU IN THE ERROR MESSAGE?
The help desk lady told me that it was too much work to fix the issue just for me since NO ONE ELSE HAS THIS PROBLEM???
?WHAT THE SHIT.
WHAT THE SHIT.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845094</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845568</id>
	<title>Password Utils</title>
	<author>Anonymous</author>
	<datestamp>1264087980000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><tt>I know it's been said around here before, but...<br><br>Dropbox + Keepass.&nbsp; It's been working great for me.</tt></htmltext>
<tokenext>I know it 's been said around here before , but...Dropbox + Keepass.   It 's been working great for me .</tokentext>
<sentencetext>I know it's been said around here before, but...Dropbox + Keepass.  It's been working great for me.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30848976</id>
	<title>Re:Password strength vs. how often you change it</title>
	<author>machine321</author>
	<datestamp>1264102740000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>You didn't mention that your user names are random, 20 digits, and can't be re-used.</p></htmltext>
<tokenext>You did n't mention that your user names are random , 20 digits , and ca n't be re-used .</tokentext>
<sentencetext>You didn't mention that your user names are random, 20 digits, and can't be re-used.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845136</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845542</id>
	<title>Intentionally weak passwords?</title>
	<author>MattBurke</author>
	<datestamp>1264087920000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I don't know about anyone else, but I have accounts on so many sites it would be impossible to use strong passwords without reuse. I really don't see the harm in using the same weak passwords if I don't care if my account on the site's compromised.</p><p>I have a number of site-specific strong passwords I use on sites I care about, and a further handful of very strong passwords I use for accounts that have the ability to charge my credit cards. My unix passwords are completely different too, and I run sshd needing key auth. If I have anything worth protecting (personal information more than an email address, an identity within a community, etc) on a website, I'll use a better password, but if I just want to comment on someone's blog or see what a site's about, I don't care - I certainly wouldn't shed a tear if one of my weak passwords were compromised! Boo hoo, someone's pretending to be Asdf Asdf from Qwer (postcode AA1 1AA) over at www.dontcare.com/phpbb/ and www.whogivesarats.as/blog/ and sending me spam on email addresses I'll just blacklist...</p><p>I would bet money that if you look at the password complexity of users of a busy registration-required forum both before and after you discount people with less than 5 posts, there'd be a substantial difference. Likewise, it'd be interesting to see the strength distribution of the subset of these "32 million" accounts on rockyou.com that belonged to people that actually used them or had valid personal information attached. Otherwise I think it's a pretty worthless study</p></htmltext>
<tokenext>I do n't know about anyone else , but I have accounts on so many sites it would be impossible to use strong passwords without reuse .
I really do n't see the harm in using the same weak passwords if I do n't care if my account on the site 's compromised.I have a number of site-specific strong passwords I use on sites I care about , and a further handful of very strong passwords I use for accounts that have the ability to charge my credit cards .
My unix passwords are completely different too , and I run sshd needing key auth .
If I have anything worth protecting ( personal information more than an email address , an identity within a community , etc ) on a website , I 'll use a better password , but if I just want to comment on someone 's blog or see what a site 's about , I do n't care - I certainly would n't shed a tear if one of my weak passwords were compromised !
Boo hoo , someone 's pretending to be Asdf Asdf from Qwer ( postcode AA1 1AA ) over at www.dontcare.com/phpbb/ and www.whogivesarats.as/blog/ and sending me spam on email addresses I 'll just blacklist...I would bet money that if you look at the password complexity of users of a busy registration-required forum both before and after you discount people with less than 5 posts , there 'd be a substantial difference .
Likewise , it 'd be interesting to see the strength distribution of the subset of these " 32 million " accounts on rockyou.com that belonged to people that actually used them or had valid personal information attached .
Otherwise I think it 's a pretty worthless study</tokentext>
<sentencetext>I don't know about anyone else, but I have accounts on so many sites it would be impossible to use strong passwords without reuse.
I really don't see the harm in using the same weak passwords if I don't care if my account on the site's compromised.I have a number of site-specific strong passwords I use on sites I care about, and a further handful of very strong passwords I use for accounts that have the ability to charge my credit cards.
My unix passwords are completely different too, and I run sshd needing key auth.
If I have anything worth protecting (personal information more than an email address, an identity within a community, etc) on a website, I'll use a better password, but if I just want to comment on someone's blog or see what a site's about, I don't care - I certainly wouldn't shed a tear if one of my weak passwords were compromised!
Boo hoo, someone's pretending to be Asdf Asdf from Qwer (postcode AA1 1AA) over at www.dontcare.com/phpbb/ and www.whogivesarats.as/blog/ and sending me spam on email addresses I'll just blacklist...I would bet money that if you look at the password complexity of users of a busy registration-required forum both before and after you discount people with less than 5 posts, there'd be a substantial difference.
Likewise, it'd be interesting to see the strength distribution of the subset of these "32 million" accounts on rockyou.com that belonged to people that actually used them or had valid personal information attached.
Otherwise I think it's a pretty worthless study</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845200</id>
	<title>Re:Limited in Password size and chars</title>
	<author>Anonymous</author>
	<datestamp>1264086060000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>You mean like Verified by Visa? 6-10 chars and no special chars. ARGH!</p></htmltext>
<tokenext>You mean like Verified by Visa ?
6-10 chars and no special chars .
ARGH !</tokentext>
<sentencetext>You mean like Verified by Visa?
6-10 chars and no special chars.
ARGH!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845098</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846968</id>
	<title>USPTO wireless password for working from home</title>
	<author>Anonymous</author>
	<datestamp>1264094400000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>If you see an access point and running WEP (yes, they are still this retarded) the key is all numbers in the obvious sequence.</p></htmltext>
<tokenext>If you see an access point and running WEP ( yes , they are still this retarded ) the key is all numbers in the obvious sequence .</tokentext>
<sentencetext>If you see an access point and running WEP (yes, they are still this retarded) the key is all numbers in the obvious sequence.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845280</id>
	<title>Re:The Top 10</title>
	<author>Anonymous</author>
	<datestamp>1264086600000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Whatever happened to love, secret, sex, and God?</htmltext>
<tokenext>Whatever happened to love , secret , sex , and God ?</tokentext>
<sentencetext>Whatever happened to love, secret, sex, and God?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845078</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30852028</id>
	<title>Re:One had to dig deep for this gem...</title>
	<author>Anonymous</author>
	<datestamp>1264070460000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>"I've done quite a bit of personal research in this area, and have found passphrase systems to be far superior in terms of security and ease of use/recall over random combinations of characters."</p><p>So instead of a random password your are advocating a non-random password and calling it a passphrase.  Sorry, but that is just stupid.  Passwords are weak because they get in the way of what users want to do (along with a whole lot of other reasons).  Passphrases are not a solution to that problem.</p><p>It would be better to encourage users to use strong passwords, not change them, write them down and keep them secure.  Users could be asigned passwords.  Sites could not require the use of passwords.  Why exactly do I have to have a password to buy something online?  Mail order companies happily took my CC number and shipped my product.  Brick and mortor stores don't require an account.</p></htmltext>
<tokenext>" I 've done quite a bit of personal research in this area , and have found passphrase systems to be far superior in terms of security and ease of use/recall over random combinations of characters .
" So instead of a random password your are advocating a non-random password and calling it a passphrase .
Sorry , but that is just stupid .
Passwords are weak because they get in the way of what users want to do ( along with a whole lot of other reasons ) .
Passphrases are not a solution to that problem.It would be better to encourage users to use strong passwords , not change them , write them down and keep them secure .
Users could be asigned passwords .
Sites could not require the use of passwords .
Why exactly do I have to have a password to buy something online ?
Mail order companies happily took my CC number and shipped my product .
Brick and mortor stores do n't require an account .</tokentext>
<sentencetext>"I've done quite a bit of personal research in this area, and have found passphrase systems to be far superior in terms of security and ease of use/recall over random combinations of characters.
"So instead of a random password your are advocating a non-random password and calling it a passphrase.
Sorry, but that is just stupid.
Passwords are weak because they get in the way of what users want to do (along with a whole lot of other reasons).
Passphrases are not a solution to that problem.It would be better to encourage users to use strong passwords, not change them, write them down and keep them secure.
Users could be asigned passwords.
Sites could not require the use of passwords.
Why exactly do I have to have a password to buy something online?
Mail order companies happily took my CC number and shipped my product.
Brick and mortor stores don't require an account.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845484</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845224</id>
	<title>Not really suprising</title>
	<author>jmauro</author>
	<datestamp>1264086300000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p>Since most sites have a bunch of silly restrictions (no special characters, no more than 8, etc) most systems if the don't enforce strength, randomness, etc will degrade down to the lowest level where the password will work on all the systems.</p></htmltext>
<tokenext>Since most sites have a bunch of silly restrictions ( no special characters , no more than 8 , etc ) most systems if the do n't enforce strength , randomness , etc will degrade down to the lowest level where the password will work on all the systems .</tokentext>
<sentencetext>Since most sites have a bunch of silly restrictions (no special characters, no more than 8, etc) most systems if the don't enforce strength, randomness, etc will degrade down to the lowest level where the password will work on all the systems.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845944</id>
	<title>Re:Limited in Password size and chars</title>
	<author>Spatial</author>
	<datestamp>1264089720000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>My bank's password requirement:<br> <br>

"6-8 characters, lowercase letters only.  (No numbers permitted!)"<br> <br>

Needless to say, I don't use their online services.</htmltext>
<tokenext>My bank 's password requirement : " 6-8 characters , lowercase letters only .
( No numbers permitted !
) " Needless to say , I do n't use their online services .</tokentext>
<sentencetext>My bank's password requirement: 

"6-8 characters, lowercase letters only.
(No numbers permitted!
)" 

Needless to say, I don't use their online services.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845098</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845074</id>
	<title>Have they released the list anywhere?</title>
	<author>damn\_registrars</author>
	<datestamp>1264085220000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>3</modscore>
	<htmltext>I think it would be interesting to search the passwords I use against the list.  I like to think that my passwords are pretty good, but it would be interesting to see how similar they are to the passwords that were obtained and used in the study.</htmltext>
<tokenext>I think it would be interesting to search the passwords I use against the list .
I like to think that my passwords are pretty good , but it would be interesting to see how similar they are to the passwords that were obtained and used in the study .</tokentext>
<sentencetext>I think it would be interesting to search the passwords I use against the list.
I like to think that my passwords are pretty good, but it would be interesting to see how similar they are to the passwords that were obtained and used in the study.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845108</id>
	<title>special characters</title>
	<author>Anonymous</author>
	<datestamp>1264085460000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Adding a special character increases the base.  Adding a character - i.e. increasing the length of your password - increases the exponent.  Either method helps provide strong passwords.  Shoulder surfing special characters is easier, because they are a reach from the home keys, and most pause to hit them.</p></htmltext>
<tokenext>Adding a special character increases the base .
Adding a character - i.e .
increasing the length of your password - increases the exponent .
Either method helps provide strong passwords .
Shoulder surfing special characters is easier , because they are a reach from the home keys , and most pause to hit them .</tokentext>
<sentencetext>Adding a special character increases the base.
Adding a character - i.e.
increasing the length of your password - increases the exponent.
Either method helps provide strong passwords.
Shoulder surfing special characters is easier, because they are a reach from the home keys, and most pause to hit them.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845174</id>
	<title>Re:Why does password strength matter?</title>
	<author>Omegium</author>
	<datestamp>1264085940000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext>Do you really think that the FBI is your greatest enemy online?<br>

IT IS NOT.<br>


It is nice to think that you are enemy of the state nr 1 and that everybody cares about your secrets, but that's not the case. You should worry about phishers and other criminals, not about law enforcement. And they don't use search warrants. They need to crack passwords</htmltext>
<tokenext>Do you really think that the FBI is your greatest enemy online ?
IT IS NOT .
It is nice to think that you are enemy of the state nr 1 and that everybody cares about your secrets , but that 's not the case .
You should worry about phishers and other criminals , not about law enforcement .
And they do n't use search warrants .
They need to crack passwords</tokentext>
<sentencetext>Do you really think that the FBI is your greatest enemy online?
IT IS NOT.
It is nice to think that you are enemy of the state nr 1 and that everybody cares about your secrets, but that's not the case.
You should worry about phishers and other criminals, not about law enforcement.
And they don't use search warrants.
They need to crack passwords</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845094</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845098</id>
	<title>Limited in Password size and chars</title>
	<author>realsilly</author>
	<datestamp>1264085340000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I can't tell you how frustrating it is to try to keep information secure on various web sites or with companies that still use antiquated password styles.  6-8 chars or numbers only?  Really?  Still?  After all the identity theft you'd think companies would at least step up their need to have users have strong passwords.  But nope, places like Earthlink still use limited password capability.</p></htmltext>
<tokenext>I ca n't tell you how frustrating it is to try to keep information secure on various web sites or with companies that still use antiquated password styles .
6-8 chars or numbers only ?
Really ? Still ?
After all the identity theft you 'd think companies would at least step up their need to have users have strong passwords .
But nope , places like Earthlink still use limited password capability .</tokentext>
<sentencetext>I can't tell you how frustrating it is to try to keep information secure on various web sites or with companies that still use antiquated password styles.
6-8 chars or numbers only?
Really?  Still?
After all the identity theft you'd think companies would at least step up their need to have users have strong passwords.
But nope, places like Earthlink still use limited password capability.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846488</id>
	<title>Re:Silly password requirements</title>
	<author>jefu</author>
	<datestamp>1264092060000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>The password strength checkers seem odd to me sometimes.   I recently had to generate a new password for a site and used my standard method, pick a sentence related to the site (sometimes rude, sometimes nonsensical), then use the first letters, changing one or two to numeric or symbols (so the first sentence in this post might have given me "Tpscs02ms").  My first picked sentence gave me 16 characters (even all lower case that would probably have been good as there were no dictionary words or other simple patterns).   The site told me that that password was seriously insecure - and playing around a bit I discovered that the same string truncated at 13 characters was rated highly secure.   I should have looked at the code (javascript) to see why adding three characters made it so much worse but was trying to get things done.</htmltext>
<tokenext>The password strength checkers seem odd to me sometimes .
I recently had to generate a new password for a site and used my standard method , pick a sentence related to the site ( sometimes rude , sometimes nonsensical ) , then use the first letters , changing one or two to numeric or symbols ( so the first sentence in this post might have given me " Tpscs02ms " ) .
My first picked sentence gave me 16 characters ( even all lower case that would probably have been good as there were no dictionary words or other simple patterns ) .
The site told me that that password was seriously insecure - and playing around a bit I discovered that the same string truncated at 13 characters was rated highly secure .
I should have looked at the code ( javascript ) to see why adding three characters made it so much worse but was trying to get things done .</tokentext>
<sentencetext>The password strength checkers seem odd to me sometimes.
I recently had to generate a new password for a site and used my standard method, pick a sentence related to the site (sometimes rude, sometimes nonsensical), then use the first letters, changing one or two to numeric or symbols (so the first sentence in this post might have given me "Tpscs02ms").
My first picked sentence gave me 16 characters (even all lower case that would probably have been good as there were no dictionary words or other simple patterns).
The site told me that that password was seriously insecure - and playing around a bit I discovered that the same string truncated at 13 characters was rated highly secure.
I should have looked at the code (javascript) to see why adding three characters made it so much worse but was trying to get things done.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845340</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30856676</id>
	<title>Re:The Top 10</title>
	<author>ObitMan</author>
	<datestamp>1264099200000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>1. 123456</p></div><p>Crap. now i have to change the password on my luggage.</p></div>
	</htmltext>
<tokenext>1 .
123456Crap. now i have to change the password on my luggage .</tokentext>
<sentencetext>1.
123456Crap. now i have to change the password on my luggage.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845078</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845348</id>
	<title>Re:Why does password strength matter?</title>
	<author>Kozz</author>
	<datestamp>1264086960000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I have to change my password at work every 90 days.  The result is that I'm creating passwords that don't have non-alphanumerics, but are usually phrases of two or more words together, like "anappleaday" or "lookatmenow" or "changingpwsucks".  Am I more or less secure than people forced to use non-alphanumerics who create passwords like "judy1" or "maroon5"?  I think so...</p></htmltext>
<tokenext>I have to change my password at work every 90 days .
The result is that I 'm creating passwords that do n't have non-alphanumerics , but are usually phrases of two or more words together , like " anappleaday " or " lookatmenow " or " changingpwsucks " .
Am I more or less secure than people forced to use non-alphanumerics who create passwords like " judy1 " or " maroon5 " ?
I think so.. .</tokentext>
<sentencetext>I have to change my password at work every 90 days.
The result is that I'm creating passwords that don't have non-alphanumerics, but are usually phrases of two or more words together, like "anappleaday" or "lookatmenow" or "changingpwsucks".
Am I more or less secure than people forced to use non-alphanumerics who create passwords like "judy1" or "maroon5"?
I think so...</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845094</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30849378</id>
	<title>Re:Why surprising?</title>
	<author>Blakey Rat</author>
	<datestamp>1264104480000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I came across one site that didn't consider "-" a punctuation mark. That pissed me off enough that I put in a support ticket over it: don't force me to include punctuation marks in the password if your system is so retarded it doesn't even know what punctuation marks look like.</p></htmltext>
<tokenext>I came across one site that did n't consider " - " a punctuation mark .
That pissed me off enough that I put in a support ticket over it : do n't force me to include punctuation marks in the password if your system is so retarded it does n't even know what punctuation marks look like .</tokentext>
<sentencetext>I came across one site that didn't consider "-" a punctuation mark.
That pissed me off enough that I put in a support ticket over it: don't force me to include punctuation marks in the password if your system is so retarded it doesn't even know what punctuation marks look like.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845278</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846620</id>
	<title>Re:Password strength vs. how often you change it</title>
	<author>Rastl</author>
	<datestamp>1264092660000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>My company (over 10,000 employees, not in the computer industry) does the same thing, but the really annoying part..
<br><nobr> <wbr></nobr>..it must be EXACTLY 2 letters, followed by EXACTLY 4 digits.
<br>
So even allowing for upper case (which I am not sure that it differentiates), the total password space is only 2704000000.</p></div> </blockquote><p>Making the assumption that they're not storing it in plain text which would kind of negate the 'integer' part (alpha?)  If they're that strict about password format then they're probably not doing much on the back end either.</p></div>
	</htmltext>
<tokenext>My company ( over 10,000 employees , not in the computer industry ) does the same thing , but the really annoying part. . ..it must be EXACTLY 2 letters , followed by EXACTLY 4 digits .
So even allowing for upper case ( which I am not sure that it differentiates ) , the total password space is only 2704000000 .
Making the assumption that they 're not storing it in plain text which would kind of negate the 'integer ' part ( alpha ?
) If they 're that strict about password format then they 're probably not doing much on the back end either .</tokentext>
<sentencetext>My company (over 10,000 employees, not in the computer industry) does the same thing, but the really annoying part..
 ..it must be EXACTLY 2 letters, followed by EXACTLY 4 digits.
So even allowing for upper case (which I am not sure that it differentiates), the total password space is only 2704000000.
Making the assumption that they're not storing it in plain text which would kind of negate the 'integer' part (alpha?
)  If they're that strict about password format then they're probably not doing much on the back end either.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845136</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845334</id>
	<title>Re:The Top 10</title>
	<author>Anonymous</author>
	<datestamp>1264086900000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>The report mentions this:</p><p><i>If a hacker would have used the list of the top 5000 passwords as a dictionary for brute force attack on Rockyou.<br>com users, it would take only one attempt (per account) to guess 0.9\% of the users passwords or a rate of one<br>success per 111 attempts.</i></p><p>Interesting but how does this really apply to any other instance of password cracking?  You would not know the top 5000 passwords ahead of time in anything other than this specific RockYou instance?  I guess some of the general trends apply though, I'm sure more hotmail users use hotmail as their password then would use RockYou. Where is the list of usernames that you are running against this list of top 5000 known passwords?  I guess my point it, if you already have a list of passwords and usernames that are in use, comparing cracking statistics for dictionary attacks and the additional password complexity of using special characters and non dictionary words does not apply.  Just run the known passwords against the known usernames.</p></htmltext>
<tokenext>The report mentions this : If a hacker would have used the list of the top 5000 passwords as a dictionary for brute force attack on Rockyou.com users , it would take only one attempt ( per account ) to guess 0.9 \ % of the users passwords or a rate of onesuccess per 111 attempts.Interesting but how does this really apply to any other instance of password cracking ?
You would not know the top 5000 passwords ahead of time in anything other than this specific RockYou instance ?
I guess some of the general trends apply though , I 'm sure more hotmail users use hotmail as their password then would use RockYou .
Where is the list of usernames that you are running against this list of top 5000 known passwords ?
I guess my point it , if you already have a list of passwords and usernames that are in use , comparing cracking statistics for dictionary attacks and the additional password complexity of using special characters and non dictionary words does not apply .
Just run the known passwords against the known usernames .</tokentext>
<sentencetext>The report mentions this:If a hacker would have used the list of the top 5000 passwords as a dictionary for brute force attack on Rockyou.com users, it would take only one attempt (per account) to guess 0.9\% of the users passwords or a rate of onesuccess per 111 attempts.Interesting but how does this really apply to any other instance of password cracking?
You would not know the top 5000 passwords ahead of time in anything other than this specific RockYou instance?
I guess some of the general trends apply though, I'm sure more hotmail users use hotmail as their password then would use RockYou.
Where is the list of usernames that you are running against this list of top 5000 known passwords?
I guess my point it, if you already have a list of passwords and usernames that are in use, comparing cracking statistics for dictionary attacks and the additional password complexity of using special characters and non dictionary words does not apply.
Just run the known passwords against the known usernames.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845078</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845804</id>
	<title>Re:Have they released the list anywhere?</title>
	<author>damn\_registrars</author>
	<datestamp>1264089120000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>Post it here, I'll check it for you.. Don't worry, Slashdot blanks your password.<br> <br>

My password is *******<br> <br>

See, blanked out!</p></div><p>Wow, I just tried to match "*******" against a list of bad passwords, and it generated a <b>really long list</b> of matches.  Your password must be really bad!</p></div>
	</htmltext>
<tokenext>Post it here , I 'll check it for you.. Do n't worry , Slashdot blanks your password .
My password is * * * * * * * See , blanked out ! Wow , I just tried to match " * * * * * * * " against a list of bad passwords , and it generated a really long list of matches .
Your password must be really bad !</tokentext>
<sentencetext>Post it here, I'll check it for you.. Don't worry, Slashdot blanks your password.
My password is ******* 

See, blanked out!Wow, I just tried to match "*******" against a list of bad passwords, and it generated a really long list of matches.
Your password must be really bad!
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845492</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30847034</id>
	<title>Re:Why does password strength matter?</title>
	<author>Aeros</author>
	<datestamp>1264094640000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I know, so many people think their data is so sensitive and the FBI is out to get them. Get over yourselves.  Unless your doing something very wrong the FBI couldn't give a crap about you.  Get over yourselves and worry about the true criminals that are out to get your banking or your little sex site login information to use it for their own purposes.</htmltext>
<tokenext>I know , so many people think their data is so sensitive and the FBI is out to get them .
Get over yourselves .
Unless your doing something very wrong the FBI could n't give a crap about you .
Get over yourselves and worry about the true criminals that are out to get your banking or your little sex site login information to use it for their own purposes .</tokentext>
<sentencetext>I know, so many people think their data is so sensitive and the FBI is out to get them.
Get over yourselves.
Unless your doing something very wrong the FBI couldn't give a crap about you.
Get over yourselves and worry about the true criminals that are out to get your banking or your little sex site login information to use it for their own purposes.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845174</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846130</id>
	<title>Re:Same problem as 20 years ago</title>
	<author>itsdapead</author>
	<datestamp>1264090500000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>The implication is that ways of educating users has not improved in the past 20 years.</p></div><p>Its not a case of educating them - its a case of stopping asking them to do silly things: <b>do</b> use a complex password; <b>don't</b> write it down <b>do</b> change it every six weeks;  <b>do</b> create a persistant account (with a unique password) for every web service you use, even if you only use it once; <b>do</b> grow fluffy purple wings and fly around the room...</p></div>
	</htmltext>
<tokenext>The implication is that ways of educating users has not improved in the past 20 years.Its not a case of educating them - its a case of stopping asking them to do silly things : do use a complex password ; do n't write it down do change it every six weeks ; do create a persistant account ( with a unique password ) for every web service you use , even if you only use it once ; do grow fluffy purple wings and fly around the room.. .</tokentext>
<sentencetext>The implication is that ways of educating users has not improved in the past 20 years.Its not a case of educating them - its a case of stopping asking them to do silly things: do use a complex password; don't write it down do change it every six weeks;  do create a persistant account (with a unique password) for every web service you use, even if you only use it once; do grow fluffy purple wings and fly around the room...
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845406</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845492</id>
	<title>Re:Have they released the list anywhere?</title>
	<author>QuantumRiff</author>
	<datestamp>1264087680000</datestamp>
	<modclass>Funny</modclass>
	<modscore>5</modscore>
	<htmltext><p>Post it here, I'll check it for you.. Don't worry, Slashdot blanks your password.</p><p>My password is *******</p><p>See, blanked out!</p></htmltext>
<tokenext>Post it here , I 'll check it for you.. Do n't worry , Slashdot blanks your password.My password is * * * * * * * See , blanked out !</tokentext>
<sentencetext>Post it here, I'll check it for you.. Don't worry, Slashdot blanks your password.My password is *******See, blanked out!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845074</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846574</id>
	<title>Re:Lock-out after a certain number of attempts?</title>
	<author>tibman</author>
	<datestamp>1264092420000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Most bruteforce attacks are done on stolen password hashes with a dedicated server/cluster/botnet.  Say i found an SQL exploit to grab MD5 hashes for any user account.  I would do some research and find an old admin's name.  Use the exploit to get the admin's passwd hash.  Queue them up in the cluster and forget about it for a few days (or minutes sometimes!).  Login with the admin's name and passwd and flex his long unused admin powers to upgrade my own personal account in non-obvious ways.  The server logs won't show any login failures.</p></htmltext>
<tokenext>Most bruteforce attacks are done on stolen password hashes with a dedicated server/cluster/botnet .
Say i found an SQL exploit to grab MD5 hashes for any user account .
I would do some research and find an old admin 's name .
Use the exploit to get the admin 's passwd hash .
Queue them up in the cluster and forget about it for a few days ( or minutes sometimes ! ) .
Login with the admin 's name and passwd and flex his long unused admin powers to upgrade my own personal account in non-obvious ways .
The server logs wo n't show any login failures .</tokentext>
<sentencetext>Most bruteforce attacks are done on stolen password hashes with a dedicated server/cluster/botnet.
Say i found an SQL exploit to grab MD5 hashes for any user account.
I would do some research and find an old admin's name.
Use the exploit to get the admin's passwd hash.
Queue them up in the cluster and forget about it for a few days (or minutes sometimes!).
Login with the admin's name and passwd and flex his long unused admin powers to upgrade my own personal account in non-obvious ways.
The server logs won't show any login failures.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845262</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30847610</id>
	<title>Re:Made-up words</title>
	<author>Myopic</author>
	<datestamp>1264096740000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>So, your password is cr0mulent?</p></htmltext>
<tokenext>So , your password is cr0mulent ?</tokentext>
<sentencetext>So, your password is cr0mulent?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845254</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846040</id>
	<title>Re:My password</title>
	<author>Panaflex</author>
	<datestamp>1264090140000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I used to think the same thing!  What a co-inkidink!  Than someone hacked into a (fortunately, base install, nothin else) machine and I no longer think that.</p></htmltext>
<tokenext>I used to think the same thing !
What a co-inkidink !
Than someone hacked into a ( fortunately , base install , nothin else ) machine and I no longer think that .</tokentext>
<sentencetext>I used to think the same thing!
What a co-inkidink!
Than someone hacked into a (fortunately, base install, nothin else) machine and I no longer think that.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845054</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30847058</id>
	<title>Re:Same problem as 20 years ago</title>
	<author>Anonymous</author>
	<datestamp>1264094700000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>agree... and a lot of the problem at places I've worked is the app developers. They should use something like NTLM to verify the identify of the user and that they have authenticated, but its easier to throw up a login screen and check a database. End result users end up with half a dozen passwords for the various apps they use, so they pick passwords that are easy.</p><p>there really should be an iPhone/android app that would get your phone to send a special code via bluetooth to your browser to supplement your login. it could generate a unique code for every website, so if one website is compromised it won't affect the others. you'd still want a password in case someone steals your phone, but password strength would be far less important.</p><p>Problem is getting sites to actually implement it. And of course getting users to actually use it, as they'd just see it as another inconvenience to set up an app, get bluetooth working, etc. And of course not everyone has a smartphone (I don't)<nobr> <wbr></nobr>... so I guess it won't happen.</p></htmltext>
<tokenext>agree... and a lot of the problem at places I 've worked is the app developers .
They should use something like NTLM to verify the identify of the user and that they have authenticated , but its easier to throw up a login screen and check a database .
End result users end up with half a dozen passwords for the various apps they use , so they pick passwords that are easy.there really should be an iPhone/android app that would get your phone to send a special code via bluetooth to your browser to supplement your login .
it could generate a unique code for every website , so if one website is compromised it wo n't affect the others .
you 'd still want a password in case someone steals your phone , but password strength would be far less important.Problem is getting sites to actually implement it .
And of course getting users to actually use it , as they 'd just see it as another inconvenience to set up an app , get bluetooth working , etc .
And of course not everyone has a smartphone ( I do n't ) ... so I guess it wo n't happen .</tokentext>
<sentencetext>agree... and a lot of the problem at places I've worked is the app developers.
They should use something like NTLM to verify the identify of the user and that they have authenticated, but its easier to throw up a login screen and check a database.
End result users end up with half a dozen passwords for the various apps they use, so they pick passwords that are easy.there really should be an iPhone/android app that would get your phone to send a special code via bluetooth to your browser to supplement your login.
it could generate a unique code for every website, so if one website is compromised it won't affect the others.
you'd still want a password in case someone steals your phone, but password strength would be far less important.Problem is getting sites to actually implement it.
And of course getting users to actually use it, as they'd just see it as another inconvenience to set up an app, get bluetooth working, etc.
And of course not everyone has a smartphone (I don't) ... so I guess it won't happen.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845406</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846494</id>
	<title>Re:Why Is That Interesting?</title>
	<author>BrewDad</author>
	<datestamp>1264092060000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>Why is it any surprise that people tend to approach passwords as a pass-WORD? It has to be something they can remember, and remembering a string of characters they can't pronounce is far more difficult than remembering (say) their favorite basketball team and the year they graduated high school.</p></div></blockquote><p>

Dammit!  How did you figure out my system?  That's ok, I'll just change to my graduation year THEN my favorite basketball team.  Try cracking THAT password!</p></div>
	</htmltext>
<tokenext>Why is it any surprise that people tend to approach passwords as a pass-WORD ?
It has to be something they can remember , and remembering a string of characters they ca n't pronounce is far more difficult than remembering ( say ) their favorite basketball team and the year they graduated high school .
Dammit ! How did you figure out my system ?
That 's ok , I 'll just change to my graduation year THEN my favorite basketball team .
Try cracking THAT password !</tokentext>
<sentencetext>Why is it any surprise that people tend to approach passwords as a pass-WORD?
It has to be something they can remember, and remembering a string of characters they can't pronounce is far more difficult than remembering (say) their favorite basketball team and the year they graduated high school.
Dammit!  How did you figure out my system?
That's ok, I'll just change to my graduation year THEN my favorite basketball team.
Try cracking THAT password!
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845192</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846668</id>
	<title>Re:Have they released the list anywhere?</title>
	<author>Anonymous</author>
	<datestamp>1264092900000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Really? wow.  My pw is hunter2 also!!!</p><p>What are the odds?</p></htmltext>
<tokenext>Really ?
wow. My pw is hunter2 also ! !
! What are the odds ?</tokentext>
<sentencetext>Really?
wow.  My pw is hunter2 also!!
!What are the odds?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845492</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845266</id>
	<title>Re:Why does password strength matter?</title>
	<author>2obvious4u</author>
	<datestamp>1264086540000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>
Whats even worse is when that website is your bank.</htmltext>
<tokenext>Whats even worse is when that website is your bank .</tokentext>
<sentencetext>
Whats even worse is when that website is your bank.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845094</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845126</id>
	<title>Given the sample set, is it a surprise?</title>
	<author>Anonymous</author>
	<datestamp>1264085580000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>1</modscore>
	<htmltext><p>I vary the strength of my passwords based on the importance of them being secure.</p><p>More secure passwords are typically harder to remember.  My financial related passwords are much more secure than my Facebook password because I really don't give a damn if someone breaks into my facebook account.</p></htmltext>
<tokenext>I vary the strength of my passwords based on the importance of them being secure.More secure passwords are typically harder to remember .
My financial related passwords are much more secure than my Facebook password because I really do n't give a damn if someone breaks into my facebook account .</tokentext>
<sentencetext>I vary the strength of my passwords based on the importance of them being secure.More secure passwords are typically harder to remember.
My financial related passwords are much more secure than my Facebook password because I really don't give a damn if someone breaks into my facebook account.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846050</id>
	<title>Re:Security should not depend on strong passwords</title>
	<author>Anonymous</author>
	<datestamp>1264090200000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><i>This is like trying to stop VD by convincing teens to abstain from sex - it's in the never-going-to-happen category.</i></p><p>Nonsense. Just give them slashdot accounts. They'll be abstaining from sex, alright - just not voluntarily.</p></htmltext>
<tokenext>This is like trying to stop VD by convincing teens to abstain from sex - it 's in the never-going-to-happen category.Nonsense .
Just give them slashdot accounts .
They 'll be abstaining from sex , alright - just not voluntarily .</tokentext>
<sentencetext>This is like trying to stop VD by convincing teens to abstain from sex - it's in the never-going-to-happen category.Nonsense.
Just give them slashdot accounts.
They'll be abstaining from sex, alright - just not voluntarily.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845228</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845276</id>
	<title>Impenetrable</title>
	<author>G2GAlone</author>
	<datestamp>1264086540000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Surely no one uses God, Sex, Money, or Love as their password! I use my birthday or sometimes my mother's maiden name... no one will ever guess that, right? =X</htmltext>
<tokenext>Surely no one uses God , Sex , Money , or Love as their password !
I use my birthday or sometimes my mother 's maiden name... no one will ever guess that , right ?
= X</tokentext>
<sentencetext>Surely no one uses God, Sex, Money, or Love as their password!
I use my birthday or sometimes my mother's maiden name... no one will ever guess that, right?
=X</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845904</id>
	<title>Re:Have they released the list anywhere?</title>
	<author>FooAtWFU</author>
	<datestamp>1264089600000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>My password is <a href="https://www.google.com/accounts/o8/id" title="google.com">https://www.google.com/accounts/o8/id</a> [google.com].</htmltext>
<tokenext>My password is https : //www.google.com/accounts/o8/id [ google.com ] .</tokentext>
<sentencetext>My password is https://www.google.com/accounts/o8/id [google.com].</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845492</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845262</id>
	<title>Lock-out after a certain number of attempts?</title>
	<author>mdm-adph</author>
	<datestamp>1264086480000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Does one really need to worry about "brute force" attacks if it's a system that enforces a lock-out of a user account after a set number of incorrect passwords (say, 5 in 10 minutes or so)?</p></htmltext>
<tokenext>Does one really need to worry about " brute force " attacks if it 's a system that enforces a lock-out of a user account after a set number of incorrect passwords ( say , 5 in 10 minutes or so ) ?</tokentext>
<sentencetext>Does one really need to worry about "brute force" attacks if it's a system that enforces a lock-out of a user account after a set number of incorrect passwords (say, 5 in 10 minutes or so)?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30847318</id>
	<title>Re:Have they released the list anywhere?</title>
	<author>Anonymous</author>
	<datestamp>1264095720000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>hunter2.</p><p>Cool.</p></htmltext>
<tokenext>hunter2.Cool .</tokentext>
<sentencetext>hunter2.Cool.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845492</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845136</id>
	<title>Re:Password strength vs. how often you change it</title>
	<author>Rockoon</author>
	<datestamp>1264085640000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>4</modscore>
	<htmltext>My company (over 10,000 employees, not in the computer industry) does the same thing, but the really annoying part..<br>
<br><nobr> <wbr></nobr>..it must be EXACTLY 2 letters, followed by EXACTLY 4 digits.<br>
<br>
So even allowing for upper case (which I am not sure that it differentiates), the total password space is only 2704000000.<br>
<br>
The size of this space can conveniently fit into a 32-bit value, which is probably what they are doing: storing passwords in an integer field.<br>
<br>
Did I mention that they pay our IT department $11/hour?<br>
<br>
Yeah, all my coworkers do the same thing: use the same 2 letters every time they need to change it, followed by "1111" then "2222" then "3333" and so forth...</htmltext>
<tokenext>My company ( over 10,000 employees , not in the computer industry ) does the same thing , but the really annoying part. . ..it must be EXACTLY 2 letters , followed by EXACTLY 4 digits .
So even allowing for upper case ( which I am not sure that it differentiates ) , the total password space is only 2704000000 .
The size of this space can conveniently fit into a 32-bit value , which is probably what they are doing : storing passwords in an integer field .
Did I mention that they pay our IT department $ 11/hour ?
Yeah , all my coworkers do the same thing : use the same 2 letters every time they need to change it , followed by " 1111 " then " 2222 " then " 3333 " and so forth.. .</tokentext>
<sentencetext>My company (over 10,000 employees, not in the computer industry) does the same thing, but the really annoying part..
 ..it must be EXACTLY 2 letters, followed by EXACTLY 4 digits.
So even allowing for upper case (which I am not sure that it differentiates), the total password space is only 2704000000.
The size of this space can conveniently fit into a 32-bit value, which is probably what they are doing: storing passwords in an integer field.
Did I mention that they pay our IT department $11/hour?
Yeah, all my coworkers do the same thing: use the same 2 letters every time they need to change it, followed by "1111" then "2222" then "3333" and so forth...</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845068</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845534</id>
	<title>PKI authentication solves password hell</title>
	<author>gnieboer</author>
	<datestamp>1264087920000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>One of the best things the government IT folks have done is the use of the PKI infrastructure.  Must have a physical token (smart card) and then an unchanging PIN to access the physical token.  The private key never leaves the card itself.  And all internal sites are mandated to use that authentication, so no more password hell.<br>Yes, the cards expire every couple years, but it's about worn out by then anyways.</p></htmltext>
<tokenext>One of the best things the government IT folks have done is the use of the PKI infrastructure .
Must have a physical token ( smart card ) and then an unchanging PIN to access the physical token .
The private key never leaves the card itself .
And all internal sites are mandated to use that authentication , so no more password hell.Yes , the cards expire every couple years , but it 's about worn out by then anyways .</tokentext>
<sentencetext>One of the best things the government IT folks have done is the use of the PKI infrastructure.
Must have a physical token (smart card) and then an unchanging PIN to access the physical token.
The private key never leaves the card itself.
And all internal sites are mandated to use that authentication, so no more password hell.Yes, the cards expire every couple years, but it's about worn out by then anyways.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845098</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30876426</id>
	<title>Re:Password strength vs. how often you change it</title>
	<author>Anonymous</author>
	<datestamp>1264363500000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I wouldn't imagine a brute-force on your company's passwords would take very long</p></htmltext>
<tokenext>I would n't imagine a brute-force on your company 's passwords would take very long</tokentext>
<sentencetext>I wouldn't imagine a brute-force on your company's passwords would take very long</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845136</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845306</id>
	<title>Re:Have they released the list anywhere?</title>
	<author>Anonymous</author>
	<datestamp>1264086780000</datestamp>
	<modclass>Funny</modclass>
	<modscore>1</modscore>
	<htmltext><p>"love", "secret", "sex", not necessarily in that order. And don't forget "god". System operators love to use "god".</p></htmltext>
<tokenext>" love " , " secret " , " sex " , not necessarily in that order .
And do n't forget " god " .
System operators love to use " god " .</tokentext>
<sentencetext>"love", "secret", "sex", not necessarily in that order.
And don't forget "god".
System operators love to use "god".</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845074</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846854</id>
	<title>Re:Password strength vs. how often you change it</title>
	<author>Anonymous</author>
	<datestamp>1264093860000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p>Given the above policy, a smart hacker would bruteforce the following template:</p><p>(1 capital letter)(7 lower case letters)(1 number)(1 special character).  With a dictionary attack for the first 8 characters.</p><p>Password1!</p></htmltext>
<tokenext>Given the above policy , a smart hacker would bruteforce the following template : ( 1 capital letter ) ( 7 lower case letters ) ( 1 number ) ( 1 special character ) .
With a dictionary attack for the first 8 characters.Password1 !</tokentext>
<sentencetext>Given the above policy, a smart hacker would bruteforce the following template:(1 capital letter)(7 lower case letters)(1 number)(1 special character).
With a dictionary attack for the first 8 characters.Password1!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845798</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846456</id>
	<title>Re:Password strength vs. how often you change it</title>
	<author>Hoi Polloi</author>
	<datestamp>1264091940000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>At the very least they should create a list including passwords like the one in the article and block those from being used (the "lazy list").  Restricting you to a specific pattern is nuts though.  What a great way to simplify things for a password cracker.</p><p>Friend of mine in college once out of curiosity tried to see how many systems he could get into just by trying obvious passwords.  He told me he found approx 10 of them that used "password" as the password.  He also found a number of databases and routers that were still using the factory default passwords.</p></htmltext>
<tokenext>At the very least they should create a list including passwords like the one in the article and block those from being used ( the " lazy list " ) .
Restricting you to a specific pattern is nuts though .
What a great way to simplify things for a password cracker.Friend of mine in college once out of curiosity tried to see how many systems he could get into just by trying obvious passwords .
He told me he found approx 10 of them that used " password " as the password .
He also found a number of databases and routers that were still using the factory default passwords .</tokentext>
<sentencetext>At the very least they should create a list including passwords like the one in the article and block those from being used (the "lazy list").
Restricting you to a specific pattern is nuts though.
What a great way to simplify things for a password cracker.Friend of mine in college once out of curiosity tried to see how many systems he could get into just by trying obvious passwords.
He told me he found approx 10 of them that used "password" as the password.
He also found a number of databases and routers that were still using the factory default passwords.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845136</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846184</id>
	<title>Weak passwd OK if guessing cost high</title>
	<author>redelm</author>
	<datestamp>1264090740000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>A strong passwd is only a small part of the entire security system.  It is important to address \_all\_ parts.  One of the most important is to make the cost of guessing passwords high.</p><p>A non-shadow<nobr> <wbr></nobr>/etc/passwd has extremely low guessing costs, just a few CPU cycles.  An ATM that eats cards after 3 wrong guesses has an extremely high guessing cost.  Account lockouts, timed or manual are somewhere in-between.</p><p>The important point is these guessing costs are largely under the control of the admins and not subject to variable user compliance or resentful coersion.</p><p>It really bothers me when service people try to blame me for some inefficiency when they are not doing all they can. I'm not supposed to do their job, or even make it easy.  They're there to make mine easy.</p></htmltext>
<tokenext>A strong passwd is only a small part of the entire security system .
It is important to address \ _all \ _ parts .
One of the most important is to make the cost of guessing passwords high.A non-shadow /etc/passwd has extremely low guessing costs , just a few CPU cycles .
An ATM that eats cards after 3 wrong guesses has an extremely high guessing cost .
Account lockouts , timed or manual are somewhere in-between.The important point is these guessing costs are largely under the control of the admins and not subject to variable user compliance or resentful coersion.It really bothers me when service people try to blame me for some inefficiency when they are not doing all they can .
I 'm not supposed to do their job , or even make it easy .
They 're there to make mine easy .</tokentext>
<sentencetext>A strong passwd is only a small part of the entire security system.
It is important to address \_all\_ parts.
One of the most important is to make the cost of guessing passwords high.A non-shadow /etc/passwd has extremely low guessing costs, just a few CPU cycles.
An ATM that eats cards after 3 wrong guesses has an extremely high guessing cost.
Account lockouts, timed or manual are somewhere in-between.The important point is these guessing costs are largely under the control of the admins and not subject to variable user compliance or resentful coersion.It really bothers me when service people try to blame me for some inefficiency when they are not doing all they can.
I'm not supposed to do their job, or even make it easy.
They're there to make mine easy.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30850230</id>
	<title>Re:Why Is That Interesting?</title>
	<author>Anonymous</author>
	<datestamp>1264064820000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Or will graduate highschool...</p></htmltext>
<tokenext>Or will graduate highschool.. .</tokentext>
<sentencetext>Or will graduate highschool...</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845192</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845478</id>
	<title>Re:Why does password strength matter?</title>
	<author>Hurricane78</author>
	<datestamp>1264087620000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Well, in a properly designed system all private data is encrypted with that password, and only when you enter it, and it is cached in the current session, can that data be decrypted.<br>Of course, how many properly designed systems are there out there. I heard in the US, not even banks do this properly. (Except maybe if you consider WoW a bank.<nobr> <wbr></nobr>;)</p><p>Protip: Data that is shown to everyone on Facebook, is <em>never</em> encrypted.<nobr> <wbr></nobr>;)</p></htmltext>
<tokenext>Well , in a properly designed system all private data is encrypted with that password , and only when you enter it , and it is cached in the current session , can that data be decrypted.Of course , how many properly designed systems are there out there .
I heard in the US , not even banks do this properly .
( Except maybe if you consider WoW a bank .
; ) Protip : Data that is shown to everyone on Facebook , is never encrypted .
; )</tokentext>
<sentencetext>Well, in a properly designed system all private data is encrypted with that password, and only when you enter it, and it is cached in the current session, can that data be decrypted.Of course, how many properly designed systems are there out there.
I heard in the US, not even banks do this properly.
(Except maybe if you consider WoW a bank.
;)Protip: Data that is shown to everyone on Facebook, is never encrypted.
;)</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845094</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30854788</id>
	<title>Most password requirements are equally garbage</title>
	<author>bgspence</author>
	<datestamp>1264081620000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Less than 4\% of my passwords protect anything I care about. Most are to protect sites from spam users or to elicit demographic data from me. They don't protect me. It is no loss to me if someone uses my registration to their system.</p><p>Even my ATM card pin, a very uncommon 4 digit number, is of no real need of protection. I've had my accounts hacked in some of the big security leaks and the bank absorbs the loss.</p></htmltext>
<tokenext>Less than 4 \ % of my passwords protect anything I care about .
Most are to protect sites from spam users or to elicit demographic data from me .
They do n't protect me .
It is no loss to me if someone uses my registration to their system.Even my ATM card pin , a very uncommon 4 digit number , is of no real need of protection .
I 've had my accounts hacked in some of the big security leaks and the bank absorbs the loss .</tokentext>
<sentencetext>Less than 4\% of my passwords protect anything I care about.
Most are to protect sites from spam users or to elicit demographic data from me.
They don't protect me.
It is no loss to me if someone uses my registration to their system.Even my ATM card pin, a very uncommon 4 digit number, is of no real need of protection.
I've had my accounts hacked in some of the big security leaks and the bank absorbs the loss.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846304</id>
	<title>Re:repost from my comment on nyt:</title>
	<author>CaptBubba</author>
	<datestamp>1264091220000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>This system totally breaks down with sites or passwords that require you to change your password every XX days, and many times will reject a password if a certain number of the characters match with previously used passwords.</p><p>Great idea for everyday low-importance stuff though.</p></htmltext>
<tokenext>This system totally breaks down with sites or passwords that require you to change your password every XX days , and many times will reject a password if a certain number of the characters match with previously used passwords.Great idea for everyday low-importance stuff though .</tokentext>
<sentencetext>This system totally breaks down with sites or passwords that require you to change your password every XX days, and many times will reject a password if a certain number of the characters match with previously used passwords.Great idea for everyday low-importance stuff though.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845402</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845406</id>
	<title>Same problem as 20 years ago</title>
	<author>petes\_PoV</author>
	<datestamp>1264087200000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>The study makes reference to another analysis down on Unix systems 20 years ago and concludes nothing (much) has changed.
<br>All this tells us is that the exhortations to choose more secure passwords reaches a certain level and then has no more effect. The implication is that ways of educating users has not improved in the past 20 years.
<p>
Let's not blame the users -they are only doing what they're told. The problem is that we (i.e. IT people) are not telling them the right things in a way that they are willing to accept. That's the problem, not laziness, incompetence or ignorance - motivation. The users ARE motivated to choose passwords, but not to go to the inconvenience of choosing complex ones.
</p><p>
In every other area of computer use, the trend has been to making things simpler to use. Maybe it's time this process was applied to passwords. Of course it's possible we don't really want better security - we just want someone to blame for lapses.</p></htmltext>
<tokenext>The study makes reference to another analysis down on Unix systems 20 years ago and concludes nothing ( much ) has changed .
All this tells us is that the exhortations to choose more secure passwords reaches a certain level and then has no more effect .
The implication is that ways of educating users has not improved in the past 20 years .
Let 's not blame the users -they are only doing what they 're told .
The problem is that we ( i.e .
IT people ) are not telling them the right things in a way that they are willing to accept .
That 's the problem , not laziness , incompetence or ignorance - motivation .
The users ARE motivated to choose passwords , but not to go to the inconvenience of choosing complex ones .
In every other area of computer use , the trend has been to making things simpler to use .
Maybe it 's time this process was applied to passwords .
Of course it 's possible we do n't really want better security - we just want someone to blame for lapses .</tokentext>
<sentencetext>The study makes reference to another analysis down on Unix systems 20 years ago and concludes nothing (much) has changed.
All this tells us is that the exhortations to choose more secure passwords reaches a certain level and then has no more effect.
The implication is that ways of educating users has not improved in the past 20 years.
Let's not blame the users -they are only doing what they're told.
The problem is that we (i.e.
IT people) are not telling them the right things in a way that they are willing to accept.
That's the problem, not laziness, incompetence or ignorance - motivation.
The users ARE motivated to choose passwords, but not to go to the inconvenience of choosing complex ones.
In every other area of computer use, the trend has been to making things simpler to use.
Maybe it's time this process was applied to passwords.
Of course it's possible we don't really want better security - we just want someone to blame for lapses.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845868</id>
	<title>No kidding</title>
	<author>Sycraft-fu</author>
	<datestamp>1264089480000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>For example I use the same password on most forums online. It is short, alpha numeric and so on. Why? Because I really don't give a fuck. They are forums. Oh no, you hacked my forum account, whatever will I do? However it is not the same password as my e-mail, that is longer, and has special characters. My bank password is longer still, used only for my bank, and also requires the use of a physical identification token to get in.</p><p>The amount of effort I put in to a password is directly related to what that password protects. For a large amount of stuff on the internet it is one of a couple simple passwords that are reused all over. Reason is that what it protects is just not important. There is no reason to spend time coming up with and memorizing a unique, hard, password for Youtube or something. If it gets found out, oh well, I'll go change it on other sites I use enough to care about. If one of those happens to get owned in the interim, oh well, I'll make a new account.</p><p>However something like my bank account, or my admin account at work, yes, those passwords are strong, and they are never reused anywhere. They protect something that matters, so security is taken seriously.</p></htmltext>
<tokenext>For example I use the same password on most forums online .
It is short , alpha numeric and so on .
Why ? Because I really do n't give a fuck .
They are forums .
Oh no , you hacked my forum account , whatever will I do ?
However it is not the same password as my e-mail , that is longer , and has special characters .
My bank password is longer still , used only for my bank , and also requires the use of a physical identification token to get in.The amount of effort I put in to a password is directly related to what that password protects .
For a large amount of stuff on the internet it is one of a couple simple passwords that are reused all over .
Reason is that what it protects is just not important .
There is no reason to spend time coming up with and memorizing a unique , hard , password for Youtube or something .
If it gets found out , oh well , I 'll go change it on other sites I use enough to care about .
If one of those happens to get owned in the interim , oh well , I 'll make a new account.However something like my bank account , or my admin account at work , yes , those passwords are strong , and they are never reused anywhere .
They protect something that matters , so security is taken seriously .</tokentext>
<sentencetext>For example I use the same password on most forums online.
It is short, alpha numeric and so on.
Why? Because I really don't give a fuck.
They are forums.
Oh no, you hacked my forum account, whatever will I do?
However it is not the same password as my e-mail, that is longer, and has special characters.
My bank password is longer still, used only for my bank, and also requires the use of a physical identification token to get in.The amount of effort I put in to a password is directly related to what that password protects.
For a large amount of stuff on the internet it is one of a couple simple passwords that are reused all over.
Reason is that what it protects is just not important.
There is no reason to spend time coming up with and memorizing a unique, hard, password for Youtube or something.
If it gets found out, oh well, I'll go change it on other sites I use enough to care about.
If one of those happens to get owned in the interim, oh well, I'll make a new account.However something like my bank account, or my admin account at work, yes, those passwords are strong, and they are never reused anywhere.
They protect something that matters, so security is taken seriously.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845182</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845210</id>
	<title>Alphanumeric</title>
	<author>Anonymous</author>
	<datestamp>1264086120000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>As being a developer I was grown up with US layout which is far the best for coding. But in most countries nowadays you really have to look hard to find such a keyboard. Or not to mention configuring the damn layout on a random OS on a random machine. Everyone around me uses some strange layout I wouldn't find non-alphanumeric characters on. And there are even worst places where even simple digits are hard to be entered, e.g. Belgium.</p></htmltext>
<tokenext>As being a developer I was grown up with US layout which is far the best for coding .
But in most countries nowadays you really have to look hard to find such a keyboard .
Or not to mention configuring the damn layout on a random OS on a random machine .
Everyone around me uses some strange layout I would n't find non-alphanumeric characters on .
And there are even worst places where even simple digits are hard to be entered , e.g .
Belgium .</tokentext>
<sentencetext>As being a developer I was grown up with US layout which is far the best for coding.
But in most countries nowadays you really have to look hard to find such a keyboard.
Or not to mention configuring the damn layout on a random OS on a random machine.
Everyone around me uses some strange layout I wouldn't find non-alphanumeric characters on.
And there are even worst places where even simple digits are hard to be entered, e.g.
Belgium.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30848812</id>
	<title>Stop using passwords, use pass phrases</title>
	<author>MobyDisk</author>
	<datestamp>1264101960000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Pass phrases: Stronger.  More easily remembered.  Just stop using the word "password" all together.  It gives people the wrong idea.</p></htmltext>
<tokenext>Pass phrases : Stronger .
More easily remembered .
Just stop using the word " password " all together .
It gives people the wrong idea .</tokentext>
<sentencetext>Pass phrases: Stronger.
More easily remembered.
Just stop using the word "password" all together.
It gives people the wrong idea.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845234</id>
	<title>Re:Why does password strength matter?</title>
	<author>martyros</author>
	<datestamp>1264086360000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>On a related note, what pisses me off even more is going to a website and trying to use a strong password and their system doesn't allow it.</p></div></blockquote><p>Tell me about it.  I got a good idea from a slashdot comment about a way to easily have secure, diverse passwords for my websites: use a password generator to make a grid of passwords, and devise a mapping from the website name onto the grid.  Print the grid on a business-card size sheet.  Put a photocopy in your wallet, and the original somewhere you will absolutely not lose it. (I put mine with my passport folder.)  Instant, close-to-unique, strong passwords for each site without memorization, ready on-demand.
</p><p>But the federal tax payment system, of all people, won't allow some of the characters.  Oh, they require some characters, like $ or \%.  But forbid others, like ) and<nobr> <wbr></nobr>;.  (Afraid of an SQL injection attack, perhaps?) *sigh*</p></div>
	</htmltext>
<tokenext>On a related note , what pisses me off even more is going to a website and trying to use a strong password and their system does n't allow it.Tell me about it .
I got a good idea from a slashdot comment about a way to easily have secure , diverse passwords for my websites : use a password generator to make a grid of passwords , and devise a mapping from the website name onto the grid .
Print the grid on a business-card size sheet .
Put a photocopy in your wallet , and the original somewhere you will absolutely not lose it .
( I put mine with my passport folder .
) Instant , close-to-unique , strong passwords for each site without memorization , ready on-demand .
But the federal tax payment system , of all people , wo n't allow some of the characters .
Oh , they require some characters , like $ or \ % .
But forbid others , like ) and ; .
( Afraid of an SQL injection attack , perhaps ?
) * sigh *</tokentext>
<sentencetext>On a related note, what pisses me off even more is going to a website and trying to use a strong password and their system doesn't allow it.Tell me about it.
I got a good idea from a slashdot comment about a way to easily have secure, diverse passwords for my websites: use a password generator to make a grid of passwords, and devise a mapping from the website name onto the grid.
Print the grid on a business-card size sheet.
Put a photocopy in your wallet, and the original somewhere you will absolutely not lose it.
(I put mine with my passport folder.
)  Instant, close-to-unique, strong passwords for each site without memorization, ready on-demand.
But the federal tax payment system, of all people, won't allow some of the characters.
Oh, they require some characters, like $ or \%.
But forbid others, like ) and ;.
(Afraid of an SQL injection attack, perhaps?
) *sigh*
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845094</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30911596</id>
	<title>Why not remember a pattern?</title>
	<author>Anonymous</author>
	<datestamp>1264509000000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I find it easiest to remember a keyboard pattern. Something like every third character on a row of the keyboard. So your password could be something like:</p><p>cn,3^9dDHLeyo]</p><p>When you need a new password, just shift your pattern over a key.</p></htmltext>
<tokenext>I find it easiest to remember a keyboard pattern .
Something like every third character on a row of the keyboard .
So your password could be something like : cn,3 ^ 9dDHLeyo ] When you need a new password , just shift your pattern over a key .</tokentext>
<sentencetext>I find it easiest to remember a keyboard pattern.
Something like every third character on a row of the keyboard.
So your password could be something like:cn,3^9dDHLeyo]When you need a new password, just shift your pattern over a key.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846828</id>
	<title>Re:Have they released the list anywhere?</title>
	<author>Anonymous</author>
	<datestamp>1264093740000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>you can go hunter2 my hunter2-ing hunter2<br>haha, does that look funny to you?</p></htmltext>
<tokenext>you can go hunter2 my hunter2-ing hunter2haha , does that look funny to you ?</tokentext>
<sentencetext>you can go hunter2 my hunter2-ing hunter2haha, does that look funny to you?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845492</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30852648</id>
	<title>Don't get over excited by your analysis guys...</title>
	<author>pev</author>
	<datestamp>1264072440000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>So... Like may people with half a brain I sent different passwords for different things. For my on-line banking I have a solid proper password you *can't* guess or brute-force. For myspace, random sites, occasional web-mail I use different easy to remember passwords because I care less about being compromised and more about being memorable. Unless your baseline assumption is that people use the same passwords for meaningless services as for critical services, this kind of analysis is very hard to draw conclusions from. Now, if this had been an analysis of the same number of passwords from an on-line banking service I'd be *much* more interested...</p></htmltext>
<tokenext>So... Like may people with half a brain I sent different passwords for different things .
For my on-line banking I have a solid proper password you * ca n't * guess or brute-force .
For myspace , random sites , occasional web-mail I use different easy to remember passwords because I care less about being compromised and more about being memorable .
Unless your baseline assumption is that people use the same passwords for meaningless services as for critical services , this kind of analysis is very hard to draw conclusions from .
Now , if this had been an analysis of the same number of passwords from an on-line banking service I 'd be * much * more interested.. .</tokentext>
<sentencetext>So... Like may people with half a brain I sent different passwords for different things.
For my on-line banking I have a solid proper password you *can't* guess or brute-force.
For myspace, random sites, occasional web-mail I use different easy to remember passwords because I care less about being compromised and more about being memorable.
Unless your baseline assumption is that people use the same passwords for meaningless services as for critical services, this kind of analysis is very hard to draw conclusions from.
Now, if this had been an analysis of the same number of passwords from an on-line banking service I'd be *much* more interested...</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845964</id>
	<title>Wow</title>
	<author>Quiet\_Desperation</author>
	<datestamp>1264089840000</datestamp>
	<modclass>None</modclass>
	<modscore>2</modscore>
	<htmltext>No "swordfish", huh?</htmltext>
<tokenext>No " swordfish " , huh ?</tokentext>
<sentencetext>No "swordfish", huh?</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30851254</id>
	<title>Re:A couple questions about passwords</title>
	<author>david\_thornley</author>
	<datestamp>1264068180000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>
A few answers, for what they're worth.
</p><p>
Brute force attacks on the login screen aren't real useful when there's account lockouts, no.  However, what would have happened if this site had been in the least security-conscious?  We'd be looking at a very long list of salted hashes of passwords, and the bad guys could do brute force attacks on them, trying passwords and seeing if they matched, at leisure.  It's really unwise to rely on the hash scheme being a secret.  Still, if the site uses account lockout, and you are sure for some reason that the passwords will never be compromised (and I never am), any password better than "12345" will work.
</p><p>
The strength of a password depends on how it's made.  If somebody is creating, say, a length 12 alphabetic, it's likely to include words or names, and will be a lot less secure.  Twelve letters, upper and lowercase, randomly chosen, will take a long time to brute-force, but people in general don't do that.  Requiring a punctuation mark may shake that up.
</p><p>
I choose passwords based on how valuable and vulnerable things are.  My passwords for financial websites are pretty good, and I don't use one on two different sites.  For local stuff, or forums, I tend to use lower security, easily memorable ones, and do reuse them.
</p><p>
One piece of advice:  have some idea of the threat you're protecting against.  Is it willing to spend a lot of resources on cracking your password?  Is it after you in particular or anybody it can get?  (For example, while a criminal might well want to crack PayPal accounts, there'd be no particular reason in cracking mine rather than the ones with the weaker passwords.)   What are the consequences to you of compromise?  What's the exposure to attack?  What are likely attack scenarios?  For example, a TrueCrypt volume password might seem less consequential, but if you're using TrueCrypt to hide something illegal, the most likely attack scenario is that the government already suspects you, in which case they have a lot of time and resources to try to crack your specific password, and if they get it it would be very bad, so you want a very high-security password.  If you're using it to hide your pr0n from your roommate, the password quality is much less important.
</p><p>
As far as the password safe goes, it's all a matter of tradeoffs.  The unfortunate fact is that the average person can't memorize and enter unbreakable passwords at all easily, so there's a range of choices here.  One is less secure passwords, one is a piece of paper in your wallet, one is a password safe.  You're entirely correct to distrust public computers, but there's a kicker here:  unless you've booted it yourself from known good media (like a Linux Live CD), you can't trust it to keep anything secret.  There could easily be a software keylogger (and unless it's at a reputable place might have a hardware keylogger), so trusting anything at a public computer is iffy.  If you enter a password in any way, somebody might be able to read it.</p></htmltext>
<tokenext>A few answers , for what they 're worth .
Brute force attacks on the login screen are n't real useful when there 's account lockouts , no .
However , what would have happened if this site had been in the least security-conscious ?
We 'd be looking at a very long list of salted hashes of passwords , and the bad guys could do brute force attacks on them , trying passwords and seeing if they matched , at leisure .
It 's really unwise to rely on the hash scheme being a secret .
Still , if the site uses account lockout , and you are sure for some reason that the passwords will never be compromised ( and I never am ) , any password better than " 12345 " will work .
The strength of a password depends on how it 's made .
If somebody is creating , say , a length 12 alphabetic , it 's likely to include words or names , and will be a lot less secure .
Twelve letters , upper and lowercase , randomly chosen , will take a long time to brute-force , but people in general do n't do that .
Requiring a punctuation mark may shake that up .
I choose passwords based on how valuable and vulnerable things are .
My passwords for financial websites are pretty good , and I do n't use one on two different sites .
For local stuff , or forums , I tend to use lower security , easily memorable ones , and do reuse them .
One piece of advice : have some idea of the threat you 're protecting against .
Is it willing to spend a lot of resources on cracking your password ?
Is it after you in particular or anybody it can get ?
( For example , while a criminal might well want to crack PayPal accounts , there 'd be no particular reason in cracking mine rather than the ones with the weaker passwords .
) What are the consequences to you of compromise ?
What 's the exposure to attack ?
What are likely attack scenarios ?
For example , a TrueCrypt volume password might seem less consequential , but if you 're using TrueCrypt to hide something illegal , the most likely attack scenario is that the government already suspects you , in which case they have a lot of time and resources to try to crack your specific password , and if they get it it would be very bad , so you want a very high-security password .
If you 're using it to hide your pr0n from your roommate , the password quality is much less important .
As far as the password safe goes , it 's all a matter of tradeoffs .
The unfortunate fact is that the average person ca n't memorize and enter unbreakable passwords at all easily , so there 's a range of choices here .
One is less secure passwords , one is a piece of paper in your wallet , one is a password safe .
You 're entirely correct to distrust public computers , but there 's a kicker here : unless you 've booted it yourself from known good media ( like a Linux Live CD ) , you ca n't trust it to keep anything secret .
There could easily be a software keylogger ( and unless it 's at a reputable place might have a hardware keylogger ) , so trusting anything at a public computer is iffy .
If you enter a password in any way , somebody might be able to read it .</tokentext>
<sentencetext>
A few answers, for what they're worth.
Brute force attacks on the login screen aren't real useful when there's account lockouts, no.
However, what would have happened if this site had been in the least security-conscious?
We'd be looking at a very long list of salted hashes of passwords, and the bad guys could do brute force attacks on them, trying passwords and seeing if they matched, at leisure.
It's really unwise to rely on the hash scheme being a secret.
Still, if the site uses account lockout, and you are sure for some reason that the passwords will never be compromised (and I never am), any password better than "12345" will work.
The strength of a password depends on how it's made.
If somebody is creating, say, a length 12 alphabetic, it's likely to include words or names, and will be a lot less secure.
Twelve letters, upper and lowercase, randomly chosen, will take a long time to brute-force, but people in general don't do that.
Requiring a punctuation mark may shake that up.
I choose passwords based on how valuable and vulnerable things are.
My passwords for financial websites are pretty good, and I don't use one on two different sites.
For local stuff, or forums, I tend to use lower security, easily memorable ones, and do reuse them.
One piece of advice:  have some idea of the threat you're protecting against.
Is it willing to spend a lot of resources on cracking your password?
Is it after you in particular or anybody it can get?
(For example, while a criminal might well want to crack PayPal accounts, there'd be no particular reason in cracking mine rather than the ones with the weaker passwords.
)   What are the consequences to you of compromise?
What's the exposure to attack?
What are likely attack scenarios?
For example, a TrueCrypt volume password might seem less consequential, but if you're using TrueCrypt to hide something illegal, the most likely attack scenario is that the government already suspects you, in which case they have a lot of time and resources to try to crack your specific password, and if they get it it would be very bad, so you want a very high-security password.
If you're using it to hide your pr0n from your roommate, the password quality is much less important.
As far as the password safe goes, it's all a matter of tradeoffs.
The unfortunate fact is that the average person can't memorize and enter unbreakable passwords at all easily, so there's a range of choices here.
One is less secure passwords, one is a piece of paper in your wallet, one is a password safe.
You're entirely correct to distrust public computers, but there's a kicker here:  unless you've booted it yourself from known good media (like a Linux Live CD), you can't trust it to keep anything secret.
There could easily be a software keylogger (and unless it's at a reputable place might have a hardware keylogger), so trusting anything at a public computer is iffy.
If you enter a password in any way, somebody might be able to read it.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845612</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30847262</id>
	<title>Re:actual list of passwords?</title>
	<author>Anonymous</author>
	<datestamp>1264095480000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>20 Qwerty 13856</p></div><p>Why not use the home row keys (asdf)?</p></div>
	</htmltext>
<tokenext>20 Qwerty 13856Why not use the home row keys ( asdf ) ?</tokentext>
<sentencetext>20 Qwerty 13856Why not use the home row keys (asdf)?
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845120</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30847122</id>
	<title>Re:Keep in mind, this is RockYou.com</title>
	<author>roju</author>
	<datestamp>1264095000000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Why not just generate a new random password for every site and just let firefox remember it? Security and convenience.</p></htmltext>
<tokenext>Why not just generate a new random password for every site and just let firefox remember it ?
Security and convenience .</tokentext>
<sentencetext>Why not just generate a new random password for every site and just let firefox remember it?
Security and convenience.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845182</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845094</id>
	<title>Why does password strength matter?</title>
	<author>geekmux</author>
	<datestamp>1264085340000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext><p><div class="quote"><p>...Most interesting to me was that in the sample, less than 4\% used any non alpha-numerics in their #$#\%'ing passwords.</p></div><p>Er, does it REALLY matter anymore the strength of your password with the FBI using post-it notes as a search warrant?  I mean I hate to say that, but seriously.</p><p>On a related note, what pisses me off even more is going to a website and <b>trying</b> to use a strong password and their system doesn't allow it.</p></div>
	</htmltext>
<tokenext>...Most interesting to me was that in the sample , less than 4 \ % used any non alpha-numerics in their # $ # \ % 'ing passwords.Er , does it REALLY matter anymore the strength of your password with the FBI using post-it notes as a search warrant ?
I mean I hate to say that , but seriously.On a related note , what pisses me off even more is going to a website and trying to use a strong password and their system does n't allow it .</tokentext>
<sentencetext>...Most interesting to me was that in the sample, less than 4\% used any non alpha-numerics in their #$#\%'ing passwords.Er, does it REALLY matter anymore the strength of your password with the FBI using post-it notes as a search warrant?
I mean I hate to say that, but seriously.On a related note, what pisses me off even more is going to a website and trying to use a strong password and their system doesn't allow it.
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30857190</id>
	<title>Re:Password strength vs. how often you change it</title>
	<author>thesappho</author>
	<datestamp>1264192560000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>not 2704000000<br>but 27040000 = (26+26) * (26+26) * 10 * 10 * 10 * 10 ?!!<br>correct me if i am wrong</p></htmltext>
<tokenext>not 2704000000but 27040000 = ( 26 + 26 ) * ( 26 + 26 ) * 10 * 10 * 10 * 10 ? !
! correct me if i am wrong</tokentext>
<sentencetext>not 2704000000but 27040000 = (26+26) * (26+26) * 10 * 10 * 10 * 10 ?!
!correct me if i am wrong</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845136</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845194</id>
	<title>Re:Why does password strength matter?</title>
	<author>Anonymous</author>
	<datestamp>1264086000000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I completely agree with this.  What really ticks me off is dealing with financial institutions which refuse to allow special, non-numeric characters.  The reason so few people's passwords include special characters is because so many people like to reuse 2-4 password sets.  If you get 3 tries, and you have 3 password sets, you're really pushing the likelihood of using last month's iteration.</p></htmltext>
<tokenext>I completely agree with this .
What really ticks me off is dealing with financial institutions which refuse to allow special , non-numeric characters .
The reason so few people 's passwords include special characters is because so many people like to reuse 2-4 password sets .
If you get 3 tries , and you have 3 password sets , you 're really pushing the likelihood of using last month 's iteration .</tokentext>
<sentencetext>I completely agree with this.
What really ticks me off is dealing with financial institutions which refuse to allow special, non-numeric characters.
The reason so few people's passwords include special characters is because so many people like to reuse 2-4 password sets.
If you get 3 tries, and you have 3 password sets, you're really pushing the likelihood of using last month's iteration.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845094</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845368</id>
	<title>Re:Why does password strength matter?</title>
	<author>Hijacked Public</author>
	<datestamp>1264087020000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Or, what should also piss you off, is you using a strong password and the web site storing it clear text on a vulnerable SQL server.</htmltext>
<tokenext>Or , what should also piss you off , is you using a strong password and the web site storing it clear text on a vulnerable SQL server .</tokentext>
<sentencetext>Or, what should also piss you off, is you using a strong password and the web site storing it clear text on a vulnerable SQL server.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845094</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845734</id>
	<title>Re:Why does password strength matter?</title>
	<author>Anonymous</author>
	<datestamp>1264088820000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>On a related note, what pisses me off even more is going to a website and <b>trying</b> to use a strong password and their system doesn't allow it.</p></div><p>What really pisses me off is that my ISP (MTS, that's Manitoba Telecom Services) only allows 3 to 8 character alphanumeric passwords.  God help you if you try to put anything else in there.</p></div>
	</htmltext>
<tokenext>On a related note , what pisses me off even more is going to a website and trying to use a strong password and their system does n't allow it.What really pisses me off is that my ISP ( MTS , that 's Manitoba Telecom Services ) only allows 3 to 8 character alphanumeric passwords .
God help you if you try to put anything else in there .</tokentext>
<sentencetext>On a related note, what pisses me off even more is going to a website and trying to use a strong password and their system doesn't allow it.What really pisses me off is that my ISP (MTS, that's Manitoba Telecom Services) only allows 3 to 8 character alphanumeric passwords.
God help you if you try to put anything else in there.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845094</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846640</id>
	<title>Re:One had to dig deep for this gem...</title>
	<author>Anonymous</author>
	<datestamp>1264092720000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Did you follow the Diceware instructions exactly???</p><p>"For maximum security make sure you are alone and close the curtains"</p></htmltext>
<tokenext>Did you follow the Diceware instructions exactly ? ? ?
" For maximum security make sure you are alone and close the curtains "</tokentext>
<sentencetext>Did you follow the Diceware instructions exactly???
"For maximum security make sure you are alone and close the curtains"</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845484</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845354</id>
	<title>Re:Why does password strength matter?</title>
	<author>Anonymous</author>
	<datestamp>1264086960000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>Er, does it REALLY matter anymore the strength of your password with the FBI using post-it notes as a search warrant?</p></div><p>
I don't live in America, you insensitive clod!</p></div>
	</htmltext>
<tokenext>Er , does it REALLY matter anymore the strength of your password with the FBI using post-it notes as a search warrant ?
I do n't live in America , you insensitive clod !</tokentext>
<sentencetext>Er, does it REALLY matter anymore the strength of your password with the FBI using post-it notes as a search warrant?
I don't live in America, you insensitive clod!
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845094</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846410</id>
	<title>Re:The Top 10</title>
	<author>Anonymous</author>
	<datestamp>1264091700000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>12345!  <br>That's incredible!  I have the same combination on my luggage!</p></htmltext>
<tokenext>12345 !
That 's incredible !
I have the same combination on my luggage !</tokentext>
<sentencetext>12345!
That's incredible!
I have the same combination on my luggage!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845078</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30848442</id>
	<title>devolpment of passwords</title>
	<author>delvsional</author>
	<datestamp>1264100220000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>If I told you how I make my passwords, I'd have to kill you.</htmltext>
<tokenext>If I told you how I make my passwords , I 'd have to kill you .</tokentext>
<sentencetext>If I told you how I make my passwords, I'd have to kill you.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845916</id>
	<title>Re:The Top 10</title>
	<author>Junior J. Junior III</author>
	<datestamp>1264089660000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p><div class="quote"><p>2. 12345</p><p>By a massive coincidence, these happen to be the passwords for their respective<nobr> <wbr></nobr>/. userids!</p></div><p>I use same combination on my luggage!</p></div></div>
	</htmltext>
<tokenext>2 .
12345By a massive coincidence , these happen to be the passwords for their respective / .
userids ! I use same combination on my luggage !</tokentext>
<sentencetext>2.
12345By a massive coincidence, these happen to be the passwords for their respective /.
userids!I use same combination on my luggage!
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845078</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845790</id>
	<title>Re:Limited in Password size and chars</title>
	<author>mdarksbane</author>
	<datestamp>1264089060000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Especially since when you consider ease of memorization, more characters is a much easier way to increase security than adding asterisks and numbers.</p><p>ThisIsMyStupidPasswordForSlashdot is just about as hard to crack than !jd*8Wgd or H3xK@raCtre, but guess which is more likely to be remembered?</p></htmltext>
<tokenext>Especially since when you consider ease of memorization , more characters is a much easier way to increase security than adding asterisks and numbers.ThisIsMyStupidPasswordForSlashdot is just about as hard to crack than ! jd * 8Wgd or H3xK @ raCtre , but guess which is more likely to be remembered ?</tokentext>
<sentencetext>Especially since when you consider ease of memorization, more characters is a much easier way to increase security than adding asterisks and numbers.ThisIsMyStupidPasswordForSlashdot is just about as hard to crack than !jd*8Wgd or H3xK@raCtre, but guess which is more likely to be remembered?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845098</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30847630</id>
	<title>Re:repost from my comment on nyt:</title>
	<author>Anonymous</author>
	<datestamp>1264096800000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>A better variation of this would be to "tier" your passwords according to the needs.</p><p>Tier 1) personal email accounts or any site dealing with money<br>
&nbsp; &nbsp; What:<br>
&nbsp; &nbsp; &nbsp; &nbsp; * Use full strength hardened passwords with Alpha/Caps/Num/Special<br>
&nbsp; &nbsp; Why:<br>
&nbsp; &nbsp; &nbsp; &nbsp; * Identity theft - you don't want these to ever be compromised or guessed<br>
&nbsp; &nbsp; &nbsp; &nbsp; * Your personal email may contain information that can be used to compromise other accounts.</p><p>Tier 2) social networking<br>
&nbsp; &nbsp; What:<br>
&nbsp; &nbsp; &nbsp; &nbsp; * Use hard-to-guess patterns, and use several variations of the algorithm<br>
&nbsp; &nbsp; Why:<br>
&nbsp; &nbsp; &nbsp; &nbsp; * You want hard-to-guess to keep others from impersonating you<br>
&nbsp; &nbsp; &nbsp; &nbsp; * The variations I think would help in case one or more site gets compromised.<br>
&nbsp; &nbsp; &nbsp; &nbsp; * You may want to split tier 2 into an A and B group<br>
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; * 2A would be "serious" sites that probably have decent security<br>
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; or your reputation is important or you can be personally identified<br>
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; * Whereas 2B sites would be random sites that may not know what they are doing<br>
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; or where your reputation is not so critical or where it is unlikely that<br>
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; you can be personally identified</p><p>Tier 3) subscriptions for news and information<br>
&nbsp; &nbsp; * Use whatever you want to make it easy.</p></htmltext>
<tokenext>A better variation of this would be to " tier " your passwords according to the needs.Tier 1 ) personal email accounts or any site dealing with money     What :         * Use full strength hardened passwords with Alpha/Caps/Num/Special     Why :         * Identity theft - you do n't want these to ever be compromised or guessed         * Your personal email may contain information that can be used to compromise other accounts.Tier 2 ) social networking     What :         * Use hard-to-guess patterns , and use several variations of the algorithm     Why :         * You want hard-to-guess to keep others from impersonating you         * The variations I think would help in case one or more site gets compromised .
        * You may want to split tier 2 into an A and B group                 * 2A would be " serious " sites that probably have decent security                     or your reputation is important or you can be personally identified                 * Whereas 2B sites would be random sites that may not know what they are doing                     or where your reputation is not so critical or where it is unlikely that                     you can be personally identifiedTier 3 ) subscriptions for news and information     * Use whatever you want to make it easy .</tokentext>
<sentencetext>A better variation of this would be to "tier" your passwords according to the needs.Tier 1) personal email accounts or any site dealing with money
    What:
        * Use full strength hardened passwords with Alpha/Caps/Num/Special
    Why:
        * Identity theft - you don't want these to ever be compromised or guessed
        * Your personal email may contain information that can be used to compromise other accounts.Tier 2) social networking
    What:
        * Use hard-to-guess patterns, and use several variations of the algorithm
    Why:
        * You want hard-to-guess to keep others from impersonating you
        * The variations I think would help in case one or more site gets compromised.
        * You may want to split tier 2 into an A and B group
                * 2A would be "serious" sites that probably have decent security
                    or your reputation is important or you can be personally identified
                * Whereas 2B sites would be random sites that may not know what they are doing
                    or where your reputation is not so critical or where it is unlikely that
                    you can be personally identifiedTier 3) subscriptions for news and information
    * Use whatever you want to make it easy.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845402</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30848108</id>
	<title>More Password Analysis</title>
	<author>lakiw</author>
	<datestamp>1264098840000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I managed to obtain a copy of the list, and have been doing some analysis on my blog <a href="http://reusablesec.blogspot.com/" title="blogspot.com" rel="nofollow">http://reusablesec.blogspot.com/</a> [blogspot.com] with more to come. You can find a list of the top 100 passwords from the RockYou disclosure here:

<a href="http://reusablesec.blogspot.com/2009/12/rockyou-32-million-password-list-top.html" title="blogspot.com" rel="nofollow">http://reusablesec.blogspot.com/2009/12/rockyou-32-million-password-list-top.html</a> [blogspot.com]

I've also been analyzing more lists such as the 10k Hotmail list that was released a couple of months ago. As for the recommendations that Imperva made, I think they are too tough on the users. Let's be honest, someone could have had a 28 character passpharse and it wouldn't have helped them since Rockyou stored all the passwords in plain text. For most people, online password cracking isn't the main problem. Phishing/keystroke loggers are much more prevalent, (due to their low cost to attackers). What this shows though is you really need to have different classes of passwords. You don't have to remember a different password for every site, (which is almost impossible without using some keyvault program), but you should use a different password for your webmail/bank accounts compared to all of the other sites.</htmltext>
<tokenext>I managed to obtain a copy of the list , and have been doing some analysis on my blog http : //reusablesec.blogspot.com/ [ blogspot.com ] with more to come .
You can find a list of the top 100 passwords from the RockYou disclosure here : http : //reusablesec.blogspot.com/2009/12/rockyou-32-million-password-list-top.html [ blogspot.com ] I 've also been analyzing more lists such as the 10k Hotmail list that was released a couple of months ago .
As for the recommendations that Imperva made , I think they are too tough on the users .
Let 's be honest , someone could have had a 28 character passpharse and it would n't have helped them since Rockyou stored all the passwords in plain text .
For most people , online password cracking is n't the main problem .
Phishing/keystroke loggers are much more prevalent , ( due to their low cost to attackers ) .
What this shows though is you really need to have different classes of passwords .
You do n't have to remember a different password for every site , ( which is almost impossible without using some keyvault program ) , but you should use a different password for your webmail/bank accounts compared to all of the other sites .</tokentext>
<sentencetext>I managed to obtain a copy of the list, and have been doing some analysis on my blog http://reusablesec.blogspot.com/ [blogspot.com] with more to come.
You can find a list of the top 100 passwords from the RockYou disclosure here:

http://reusablesec.blogspot.com/2009/12/rockyou-32-million-password-list-top.html [blogspot.com]

I've also been analyzing more lists such as the 10k Hotmail list that was released a couple of months ago.
As for the recommendations that Imperva made, I think they are too tough on the users.
Let's be honest, someone could have had a 28 character passpharse and it wouldn't have helped them since Rockyou stored all the passwords in plain text.
For most people, online password cracking isn't the main problem.
Phishing/keystroke loggers are much more prevalent, (due to their low cost to attackers).
What this shows though is you really need to have different classes of passwords.
You don't have to remember a different password for every site, (which is almost impossible without using some keyvault program), but you should use a different password for your webmail/bank accounts compared to all of the other sites.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845122</id>
	<title>obligatory</title>
	<author>Anonymous</author>
	<datestamp>1264085580000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>hunter2</p></htmltext>
<tokenext>hunter2</tokentext>
<sentencetext>hunter2</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30848786</id>
	<title>Re:Why does password strength matter?</title>
	<author>horatio</author>
	<datestamp>1264101780000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Use a password generator like <a href="https://addons.mozilla.org/en-US/firefox/addon/3282" title="mozilla.org">Password Hasher</a> [mozilla.org] to generate a unique password for that site (you can give the hasher the same password for every site, it generates a password for you based on your password and a key for that site like the domain name), or use a throw away password that you don't care if anyone gets it.</htmltext>
<tokenext>Use a password generator like Password Hasher [ mozilla.org ] to generate a unique password for that site ( you can give the hasher the same password for every site , it generates a password for you based on your password and a key for that site like the domain name ) , or use a throw away password that you do n't care if anyone gets it .</tokentext>
<sentencetext>Use a password generator like Password Hasher [mozilla.org] to generate a unique password for that site (you can give the hasher the same password for every site, it generates a password for you based on your password and a key for that site like the domain name), or use a throw away password that you don't care if anyone gets it.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845250</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846208</id>
	<title>Re:Have they released the list anywhere?</title>
	<author>bcmm</author>
	<datestamp>1264090800000</datestamp>
	<modclass>Funny</modclass>
	<modscore>4</modscore>
	<htmltext>hunter2</htmltext>
<tokenext>hunter2</tokentext>
<sentencetext>hunter2</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845492</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845612</id>
	<title>A couple questions about passwords</title>
	<author>JSBiff</author>
	<datestamp>1264088220000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p>I have a couple questions for some more security minded folks here on slashdot, about the 'conclusions' of the analysis in the linked article. . .</p><p>* "The shortness and simplicity of passwords means many users select credentials that will make them susceptible to basic forms of cyber attacks known as 'brute force attacks.'"</p><p>
&nbsp; &nbsp; &nbsp; Is this really true? Here's why I ask - most websites (though unfortunately not all), seem to lock your account if you don't get the right password in 3-5 attempts. Then, it may stay locked for 15 minutes, or 24 hours, or until you go through a process of some sort to verify the account (such as an automated email to the address on record, with a link you have to click in the email).</p><p>
&nbsp; &nbsp; &nbsp; If the website takes such measures, doesn't that shut down brute force attacks pretty fast, even with fairly simple passwords? If the website is doing that, and it shuts down brute force attacks, doesn't that mean that even a somewhat weak password can provide 'good enough' protection?</p><p>* While I'm sure that adding special symbols does make the password harder to brute force, isn't even an alpha-num password pretty strong if it's about 10-12 characters long and mixes both upper and lower as well as some numbers? Personally, if I was guiding someone about a password, and I know they have a hard time remembering complex passwords, I would urge them to a longer password instead of a more complex one, because the length makes the complexity grow exponentially, right?</p><p>* Sort of touching on the parent's point - appropriateness. We can't remember lots of complex long passwords, so I would think that we should get people to concentrate on remembering complex passwords for the things that most need them - particularly things which can be attacked 'offline'? By 'offline', I'm thinking of something like, say, an encrypted file (like a zip file or TrueCrypt volume file), and online passwords which protect truly important stuff like access to your network account at work, your bank account, Tax-site password, etc.</p><p>Of course, there are always 'password safe' type applications, but I've never really liked the idea of a password safe, simply because I don't necessarily have access to it whenever I need a password. Take, for example, going to a library, FedexKinkos, or college computer lab, and needing to access a password protected site. Even if you *do* have your password safe file, on a USB key (for example; or maybe you can download your 'safe' from a site online), you may not be able to run the password safe software to decrypt it. Even if you *can* run the password safe file from the USB key, on the public computer, do you really trust that public computer to decrypt all your passwords? I just don't like the concept of password safes, for these reasons.</p></htmltext>
<tokenext>I have a couple questions for some more security minded folks here on slashdot , about the 'conclusions ' of the analysis in the linked article .
. .
* " The shortness and simplicity of passwords means many users select credentials that will make them susceptible to basic forms of cyber attacks known as 'brute force attacks .
' "       Is this really true ?
Here 's why I ask - most websites ( though unfortunately not all ) , seem to lock your account if you do n't get the right password in 3-5 attempts .
Then , it may stay locked for 15 minutes , or 24 hours , or until you go through a process of some sort to verify the account ( such as an automated email to the address on record , with a link you have to click in the email ) .
      If the website takes such measures , does n't that shut down brute force attacks pretty fast , even with fairly simple passwords ?
If the website is doing that , and it shuts down brute force attacks , does n't that mean that even a somewhat weak password can provide 'good enough ' protection ?
* While I 'm sure that adding special symbols does make the password harder to brute force , is n't even an alpha-num password pretty strong if it 's about 10-12 characters long and mixes both upper and lower as well as some numbers ?
Personally , if I was guiding someone about a password , and I know they have a hard time remembering complex passwords , I would urge them to a longer password instead of a more complex one , because the length makes the complexity grow exponentially , right ?
* Sort of touching on the parent 's point - appropriateness .
We ca n't remember lots of complex long passwords , so I would think that we should get people to concentrate on remembering complex passwords for the things that most need them - particularly things which can be attacked 'offline ' ?
By 'offline ' , I 'm thinking of something like , say , an encrypted file ( like a zip file or TrueCrypt volume file ) , and online passwords which protect truly important stuff like access to your network account at work , your bank account , Tax-site password , etc.Of course , there are always 'password safe ' type applications , but I 've never really liked the idea of a password safe , simply because I do n't necessarily have access to it whenever I need a password .
Take , for example , going to a library , FedexKinkos , or college computer lab , and needing to access a password protected site .
Even if you * do * have your password safe file , on a USB key ( for example ; or maybe you can download your 'safe ' from a site online ) , you may not be able to run the password safe software to decrypt it .
Even if you * can * run the password safe file from the USB key , on the public computer , do you really trust that public computer to decrypt all your passwords ?
I just do n't like the concept of password safes , for these reasons .</tokentext>
<sentencetext>I have a couple questions for some more security minded folks here on slashdot, about the 'conclusions' of the analysis in the linked article.
. .
* "The shortness and simplicity of passwords means many users select credentials that will make them susceptible to basic forms of cyber attacks known as 'brute force attacks.
'"
      Is this really true?
Here's why I ask - most websites (though unfortunately not all), seem to lock your account if you don't get the right password in 3-5 attempts.
Then, it may stay locked for 15 minutes, or 24 hours, or until you go through a process of some sort to verify the account (such as an automated email to the address on record, with a link you have to click in the email).
      If the website takes such measures, doesn't that shut down brute force attacks pretty fast, even with fairly simple passwords?
If the website is doing that, and it shuts down brute force attacks, doesn't that mean that even a somewhat weak password can provide 'good enough' protection?
* While I'm sure that adding special symbols does make the password harder to brute force, isn't even an alpha-num password pretty strong if it's about 10-12 characters long and mixes both upper and lower as well as some numbers?
Personally, if I was guiding someone about a password, and I know they have a hard time remembering complex passwords, I would urge them to a longer password instead of a more complex one, because the length makes the complexity grow exponentially, right?
* Sort of touching on the parent's point - appropriateness.
We can't remember lots of complex long passwords, so I would think that we should get people to concentrate on remembering complex passwords for the things that most need them - particularly things which can be attacked 'offline'?
By 'offline', I'm thinking of something like, say, an encrypted file (like a zip file or TrueCrypt volume file), and online passwords which protect truly important stuff like access to your network account at work, your bank account, Tax-site password, etc.Of course, there are always 'password safe' type applications, but I've never really liked the idea of a password safe, simply because I don't necessarily have access to it whenever I need a password.
Take, for example, going to a library, FedexKinkos, or college computer lab, and needing to access a password protected site.
Even if you *do* have your password safe file, on a USB key (for example; or maybe you can download your 'safe' from a site online), you may not be able to run the password safe software to decrypt it.
Even if you *can* run the password safe file from the USB key, on the public computer, do you really trust that public computer to decrypt all your passwords?
I just don't like the concept of password safes, for these reasons.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845182</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846014</id>
	<title>Password hashing on the databases</title>
	<author>coulbc</author>
	<datestamp>1264089960000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>The article states the passwords were obtained through an SQL injection attack. They were stored as plaintext in the database. Having a strong password would have done nothing to prevent this problem. Passwords need to be encrypted during transport and when stored.</p></htmltext>
<tokenext>The article states the passwords were obtained through an SQL injection attack .
They were stored as plaintext in the database .
Having a strong password would have done nothing to prevent this problem .
Passwords need to be encrypted during transport and when stored .</tokentext>
<sentencetext>The article states the passwords were obtained through an SQL injection attack.
They were stored as plaintext in the database.
Having a strong password would have done nothing to prevent this problem.
Passwords need to be encrypted during transport and when stored.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845556</id>
	<title>Stop calling it "passWORD"</title>
	<author>R2.0</author>
	<datestamp>1264087980000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>People only use letters and numbers because when they thing "word" it implies some meaning or coherence.  We all understand what letters and numbers stand for or "mean".  Non-alphanumerics?  Hell, we can't even decide what to call "#" - is it "hash" or "pound?"<br>Is "." "dot" or "point?"  For that matter, I still associate "$" with "string" in Fortran.</p><p>Start calling them security codes, pass codes, mystery keys, whatever.</p></htmltext>
<tokenext>People only use letters and numbers because when they thing " word " it implies some meaning or coherence .
We all understand what letters and numbers stand for or " mean " .
Non-alphanumerics ? Hell , we ca n't even decide what to call " # " - is it " hash " or " pound ?
" Is " .
" " dot " or " point ?
" For that matter , I still associate " $ " with " string " in Fortran.Start calling them security codes , pass codes , mystery keys , whatever .</tokentext>
<sentencetext>People only use letters and numbers because when they thing "word" it implies some meaning or coherence.
We all understand what letters and numbers stand for or "mean".
Non-alphanumerics?  Hell, we can't even decide what to call "#" - is it "hash" or "pound?
"Is ".
" "dot" or "point?
"  For that matter, I still associate "$" with "string" in Fortran.Start calling them security codes, pass codes, mystery keys, whatever.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845544</id>
	<title>Re:The Top 10</title>
	<author>BlueBoxSW.com</author>
	<datestamp>1264087920000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Really? "Password" as password? I'm so disappointed.</p></htmltext>
<tokenext>Really ?
" Password " as password ?
I 'm so disappointed .</tokentext>
<sentencetext>Really?
"Password" as password?
I'm so disappointed.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845078</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846260</id>
	<title>Difficult Passwords</title>
	<author>ears\_d</author>
	<datestamp>1264091040000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I once worked for a company where the server passwords were the names of Inca gods. Just try and remember "Apocatequil" and  "Guachmines."</htmltext>
<tokenext>I once worked for a company where the server passwords were the names of Inca gods .
Just try and remember " Apocatequil " and " Guachmines .
"</tokentext>
<sentencetext>I once worked for a company where the server passwords were the names of Inca gods.
Just try and remember "Apocatequil" and  "Guachmines.
"</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845622</id>
	<title>Re:Why does password strength matter?</title>
	<author>Anonymous</author>
	<datestamp>1264088280000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>But I do care about his secrets.</p></htmltext>
<tokenext>But I do care about his secrets .</tokentext>
<sentencetext>But I do care about his secrets.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845174</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845282</id>
	<title>Re:The Top 10</title>
	<author>Anonymous</author>
	<datestamp>1264086600000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Dear mods: funny? No, this is fact--read the article. (I was surprised too.)</p></htmltext>
<tokenext>Dear mods : funny ?
No , this is fact--read the article .
( I was surprised too .
)</tokentext>
<sentencetext>Dear mods: funny?
No, this is fact--read the article.
(I was surprised too.
)</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845078</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845922</id>
	<title>Re:Password strength vs. how often you change it</title>
	<author>koreaman</author>
	<datestamp>1264089660000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Worse: at the high school I went to (I only graduated last year), people's passwords were six-digit numbers that had been assigned to them when they first entered the school district (grade school for most people). The first two digits were determined by the elementary school the person went to. The last four digits were arbitrary (although I strongly suspect that the elementary schools started at 0000 and just counted up from there). Worst of all, the last three digits were included in the username. Someone with one of those passwords could have deleted someone else's work, surfed CP on someone else's account and gotten them expelled, or, yes, embezzled lunch money.</p></htmltext>
<tokenext>Worse : at the high school I went to ( I only graduated last year ) , people 's passwords were six-digit numbers that had been assigned to them when they first entered the school district ( grade school for most people ) .
The first two digits were determined by the elementary school the person went to .
The last four digits were arbitrary ( although I strongly suspect that the elementary schools started at 0000 and just counted up from there ) .
Worst of all , the last three digits were included in the username .
Someone with one of those passwords could have deleted someone else 's work , surfed CP on someone else 's account and gotten them expelled , or , yes , embezzled lunch money .</tokentext>
<sentencetext>Worse: at the high school I went to (I only graduated last year), people's passwords were six-digit numbers that had been assigned to them when they first entered the school district (grade school for most people).
The first two digits were determined by the elementary school the person went to.
The last four digits were arbitrary (although I strongly suspect that the elementary schools started at 0000 and just counted up from there).
Worst of all, the last three digits were included in the username.
Someone with one of those passwords could have deleted someone else's work, surfed CP on someone else's account and gotten them expelled, or, yes, embezzled lunch money.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845136</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30848610</id>
	<title>some of my favorite passwords</title>
	<author>peter303</author>
	<datestamp>1264100940000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Former zipcodes and telephone numbers.  Pretty easy to remember 15 digits this way. Some systems wont accept all digits.
<br>
Words in obscure languages.  They mean something to me, but not to standard dictionary attacks.</htmltext>
<tokenext>Former zipcodes and telephone numbers .
Pretty easy to remember 15 digits this way .
Some systems wont accept all digits .
Words in obscure languages .
They mean something to me , but not to standard dictionary attacks .</tokentext>
<sentencetext>Former zipcodes and telephone numbers.
Pretty easy to remember 15 digits this way.
Some systems wont accept all digits.
Words in obscure languages.
They mean something to me, but not to standard dictionary attacks.</sentencetext>
</comment>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_60</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845078
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846410
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_51</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845262
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846574
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845126
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30863452
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_105</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845094
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846944
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_34</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845094
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845478
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_25</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845068
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845136
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845698
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_85</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845094
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30848294
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_99</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845068
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845136
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846456
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_24</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845078
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845334
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_90</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845068
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845136
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845798
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846854
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845078
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845280
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30856234
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_76</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845402
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846304
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845228
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846050
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_31</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845192
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846494
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_49</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845182
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845612
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30851254
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_52</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845098
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30848842
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_80</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845182
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845868
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_54</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845120
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30847262
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_79</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845074
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845492
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846668
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_104</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845078
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845404
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_73</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845098
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845200
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_44</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845254
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30847610
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_23</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845094
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846380
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_37</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845068
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845136
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30876426
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845094
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845234
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_97</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845278
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30849378
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845068
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845136
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30847546
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_74</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845078
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30856676
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845192
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30850230
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_65</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845402
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845774
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_41</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845078
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845544
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846406
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_64</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845068
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845136
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845798
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30848648
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_43</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845078
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30849910
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_66</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845074
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845492
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30847318
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_29</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845094
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845354
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_71</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845078
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845916
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_89</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846716
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30858392
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_42</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845094
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845874
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_19</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845074
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845492
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846252
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_94</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845094
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845250
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30848786
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845098
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845944
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845094
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845734
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_35</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845074
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845208
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845094
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845194
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_84</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845278
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30848098
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_58</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845484
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30847560
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_63</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845094
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845368
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_91</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845120
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846394
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_77</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845484
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30852028
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_48</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845078
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845852
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_53</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845054
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30847594
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_27</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845402
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30849120
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_55</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845068
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845136
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30857190
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_18</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845094
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845266
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845074
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845322
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_103</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845120
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30848344
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_32</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845078
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845268
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_92</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845074
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845492
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845904
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_17</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845278
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846000
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_83</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845094
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846152
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845074
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845492
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845804
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_22</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845120
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846746
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_82</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845484
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846640
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_56</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845402
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30855332
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_47</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845074
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845492
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846828
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_50</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845120
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846608
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_75</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845402
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30847630
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_46</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845074
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846362
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_40</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845098
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845534
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_98</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845098
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845790
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_102</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845098
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846706
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845278
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846310
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_16</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845120
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845186
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846104
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_100</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845068
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845136
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845922
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_39</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845350
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30848198
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845068
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845136
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30847688
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30848464
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_101</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845278
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846278
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_30</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845254
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30847460
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_88</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845094
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845172
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_21</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845340
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846488
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_81</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845068
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845136
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30847384
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_95</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845074
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845306
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_20</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845074
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845492
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30847670
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_78</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845120
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30850974
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845094
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845174
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845622
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_69</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845068
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845136
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846170
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_72</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845406
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846130
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845094
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845842
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_45</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845182
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30847122
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_68</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845068
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845136
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845590
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_59</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845120
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846272
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_62</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845074
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845492
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846208
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_107</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845120
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30849718
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_36</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845094
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845174
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30847034
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_38</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845054
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845292
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_96</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845094
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845250
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846832
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_87</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845094
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845174
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845834
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845054
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846040
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_26</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845278
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846722
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_28</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845094
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845348
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_86</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845094
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846702
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_33</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845406
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30847058
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_93</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845068
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845136
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30848976
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_67</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845078
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845282
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_70</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845078
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30848458
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_61</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845068
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845136
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846620
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_106</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845094
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845244
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_01_21_1313235_57</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845074
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845492
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30848518
</commentlist>
</thread>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_21_1313235.18</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845278
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846722
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846278
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30848098
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846310
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30849378
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846000
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_21_1313235.0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30849148
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_21_1313235.15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846716
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30858392
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_21_1313235.34</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845054
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845292
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846040
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30847594
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_21_1313235.6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30849786
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_21_1313235.10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845182
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30847122
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845612
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30851254
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845868
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_21_1313235.1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845068
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845136
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30847384
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30876426
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845798
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846854
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30848648
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30857190
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846620
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30847688
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30848464
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845698
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846456
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30847546
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846170
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30848976
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845590
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845922
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_21_1313235.7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846660
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_21_1313235.22</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845556
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_21_1313235.35</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845254
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30847610
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30847460
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_21_1313235.25</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845192
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30850230
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846494
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_21_1313235.11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845106
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_21_1313235.2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845350
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30848198
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_21_1313235.17</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30849454
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_21_1313235.30</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845412
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_21_1313235.8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845228
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846050
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_21_1313235.36</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845122
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_21_1313235.3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845074
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845208
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845306
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845322
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845492
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846668
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845904
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845804
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30848518
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30847318
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846252
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846828
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846208
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30847670
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846362
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_21_1313235.26</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30848968
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_21_1313235.12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845406
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30847058
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846130
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_21_1313235.9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845340
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846488
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_21_1313235.21</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30847684
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_21_1313235.31</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845866
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_21_1313235.27</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845402
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846304
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30849120
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30847630
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30855332
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845774
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_21_1313235.24</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846168
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_21_1313235.16</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845126
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30863452
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_21_1313235.4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845120
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30847262
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845186
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846104
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30849718
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30850974
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846608
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30848344
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846272
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846746
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846394
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_21_1313235.19</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845568
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_21_1313235.13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30852268
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_21_1313235.32</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845484
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30852028
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846640
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30847560
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_21_1313235.28</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845078
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30856676
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845280
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30856234
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845544
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846406
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845334
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845852
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30848458
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30849910
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845404
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845282
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845916
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845268
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846410
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_21_1313235.14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846314
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_21_1313235.5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845094
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845244
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846702
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30848294
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845348
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846944
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845354
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845172
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845874
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845368
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846380
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845250
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846832
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30848786
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845234
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845266
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845174
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30847034
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845834
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845622
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845478
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845734
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845842
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845194
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846152
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_21_1313235.23</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845262
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846574
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_21_1313235.20</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845098
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30848842
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845944
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30846706
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845790
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845200
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845534
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_21_1313235.33</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845166
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_01_21_1313235.29</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_01_21_1313235.30845392
</commentlist>
</conversation>
