A String of Characters...

McM

Krautnigger
Screenshot_30.jpg

Screenshot_29.jpg


It's from 2012, but was a interesting read for me.

"This summer, hackers destroyed my entire digital life in the span of an hour. My Apple, Twitter, and Gmail passwords were all robust—seven, 10, and 19 characters, respectively, all alphanumeric, some with symbols thrown in as well—but the three accounts were linked, so once the hackers had conned their way into one, they had them all."

Kill the Password: A String of Characters Won’t Protect You

I started with 8498 on all my accounts, the same as my bicycle lock. :facepalm:
Fortunately nothing has ever happened.
 

D.O.A.

LET ME TELL YOU A COUPLE A THREE THINGS

Yumisan

Horror Show.
I use a different password for every account, but I make them so complicated that I hardly remember what they are and have to change them all the time, I even keep logged in this site because I don't know which is my password. :shrug:
 
OP
McM

McM

Krautnigger
I use two factor authorization wherever possible, including this forum. Another layer that's all.

View attachment 236040

This is bullshit, we can open iphones with 4 digit pincodes (10,000 combinations) like candy with a brute force tool freemanrepo/libTransLock · GitHub once you ramp up to 6 digits with characters I'll be dead before a modern PC can crack it.

http://cups.cs.cmu.edu/rshay/pubs/passwords_and_people2011.pdf

length is the only thing that really influences password strength.
Maybe I got it wrong, but didn't he wrote the same? Don't use a short password. What's exactly the flaw? :)
The pdf is interesting.

After I read the article, I've done a overhaul of all my security settings. They're a bit better now. I have no 'values' on this pc, but don't want to get hijacked and be part of scams and botnets.
But remember passwords? No chance, I have to write them up in a booklet. I'm happy if I remember the right 4 digits combination for the ATM.
 

Attachments

D.O.A.

LET ME TELL YOU A COUPLE A THREE THINGS
Maybe I got it wrong, but didn't he wrote the same? Don't use a short password. What's exactly the flaw? :)

After I read the article, I've done a overhaul of all my security settings. They're a bit better now. I have no 'values' on this pc, but don't want to get hijacked and be part of scams and botnets.
But remember passwords? No chance, I have to write them up in a booklet. I'm happy if I remember the right 4 digits combination for the ATM.
I'm saying 6 digit random passwords are not as easy to crack as this guy makes out. As mentioned I can use IPbox and crack 4 digit passwords in a matter of hours.

To give you an example, even a slightly longer 6 but character passcode, increases the number of possible passcode combinations from 10,000 (10^4) to 208.4 billion (77^6)).

The article assumes you have the time and power to go through 208.4 billion combinations from his example of a 'short' pass.

edit; and they assume you have maximum 208.4 billion consecutive attempts before whatever system lets you in.
 
  • Like
Reactions: McM
OP
McM

McM

Krautnigger
I'm saying 6 digit random passwords are not as easy to crack as this guy makes out. As mentioned I can use IPbox and crack 4 digit passwords in a matter of hours.

To give you an example, even a slightly longer 6 but character passcode, increases the number of possible passcode combinations from 10,000 (10^4) to 208.4 billion (77^6)).

The article assumes you have the time and power to go through 208.4 billion combinations from his example of a 'short' pass.

edit; and they assume you have 208.4 billion consecutive tries before whatever system lets you in.
Yo, I've got it now.
 

D.O.A.

LET ME TELL YOU A COUPLE A THREE THINGS
Yo, I've got it now.
Imagine brute forcing a forum that gives you only three attempts at passwords, banking app, whatever. It's needless paranoia if you have something decently random as a pass, they're gonna be trying for a loooooong time, especially if you lock out invalid IP attempts, 3 tries your done, etc and other easy ways to put the brake on bots.
 
OP
McM

McM

Krautnigger
Imagine brute forcing a forum that gives you only three attempts at passwords, banking app, whatever. It's needless paranoia if you have something decently random as a pass, they're gonna be trying for a loooooong time.
Ok, good to know. My pw's are all randomly shit, no cat names etc. and up to 16 digits. Should be enough, I wrote them up but the booklet is always at home safe.
 

D.O.A.

LET ME TELL YOU A COUPLE A THREE THINGS
Ok, good to know. My pw's are all randomly shit, no cat names etc. and up to 16 digits. Should be enough, I wrote them up but the booklet is always at home safe.
I use lastpass LastPass | Password Manager, Auto Form Filler, Random Password Generator & Secure Digital Wallet App which is also locked to my devices/computer... forget your main password and don't have the required plugins for it so it can verify you, it's unrecoverable, not even lastpass can recover it.
 
Top