• You are currently viewing our forum as a guest, which gives you limited access to view most discussions and access our other features. By joining our free community, you will have access to additional post topics, communicate privately with other members (PM), view blogs, respond to polls, upload content, and access many other special features. Registration is fast, simple and absolutely free, so please join our community today! Just click here to register. You should turn your Ad Blocker off for this site or certain features may not work properly. If you have any problems with the registration process or your account login, please contact us by clicking here.

Public Service Announcement On Password Security

Tilt

New member
Joined
Sep 18, 2015
Messages
2,586
MBTI Type
ENFJ
Enneagram
3w4
Instinctual Variant
sx/sp
so you mean I can't figure out your old school's name, pet name etc. by calling your great aunty or something like that and giving her a boggus reason to give away the information ?

Dude, get real. This is not secure, giving me your personal story won't change how unsecure these ineffective and ubiquitous easy-to-hack security measures are.
I'm not attacking you personally. I'm happy for you if you make your passes a bit more secure - that still doesn't make the policy a good one. That's akin to saying that cars are perfectly safe because you've never died in one - not a good argument.

As to the passwords - the classic "ad at least one number and one symbol like !" well first off people will generally use the same symbols (! ? & ) and capitalize only the first letter of their password so it's not like it adds that much complexity to the password. You just set up your password breaking software to start with the most likely combination and it d probably cut down the time needed by a factor of thousands whether you use special symbols and numbers or not.

Secondly it's obvious the people who set it up are kind of low-level in terms of theory of mind / psychology. It's beyond obvious that you'll choose a shorter password if the site's asking you to setup a non-human-friendly password.+ you'll have to store it somewhere else than just in your brain because who the hell can remember :

a1rRbo4t& as easily as peachfetchingpricemarket.

So these passwords are not only in practice less secure by huge factors (generally millions time less secure ) but they're not user-friendly in any way.

in short - these policies suck and their wide adoption rate is just a testament to how short-sighted and frankly dull when it comes to any other type of intelligence than mathematical many developers are. Theories about what makes people and data safe are entirely irrelevant to what people actually do. Theory is always superseded by fact. .


Any questions ?

I honestly don't disagree. I highly doubt that people would have much luck mining enough info on me from my family and friends to reset my passwords. I am too paranoid/private for that.

But other than that, any real hacker could probably crack my passwords IF he/she really wanted with the right algorithm, random pulling or a keylogger but probably not from something overtly obvious such as knowing my hobbies and interests.

This thread makes me wanna update all my passwords though. Lol
 

Tater

New member
Joined
Jul 26, 2014
Messages
2,421
password management is one of the most tedious aspects of network security, but you wouldn't believe the vulnerabilities and risks involved with related bad practices. on the enterprise level, access control lists are often insecure, password creation is frequently weak, and swaths of employees leave their passwords written somewhere on or underneath their desks.

the strongest passwords are made with a long string of randomized numbers, letters, and symbols. why? because phonetic passwords are too easily guessed, and password cracking tools more easily uncover phrases that are made from a single dictionary.

trouble comes when you can't remember, and applications like lasspass offer easy and effective solutions for memory loss. in addition to my password management software, i also like to carry around an encrypted flash drive that supports the software i use. that way, i can access my online accounts away from home. without encryption, you're vulnerable to keyloggers, simple theft, and registry input.

here's an example Jet.com - Prices Drop As You Shop

military grade solutions exist as well.

another method i like to use when generating a random password i need to remember is to use a 'pass phrase'.

for instance-

please
excuse
my
dear
aunt
sally

*converting some letters into symbols and numbers = p3md4$

why is it important to add complexity to your passwords? why not use reverse psychology and make a simple one?

because the simple ones exist in dictionaries that attackers use to brute-force their way into your system. here's a list of some of the most common compromised passwords:

1 password
2 123456
3 12345678
4 1234
5 qwerty
6 12345
7 dragon
8 pussy
9 baseball
10 football
11 letmein
12 monkey
13 696969
14 abc123
15 mustang
16 michael
17 shadow
18 master
19 jennifer
20 111111
21 2000
22 jordan
23 superman
24 harley
25 1234567
26 fuckme
27 hunter
28 fuckyou
29 trustno1
30 ranger

the list goes on.

you might be thinking: what's the big deal? i don't store anything special on my account...

you might be right.

but even lower-level user accounts can be used as an entry-point into surrounding systems, including your own if you reuse passwords for other purposes. additionally, if an attacker uses your account to carry out a malicious act, then victims, administrators, management, or even law enforcement may be pointing the finger in your direction.
 

Cor Luctis

Between the Shadows
Staff member
Joined
Apr 18, 2010
Messages
26,599
MBTI Type
INTJ
Enneagram
5w6
Instinctual Variant
sp/sx
another method i like to use when generating a random password i need to remember is to use a 'pass phrase'.
Most of my passwords are generated in this manner. I use words from songs or poems that are easy to remember.
 

Forever

Permabanned
Joined
Aug 30, 2013
Messages
8,557
MBTI Type
NiFi
Enneagram
3w4
Instinctual Variant
sx/so
I memorize my passwords through muscle memory lol. It only is useful though if I am the site quite frequently.
 
Top