- Status
killerb255
Distinguished
- Jul 20, 2006
- 91
- 0
- 18,580
[citation][nom]jaquith[/nom]Until someone finds an exploit then all your passwords are open game. My critical stuff has the passwords changed every month and I type gibberish -- &)*YT &)^ hdHSfg87gy9%$^%&[/citation]
Only if they get access to my system which is behind two different firewalls and an intrusion detection system (IDS). The database is encrypted with a rather ridiculous passphrase and very secure. I sync it between systems by emailing it as it's very unlikely that anyone will brute-force decrypt it in my lifetime (or would want to spend the time trying).
Only if they get access to my system which is behind two different firewalls and an intrusion detection system (IDS). The database is encrypted with a rather ridiculous passphrase and very secure. I sync it between systems by emailing it as it's very unlikely that anyone will brute-force decrypt it in my lifetime (or would want to spend the time trying).
[citation][nom]molo9000[/nom]The problem is that you need an account for EVERYTHING these days. Nobody can remember 30 different passwords.Strong, unique passwords for email-accounts, paypal, etc. are a must, but for everything else it's just not possible.[/citation]
That is why I use Keepass. The alternate "industry" solution is single sign-on (SSO). The problem is that it becomes a single point of failure so if the provider is compromised or off-line, you've got problems with all of your accounts.
That is why I use Keepass. The alternate "industry" solution is single sign-on (SSO). The problem is that it becomes a single point of failure so if the provider is compromised or off-line, you've got problems with all of your accounts.
K2N hater
Distinguished
- Sep 15, 2009
- 203
- 1
- 18,830
Password complexity requeriments come from the assumption a hacker
1. Has access to all the logins and encrypted passwords
2. Is able to decrypt through brute force
As a side note, not even the most complex password and the most secure service - through traditional authentication means - is able to prevent a keylogger or a network sniffer.
Also long complex passwords are often copied to notes near the PC or in cell phones so enforcing authentication through complex passwords may eventually (in the case offices in general) turn into the opposite effect.
1. Has access to all the logins and encrypted passwords
2. Is able to decrypt through brute force
As a side note, not even the most complex password and the most secure service - through traditional authentication means - is able to prevent a keylogger or a network sniffer.
Also long complex passwords are often copied to notes near the PC or in cell phones so enforcing authentication through complex passwords may eventually (in the case offices in general) turn into the opposite effect.
hoofhearted
Distinguished
- Apr 9, 2004
- 423
- 0
- 18,930
[citation][nom]A Bad Day[/nom]Reusing passwords, '1234' password.The problem often exist between the chair and the keyboard.[/citation]
Thanks! You just blurted out my password so everyone knows it now! Now I have to login everywhere and change it
Thanks! You just blurted out my password so everyone knows it now! Now I have to login everywhere and change it
- Sep 6, 2008
- 3,485
- 0
- 20,730
booyaah
Distinguished
- Mar 17, 2006
- 18
- 0
- 18,560
[citation][nom]K2N hater[/nom]As a side note, not even the most complex password and the most secure service - through traditional authentication means - is able to prevent a keylogger or a network sniffer.t[/citation]
Not if you use a OTP generator like a RSA token for password authentication.
Not if you use a OTP generator like a RSA token for password authentication.
ojas
Distinguished
- Feb 25, 2011
- 370
- 0
- 18,940
[citation][nom]Andy Chow[/nom]I use a password "manager", like Keypass. (heck, it is keypass, but there are other solutions).Use the same password if it doesn't matter, but use a unique password if it does. That means I have about 14 different passwords, which I could never remember. Also remember length is a lot better than different characters. i.e. correcthorsebatterystaple is a lot better than Tr0ub4do&3 (check out xkcd if you don't believe this).But with a software like KeyPass, you can generate long random passwords in 1 second and never have to worry about remembering.[/citation]
I remember Andrew Ku saying that correcthorsebatterystaple would be the equivalent of a 4-letter password in the the case of a dictionary-based attack :O
I remember Andrew Ku saying that correcthorsebatterystaple would be the equivalent of a 4-letter password in the the case of a dictionary-based attack :O
[citation][nom]ojas[/nom]I remember Andrew Ku saying that correcthorsebatterystaple would be the equivalent of a 4-letter password in the the case of a dictionary-based attack[/citation]
Sorry, that's stupid. First, you can't have it both ways. Either you do a brute force attack, or you do a dictionary attack. You can't do both. And sure, if said hacker used a dictionary based attack, it would be a 4-letter password, but four letters out of 10 000 letters, assuming a restricted dictionary was used.
Which is still 10 000 times safer than an 8 character random alphanumeric password.
And if the hacker is using a brute force approach, sorry, it's infinitely safer. I love you guys who talk about dictionary attacks. I've never seen a dictionary attack use several words. They either use single words then switch to brute attacks, or start off with brute attacks from the start. But whatever makes you feel safe...
Sorry, that's stupid. First, you can't have it both ways. Either you do a brute force attack, or you do a dictionary attack. You can't do both. And sure, if said hacker used a dictionary based attack, it would be a 4-letter password, but four letters out of 10 000 letters, assuming a restricted dictionary was used.
Which is still 10 000 times safer than an 8 character random alphanumeric password.
And if the hacker is using a brute force approach, sorry, it's infinitely safer. I love you guys who talk about dictionary attacks. I've never seen a dictionary attack use several words. They either use single words then switch to brute attacks, or start off with brute attacks from the start. But whatever makes you feel safe...
Very poor reporting.
The Microsoft article did NOT say "Hackers Have Access To 1 in 5 Microsoft Logins".
It says that when a hack list is published, of the Microsoft emais, 20% of the passwords would match.
That is completely different than saying that 20% of all Microsoft accounts are hacked... Jeesh...
Kevin, are you willing to make a correction on this, or should we just chalk this up to being lazy or stupid?
The Microsoft article did NOT say "Hackers Have Access To 1 in 5 Microsoft Logins".
It says that when a hack list is published, of the Microsoft emais, 20% of the passwords would match.
That is completely different than saying that 20% of all Microsoft accounts are hacked... Jeesh...
Kevin, are you willing to make a correction on this, or should we just chalk this up to being lazy or stupid?
- Status
Similar threads
TRENDING THREADS
-
-
-
Question Does the Toshiba L755 laptop have a usb 2.0 port?- Started by sf44
- Replies: 1
-
Question My laptop crashes and I can't find the cause.
- Started by l1umen
- Replies: 1
-
Question Galaxy Samsung S23 Ultra Save some messages in Messages App Cache before clearing cache?
- Started by Geary B
- Replies: 4
-
Question ethernet question with the hp elitebook and the hp port replicator
- Started by corvairbob
- Replies: 10
-
Info ONN tws earbuds without a button pairing problems. Only 1 pairing.
- Started by sbanner84
- Replies: 1
Facebook
Twitter