Forum Settings
       
Reply To Thread

P@$$w0rd S3cur!tyFollow

#27 Oct 19 2013 at 5:06 PM Rating: Decent
The All Knowing
Avatar
*****
10,265 posts
RDD wrote:
Are you just making an argument for the sake of arguing?


I'm honestly not. It just doesn't make sense to me. That's like running RAID on your computer and saying that you don't have anything important to back up as opposed to using the additional storage space and simply backing up important stuff in a cloud or an external media device.

RDD wrote:

Now do I need random passwords thrown at me from an old PC? Not really.
Why do it then if you don't need it? Why not.


Nothing against doing it for no real reason, but if it's for simplicity purposes, then going fully automated is the obvious solution.

RDD wrote:
I don't use online banking because I HAVE to go to the bank 2 times a month already, Im not sure how much you frequent online banking (nor do I care) but I can't seem to think it would have any more use than a couple times a month to maybe check balances or move money. The same stuff I can do while at the bank that I am going to go to anyway.


I'm not sure how your bank is set up, but the line to discuss financial matters is different from the line to make normal transactions. So, instead of waiting in two completely differently lines, potentially doubling your time at the bank, you can complete your normal transactions any time of the day from your pc or cellphone. Not only does that minimize your time at the bank, but others as well.

Also, I would question the necessity of those two visits a month. I don't know your investment or am I well versed in investments, but given this automated, quick fast and in a hurry society, I can't imagine a bank providing a service that requires that many visits to the bank. Please correct me if I'm wrong, because I know not, but with the bank cellphone apps that allow users to deposit checks with their cell phone, it sounds a bit counter productive. However, I do understand from a "job security" point of view, but big money makers tend to follow money trends that benefit them, not their employees.

#28 Oct 19 2013 at 9:51 PM Rating: Good
*******
50,767 posts
Kavekk wrote:
Just use whatever, then forget it.
Oh, you got it back. Nice.
____________________________
George Carlin wrote:
I think it’s the duty of the comedian to find out where the line is drawn and cross it deliberately.
#29 Oct 20 2013 at 1:58 AM Rating: Good
Repressed Memories
******
21,027 posts
All my passwords are a modular addition between a key phrase and a descriptive phrase of the particular usage. Every password is different, every password is easy to remember, looks entirely random, can be reset individually or as a group.
#30 Oct 20 2013 at 7:56 PM Rating: Good
*****
15,952 posts
I am jealous of your mad logic skills.
#31 Oct 21 2013 at 1:36 AM Rating: Decent
**
496 posts
If something doesn't let me use 123456789, i just give up.
#32 Oct 22 2013 at 3:44 PM Rating: Excellent
Encyclopedia
******
35,568 posts
I use 12345, the same as my luggage.
____________________________
King Nobby wrote:
More words please
#33 Oct 22 2013 at 6:06 PM Rating: Excellent
*******
50,767 posts
Hail Scroob.
____________________________
George Carlin wrote:
I think it’s the duty of the comedian to find out where the line is drawn and cross it deliberately.
#34 Oct 24 2013 at 4:23 AM Rating: Decent
****
7,732 posts
someproteinguy wrote:
I have 3 different generic passwords I use commonly.


[:picardTripleFacePalm;]

idiggory, King of Bards wrote:


dictionary attacks make it less effective now than it was at the time that comic was made

---

this is assuming the hackers have a hashed list and they are trying to test passwords by hashing them then comparing against that list of hashes. if your password is just encrypted...

the typical attack will involve someone using a massive list of passwords, this started with the rockyou breach back in 09, and trying those first. that breach lead to more and gave a lot of insight as it was the first major exposure of how real people do passwords. it also helped lead to more breaches that revealed more passwords which is an on going cycle.

after that they will use a dictionary attack that combines words, often the 1337 versions and maybe some numbers at the end. this attack vector will also combine those words, making correct battery horse staple not as strong. side note foreign words are the same as english words, most common languages will have many entries in the dictionary from not english

the fancier people trying to crack your hash will have a crawler scrape wikipedia then check all those strings, so that crazy lovecraft demon you use as as password sucks because it also could easily be a list.

that being said sites that make you use one of blah, blah, blah deserve to be shot. that just cause people to always reset their password (which is also a security risk), use the same password everywhere or use something terrible keyboard based system -> 1qaz@WSX looks cool and all elite but seriously...

being a crazy person that can remember some 20 odd random 12 character strings would be the most secure. otherwise a good password manager is your best bet. using the phase phrase system works, but it works best if you go something like: word1SYMBOLORSPACEword2withleetspeakDIFFERENTSYMBOLORSPACEword3ormaybeadate, etc etc. that adds more randomness and reduces the chance that what you are using will come up in a dictionary attack

as a side note people who think the new ios finger print thing is a password or that biometrics will become passwords are wrong, those are equivalent to user names not passwords.
____________________________
Hellbanned

idiggory wrote:
Drinking at home. But I could probably stand to get laid.
#35 Oct 24 2013 at 5:23 AM Rating: Decent
The All Knowing
Avatar
*****
10,265 posts
Quote:
this is assuming the hackers have a hashed list and they are trying to test passwords by hashing them then comparing against that list of hashes. if your password is just encrypted...

the typical attack will involve someone using a massive list of passwords, this started with the rockyou breach back in 09, and trying those first. that breach lead to more and gave a lot of insight as it was the first major exposure of how real people do passwords. it also helped lead to more breaches that revealed more passwords which is an on going cycle.

after that they will use a dictionary attack that combines words, often the 1337 versions and maybe some numbers at the end. this attack vector will also combine those words, making correct battery horse staple not as strong. side note foreign words are the same as english words, most common languages will have many entries in the dictionary from not english

the fancier people trying to crack your hash will have a crawler scrape wikipedia then check all those strings, so that crazy lovecraft demon you use as as password sucks because it also could easily be a list.

that being said sites that make you use one of blah, blah, blah deserve to be shot. that just cause people to always reset their password (which is also a security risk), use the same password everywhere or use something terrible keyboard based system -> 1qaz@WSX looks cool and all elite but seriously...

being a crazy person that can remember some 20 odd random 12 character strings would be the most secure. otherwise a good password manager is your best bet. using the phase phrase system works, but it works best if you go something like: word1SYMBOLORSPACEword2withleetspeakDIFFERENTSYMBOLORSPACEword3ormaybeadate, etc etc. that adds more randomness and reduces the chance that what you are using will come up in a dictionary attack

as a side note people who think the new ios finger print thing is a password or that biometrics will become passwords are wrong, those are equivalent to user names not passwords.


As much as I would like to argue against some of those points, I simply don't know enough in order to do so. I will say, that there is a limit that the average person should consider. Hackers who spend all of their effort cracking the toughest of passwords will eventually crack into whatever you have if they try. Unless of course, you have a MD/SHA hashed password that is sent every 15 seconds as a synchronous token that can only be accessed via biometrics and an additional random 2-factor authentication. You know, RDD's setup to get passwords to safeguard stuff that isn't sensitive.
#36 Oct 24 2013 at 9:39 AM Rating: Excellent
Meat Popsicle
*****
13,666 posts
Horsemouth wrote:
someproteinguy wrote:
I have 3 different generic passwords I use commonly.


[:picardTripleFacePalm;]
I know I know... Smiley: rolleyes

But there's too many free sites that want you "to have a password" to cut down on abuse or whatever. If it's got nothing worth any monetary value to me I'm not going to put any effort into protecting the account. I suppose if someone really wants to hack my free account at sharecg.com or nexusmods.com they'll have an easier time, and it'll be the same password as that LOTRO account I never use and has no credit card linked to it. So they'd probably get into that fairly easily too. I'm sure my level 8 Minstrel probably would be fine with the extra attention anyway. Smiley: lol

Edited, Oct 24th 2013 8:41am by someproteinguy
____________________________
That monster in the mirror, he just might be you. -Grover
#37 Oct 24 2013 at 10:20 AM Rating: Good
Skelly Poker Since 2008
*****
16,781 posts
I pretty much use the same password for everything but my bank. I usually start with good intentions of having a different password but inevitably I forget what the other new password is. Then I have to go through the whole process of getting an email, correctly answering my secret questions (which I often get wrong) and then finally permission to reset my password.

When I get to the reset prompt I figure I should reset it to something I can remember.
____________________________
Alma wrote:
I lost my post
#38 Oct 24 2013 at 10:40 AM Rating: Excellent
Liberal Conspiracy
*******
TILT
I use Crazylovecraftdemon69 as my password everywhere.
____________________________
Belkira wrote:
Wow. Regular ol' Joph fan club in here.
#39 Oct 24 2013 at 10:51 AM Rating: Good
Skelly Poker Since 2008
*****
16,781 posts
Who else just tried to hack into Joph's zam account using the above password?
____________________________
Alma wrote:
I lost my post
#40 Oct 24 2013 at 10:53 AM Rating: Good
*****
15,952 posts
I presumed it was really some variation of Cthulu and Ada Lovelace and tried that.
#41 Oct 24 2013 at 11:00 AM Rating: Excellent
Liberal Conspiracy
*******
TILT
Elinda wrote:
Who else just tried to hack into Joph's zam account using the above password?

Me!

Did it work?
____________________________
Belkira wrote:
Wow. Regular ol' Joph fan club in here.
#42 Oct 24 2013 at 11:03 AM Rating: Good
*****
15,952 posts
Ah haw haw haw
#43 Oct 24 2013 at 1:20 PM Rating: Excellent
******
27,272 posts
Jophiel wrote:
Elinda wrote:
Who else just tried to hack into Joph's zam account using the above password?

Me!

Did it work?
So TLW, how many new sock accounts have you gotten out of this thread?
#44 Oct 26 2013 at 1:46 PM Rating: Good
Avatar
*****
13,240 posts
Some. Not Uglysasquatch's. Also, Nixnot changed his bank acct pass again, someone should tell him to stop emailing those passwords to himself in plaintext.
____________________________
Just as Planned.
#45 Oct 26 2013 at 2:24 PM Rating: Good
Avatar
*****
13,240 posts
Public service announcement: Buttsisnotapass3 is not secure. Almost anything with pass or password is insecure.
____________________________
Just as Planned.
#46 Oct 27 2013 at 4:19 AM Rating: Good
Soulless Internet Tiger
******
35,474 posts
Timelordwho wrote:
Some. Not Uglysasquatch's.
That's because he said new, right?
____________________________
Donate. One day it could be your family.


An invasion of armies can be resisted, but not an idea whose time has come. Victor Hugo

#47 Oct 27 2013 at 6:34 AM Rating: Good
Sock it to 'em.
#48 Oct 27 2013 at 6:38 AM Rating: Good
Do my posts actually make the slightest bit of sense?

I think I'm having an epiphany, but it's just too damn noisy in this library.
#49 Oct 27 2013 at 8:19 AM Rating: Good
******
27,272 posts
Kavekk wrote:
Do my posts actually make the slightest bit of sense?
Of course not.
#50 Oct 27 2013 at 11:51 AM Rating: Good
Avatar
*****
13,240 posts
Kavekk wrote:
Do my posts actually make the slightest bit of sense?

I think I'm having an epiphany, but it's just too damn noisy in this library.


Making sense is not allowed in the asylum; Gbaji is here.
____________________________
Just as Planned.
#51 Oct 27 2013 at 4:05 PM Rating: Default
The All Knowing
Avatar
*****
10,265 posts
Kavekk wrote:
Do my posts actually make the slightest bit of sense?

I think I'm having an epiphany, but it's just too damn noisy in this library.


Was that a reference to the racially insensitive White girl describing the Chinese at her school?
Reply To Thread

Colors Smileys Quote OriginalQuote Checked Help

 

Recent Visitors: 289 All times are in CST
Anonymous Guests (289)