|
2house2fly posted:There was an old xkcd comic about how having a short sentence as your password is more secure than an aBc123! kind of deal and easier to memorise. Though that was over a decade ago, I don't know how much more leet the hackers have got in that time and aBc123! and an access token might be the only thing keeping the demons at bay these days That guidance still holds, though yes, having MFA is always better. Having a password manager also helps with creating strong passwords.
|
# ? Jan 25, 2023 04:06 |
|
|
# ? May 26, 2024 20:43 |
|
Flair posted:That guidance still holds, though yes, having MFA is always better. Having a password manager also helps with creating strong passwords. Just not LastPass lmao
|
# ? Jan 25, 2023 04:09 |
|
Lib and let die posted:Just not LastPass lmao
|
# ? Jan 25, 2023 04:57 |
|
I've never used it becuse a third party app having all my passwords in what I'm sure is always an encrypted form, cough., sounded less ideal than just having my own system. Is it like ridiculously insecure or riddled with spyware or something?
|
# ? Jan 25, 2023 06:03 |
|
I just use firefox's locally stored password manager, and have one password I actually know. If for whatever reason, something goes wrong with it, I can use my email to restore the other passwords even though it would be a pain in the butt.
|
# ? Jan 25, 2023 06:07 |
|
My new website will have you change your password every time you log in for maximum security.
|
# ? Jan 25, 2023 06:10 |
|
LividLiquid posted:I've never used it becuse a third party app having all my passwords in what I'm sure is always an encrypted form, cough., sounded less ideal than just having my own system. Is it like ridiculously insecure or riddled with spyware or something? Lastpass almost consistently disclose that they had breach or are affected by a breach on an annual basis.
|
# ? Jan 25, 2023 06:14 |
|
LividLiquid posted:I've never used it becuse a third party app having all my passwords in what I'm sure is always an encrypted form, cough., sounded less ideal than just having my own system. Is it like ridiculously insecure or riddled with spyware or something? I only started using Bitwarden once I got tired of Reset Password being my password. My email is the only password I don't keep in there, just in case. Feel free to steal my ID hackers, my credit score is Error.
|
# ? Jan 25, 2023 06:22 |
|
Tunicate posted:My new website will have you change your password every time you log in for maximum security. Usenet.farm does something like this. You login only using an email and it sends you the login link immediately there. But I prefer passwordless login Microsoft is pushing. Login using their Authenticator app and just click Yes on a phone.
|
# ? Jan 25, 2023 07:09 |
|
More convenient than Apple's solution that also requires inputting a code. It gets annoying because their online services periodically log me out if I'm accessing them from a pc browser.
|
# ? Jan 25, 2023 07:31 |
|
2house2fly posted:There was an old xkcd comic about how having a short sentence as your password is more secure than an aBc123! kind of deal and easier to memorise. Though that was over a decade ago, I don't know how much more leet the hackers have got in that time and aBc123! and an access token might be the only thing keeping the demons at bay these days I imagine it would only work as long as vast majority of people use these machine-friendly passwords like G.4*rqP(Fsa\vn_4. If everyone started doing this I bet it would easy to make some predictions on what words people use in passwords. Just like nowadays you could *hack* a lot of stuff with passwords like qwerty1 or admin, you could probably have a system that could guess a password for a significant number of people in just a few guesses.
|
# ? Jan 25, 2023 11:21 |
|
When XKCD did that strip with the "correct horse battery staple" password example it actually did convince a lot of readers to use that format of password. A not insignificant number of them actually used "correct horse battery staple" as their password, and got hacked to gently caress because of it. lol.
|
# ? Jan 25, 2023 12:28 |
|
aba posted:Usenet.farm does something like this. You login only using an email and it sends you the login link immediately there. I'm not installing any apps on my phone that my employer demands I use. You can send me a phone to install an authenticator app on
|
# ? Jan 25, 2023 12:46 |
|
Lib and let die posted:I'm not installing any apps on my phone that my employer demands I use. You can send me a phone to install an authenticator app on One of our customers uses SAP and requires 2fa and we set it to the office phone for this reason. IT ran a "quick upgrade" on the phones Friday after hours that took 9 hours and failed. They reverted the changes but didn't actually check to see if they worked so Monday we couldn't process any of that customers orders until 2 or 3pm Len fucked around with this message at 13:04 on Jan 25, 2023 |
# ? Jan 25, 2023 13:02 |
|
Len posted:One of our customers uses SAP and requires 2fa and we set it to the office phone for this reason. Lemme guess Avaya phones?
|
# ? Jan 25, 2023 13:13 |
|
ilitarist posted:I imagine it would only work as long as vast majority of people use these machine-friendly passwords like G.4*rqP(Fsa\vn_4. If everyone started doing this I bet it would easy to make some predictions on what words people use in passwords. Just like nowadays you could *hack* a lot of stuff with passwords like qwerty1 or admin, you could probably have a system that could guess a password for a significant number of people in just a few guesses.
|
# ? Jan 25, 2023 13:19 |
|
Lib and let die posted:Lemme guess Avaya phones? Mitel
|
# ? Jan 25, 2023 13:55 |
|
AfricanBootyShine posted:I use these but I blend them with nonsense words that only have meaning to me, or are extremely specific to the work I do. Good luck doing a dictionary attack on a password made up of the fake animals I imagined as a kid and the stock codes for the bottles I bought ten billion of at my first job. (neither of those are parts of any of my passwords, but you get the gist). Well then I probably won't be able to hack you. But it's obvious that most cases of hacking are not about hacking someone specific but about covering a lot of ground and then parsing the data for something useful. Like setup a site that gives away free games to get people's emails. But I've seen the movies and played some games. I'm sure if you get into your house and sit in front of your computer there will be a notebook on your desk describing the story your mother read to you as a child where a knight has fooled the dragon by telling him "Dr@gonAnthiraxiusIAmNo1" and confusing him.
|
# ? Jan 25, 2023 14:02 |
|
AfricanBootyShine posted:I use these but I blend them with nonsense words that only have meaning to me, or are extremely specific to the work I do. Good luck doing a dictionary attack on a password made up of the fake animals I imagined as a kid and the stock codes for the bottles I bought ten billion of at my first job. (neither of those are parts of any of my passwords, but you get the gist). Same here, a bit. I often use a password that was automatically generated for me on a Linux system decades ago and is graven into my memory. It's nothing but a string of meaningless alphanumeric characters.
|
# ? Jan 25, 2023 14:15 |
|
Re-using passwords is bad for anything you care about because if it gets exposed anywhere, it's the first thing a targeted attack will try on any account it can identify as yours. It is less common for hacking to be targeted but don't take the risk for important stuff like Neopets
|
# ? Jan 25, 2023 16:29 |
|
My system runs on a "Dude it's me, come on" system
|
# ? Jan 25, 2023 16:31 |
|
I just sequence through love, sex, secret, and god. It's worked for me so far.
|
# ? Jan 25, 2023 16:37 |
I started using Bitwarden and it’s helped a lot. I guess if it gets hacked I’ll just have to start resetting everything again but it’s been much easier to keep up with the bajillion accounts/passwords I have and not having to reuse passwords.
|
|
# ? Jan 25, 2023 16:46 |
|
Invalid Validation posted:I started using Bitwarden and it’s helped a lot. I guess if it gets hacked I’ll just have to start resetting everything again but it’s been much easier to keep up with the bajillion accounts/passwords I have and not having to reuse passwords. Bitwarden is great, one of the things I like about it is that you can set up your own hosted instance on a raspberry pi and vpn back into it for your password manager so nothing is stored on BW servers. It's on my to-do list when I can drop a few hundred for a pi starter kit.
|
# ? Jan 25, 2023 17:28 |
|
ilitarist posted:I imagine it would only work as long as vast majority of people use these machine-friendly passwords like G.4*rqP(Fsa\vn_4. If everyone started doing this I bet it would easy to make some predictions on what words people use in passwords. Just like nowadays you could *hack* a lot of stuff with passwords like qwerty1 or admin, you could probably have a system that could guess a password for a significant number of people in just a few guesses. Yes, this method of attack already exists: it is called Dictionary Attack, where you have a "dictionary" of common words (or words associated to the user/target if this is a high-value user/target and you infer that they would use words associated with their life), and it's like a regular brute force attack but with words instead of just a character. Anyway, if you generate these passwords or passphrases randomly and they are long enough, these kinds of attack are not going to work realistically with current resources.
|
# ? Jan 25, 2023 18:26 |
|
ilitarist posted:I imagine it would only work as long as vast majority of people use these machine-friendly passwords like G.4*rqP(Fsa\vn_4. If everyone started doing this I bet it would easy to make some predictions on what words people use in passwords. Just like nowadays you could *hack* a lot of stuff with passwords like qwerty1 or admin, you could probably have a system that could guess a password for a significant number of people in just a few guesses. you are completely wrong btw the security analysis for passphrases like that starts by assuming the attacker knows you're using a passphrase, exactly which dictionary you picked the words out of, and how many words long it is. for example, if you use a list with just 7000 words, a 6-word passphrase such as "headpiece dimmed slab scallion outbreak saddling" (i just generated that) has 2^76 possibilities to check even with a dictionary attack that makes it about equal to a 13-random-letters/numbers password like "HMvSR09cS0jSq" security-wise, but much easier to remember cryptographers never like to rely on security through obscurity, so security analyses of things like that always assume that there's no "trick" and your attacker knows exactly what you're doing however the xkcd comic is out of date: computers have gotten faster and faster at brute-forcing stuff, and 44 bits of entropy is no longer considered secure. so you want a passphrase that's 6 words long, not 4 RPATDO_LAMD fucked around with this message at 20:53 on Jan 25, 2023 |
# ? Jan 25, 2023 20:48 |
|
my passwords are the most secure because I use coco the gorilla's lexigram as a keyboard. how many hackers out there even have gorilla lexigram keyboards? not enough to get to my hot datas, i bet
|
# ? Jan 25, 2023 21:17 |
|
RPATDO_LAMD posted:you are completely wrong btw futureproof password: correctcorrectbatterybatteryhorsehorsestaplestaple
|
# ? Jan 25, 2023 21:23 |
|
doctorfrog posted:futureproof password: correctcorrectbatterybatteryhorsehorsestaplestaple The correct password is now actually incorrect.battery.horse.staple
|
# ? Jan 25, 2023 21:24 |
|
If you're using passphrases, go out of your way to pick one or two words in a different language. Of course it's best if you use pass phrases that aren't in English at all, but using two or even three different languages in pass phrases drastically reduces the possibility of dictionary attacks. Don't use foreign loan words though, obviously. Yes, déjà-vu is technically French, but it's not gonna help here. And make sure that whatever foreign word you use can't be mistaken for English in any way, the farther away the better, just so you don't run the risk of it being some obscure word a British poet used once in the 17th century. It's gonna be pretty tough to crack a password like hitman flugzeug portemonnaie juego with a dictionary attack even if it's just 4 words, because even if you have a dictionary with English/German/French/Spanish words for some reason, its size just went waaaay up.
|
# ? Jan 25, 2023 21:30 |
|
Read some a year or three back that in the "near future" quantum computing will simply laugh at all of this.
|
# ? Jan 25, 2023 21:39 |
|
Not a single instance of your account info being stolen and sold by hackers was done by figuring out your specific password Hackers almost exclusively use social engineering to steal entire user databases. The rest are through software/hardware exploits you have no control over All you can do is refrain from repeating passwords and use 2fa wherever possible
|
# ? Jan 25, 2023 21:40 |
|
I have I guess what you would call a crude algorithm, to creating new passwords. It's always related to the specific product, some measure of the time of year, and a specific meaningless string of numbers that's served me pretty well over the past.
|
# ? Jan 25, 2023 21:42 |
|
Manager Hoyden posted:Not a single instance of your account info being stolen and sold by hackers was done by figuring out your specific password Random online hackers, sure, but some folks are stuck unfortunately knowing or working with creeps who may take brute force tactics to intrude on their digital lives. Password complexity hygiene is useful as is avoiding post its for threat models such as that.
|
# ? Jan 25, 2023 21:50 |
|
^^ like me. all the bad dudes want my pre-microsoft five-letter-named minecraft account.Lib and let die posted:I have I guess what you would call a crude algorithm, to creating new passwords. It's always related to the specific product, some measure of the time of year, and a specific meaningless string of numbers that's served me pretty well over the past. SteamSummer54L3 you been compromised, thrifty game playin bitch treat fucked around with this message at 22:03 on Jan 25, 2023 |
# ? Jan 25, 2023 21:59 |
|
Ok look I'll do anything you want just don't leak my playtimes
|
# ? Jan 25, 2023 22:02 |
|
asking me to create an account is theft asking me to think of a secure password is theft checking my email for a confirmation is theft
|
# ? Jan 25, 2023 22:10 |
|
my favorite free game is "Password Manager 2008"
|
# ? Jan 25, 2023 22:13 |
|
Montague Tigg posted:my favorite free game is "Password Manager 2008" Learn your friends steam usernames and guess their passwords, free games for life
|
# ? Jan 25, 2023 22:19 |
|
|
# ? May 26, 2024 20:43 |
|
Manager Hoyden posted:Not a single instance of your account info being stolen and sold by hackers was done by figuring out your specific password it happens when yet another incompetent company (but not so incompetent as to store poo poo in plaintext) leaks their database of hashed passwords, and someone runs a brute force checker overnight trying to crack as many of the hashed passwords as possible. there's nothing personal involved here, they're checking those guesses in parallel against a million users at once! this is especially bad if you reuse passwords between multiple accounts but can still be bad if it was just one and someone e.g. cracks into your Sony account and fraudulently charges a bunch of poo poo to your saved CC# e: salting the stored hashes can help prevent this but many/most companies still do not bother taking basic cybersecurity steps like that RPATDO_LAMD fucked around with this message at 22:50 on Jan 25, 2023 |
# ? Jan 25, 2023 22:45 |