What do I do? should I reset my password? I have had the same password for the last 5+ years.
Also none of these were my fault.
[IMG]http://i.imgur.com/0GqP6Ep.png[/IMG]
I'd be pretty concerned.
I'd change all of my passwords just to be safe, especially if you are using the same one for multiple services.
You should reset your password on your email and any other services you use.
Great, I am the member on about 20+ websites, looks like today will be password reset day...
[QUOTE=CryoDragon;44755186]Great, I am the member on about 20+ websites, looks like today will be password reset day...[/QUOTE]
Use different passwords for everything, at least your e-mail.
You got 3 different password changes for Steam because 3 different master hackers are trying to hack into your account. It's very valuable property!
Use the confusion to change your password!
Change it to something safe like "youwontguessthis", they'll never guess that.
[QUOTE=Last or First;44758114]You got 3 different password changes for Steam because 3 different master hackers are trying to hack into your account. It's very valuable property!
Use the confusion to change your password!
Change it to something safe like "youwontguessthis", they'll never guess that.[/QUOTE]
I used to do that years ago, that exact password, and guess what, someone guessed it.
Change your password to a sentence.
"cheese is good for you mother fucker" is a good one.
[QUOTE=Katatonic717;44758696]Change your password to a sentence.
"cheese is good for you mother fucker" is a good one.[/QUOTE] Change it to something that no one would ever guess...
"Gosh, that Italian family at the next table sure is quiet."
[QUOTE=Teddybeer;44758096]Starts to get difficult when you have 200+ like me. If you know your password is weak and is used on more than one site you have to change it.[/QUOTE]
You could use something like keepass to organize them
LastPass is fucking great for this (but it's by no means the only password manager).
Here's a very good password.
F*CK0FF8!TCH!
Guys, random symbols in passwords are dumb, a short sentence would already take a long to time crack and be hard to guess.
Symbols make it hard to remember and needlessly confusing.
[QUOTE=Katatonic717;44758696]Change your password to a sentence.
"cheese is good for you mother fucker" is a good one.[/QUOTE]
that's usually the first thing you'd do before a bruteforce: do a dictionary check. having a sentence like that would get uncovered within hours, assuming the site has no retry time.
and then, some sites require lower+uppsercase, numbers, symbols, no numbers, no symbols, >8 characters, <8 characters, no spaces, etc.
you could always have your password set to something clever and witty that no one would ever guess, like "password".
[QUOTE=willtheoct;44759181]that's usually the first thing you'd do before a bruteforce: do a dictionary check. having a sentence like that would get uncovered within hours, assuming the site has no retry time.
and then, some sites require lower+uppsercase, numbers, symbols, no numbers, no symbols, >8 characters, <8 characters, no spaces, etc.[/QUOTE]
Your point about sites and services having bizarre and sometimes bad (dramatically weakening security) password rules is on target, but what dictionary do you have that has the complete passphrase "cheese is good for you mother fucker" (and not motherfucker, either, mother fucker)?
"This guy found a password that'll be sure to protect your sensitive information by following this 1 simple rule! Hackers hate him!"
[QUOTE=elixwhitetail;44759698]Your point about sites and services having bizarre and sometimes bad (dramatically weakening security) password rules is on target, but what dictionary do you have that has the complete passphrase "cheese is good for you mother fucker" (and not motherfucker, either, mother fucker)?[/QUOTE]
sorry for late reply, but you don't use a webster dictionary. It will have mother, fucker, motherfucker, mutherfucker, motherfuker, motherfuckers, motherfucker's, mofo, mofos, mofo's, etc.
A friend of mine found one 11 GB in size, too bad he's a script kiddie though.
[QUOTE=Katatonic717;44759099]Guys, random symbols in passwords are dumb, a short sentence would already take a long to time crack and be hard to guess.
Symbols make it hard to remember and needlessly confusing.[/QUOTE]
Problem is, is that rainbow tables crack any sentence password in hours.
While bruteforcing a 60 character password generated by lastpass would take thousands of years, if not longer.
thank god virtually every thing that requires a password has a maximum of 3-5 tries so brute force goes out of the window
NSA did it!
[QUOTE=damnatus;44795955]thank god virtually every thing that requires a password has a maximum of 3-5 tries so brute force goes out of the window[/QUOTE]
No, no. If someone is dumb enough to try brute force on the website itself, then yes.
But a smarter person would try to crack the password on the SQL server (in case of a website).
The website gives the maximum amount of tries. The SQL server doesn't.
[QUOTE=luca00555;44796063]No, no. If someone is dumb enough to try brute force on the website itself, then yes.
But a smarter person would try to crack the password on the SQL server (in case of a website).
The website gives the maximum amount of tries. The SQL server doesn't.[/QUOTE]
just somehow circumvent security measures and query the database directly? why didnt i think of that?!
[QUOTE=sloppy_joes;44796092]just somehow circumvent security measures and query the database directly? why didnt i think of that?![/QUOTE]
Is this sarcasm? Because what I just said is possible. Look it up on the internet.
The only thing you need to know to directly guess (brute force or dictionary) passwords from the SQL server is the server IP and the database name.
[QUOTE=luca00555;44797539]Is this sarcasm? Because what I just said is possible. Look it up on the internet.
The only thing you need to know to directly guess (brute force or dictionary) passwords from the SQL server is the server IP and the database name.[/QUOTE]
Uuhhh I'm pretty sure you can set up all kinds of max login attempts, don't know what you're talking about
you try to make nice sentence password but then there's shit like microsoft that has a 16 character pass limit because fuck you
You also have all those fucking places that tell you, your password must contain at least one lower case, one upper case letter, one number, one symbol, and one written testimony to Hitlers innocence.
One time when I was at my friend's home, I remember him logging into his WoW account, and the password was really long.
Some weeks later I downloaded the free trial version of WoW, and just for fun I put in my friend's account name and typed the cheat code in Age of Mythology, L33T SUPA H4X0R. Turns out that was his password actually, and if I would have wanted to, I could have played on his account.
Obligatory
[url]http://xkcd.com/936/[/url]
[t]http://imgs.xkcd.com/comics/password_strength.png[/t]
Hover over:
[I]"To anyone who understands information theory and security and is in an infuriating argument with someone who does not (possibly involving mixed case), I sincerely apologize."[/I]