[QUOTE=damnatus;50711460]I use SMS authorization whenever I can. That seems pretty safe[/QUOTE]
With what we've seen recently with h3h3, I don't think it's that safe anymore.
[QUOTE=damnatus;50711460]I use SMS authorization whenever I can. That seems pretty safe[/QUOTE]
A lot of streamers have been getting hacked out youtube from SMS authentication. The hackers use social engineering to get a copy of the victim's SIM card directly from the victim's cell service provider. Granted, its a bit of work to do this so unless you are a prominent figure you most likely won't get targeted.
Right now your best best is to use a password manager as mentioned earlier in the thread. Instead of memorizing many different mediocre passwords, you only remember a single strong password to login to the password manager and the manager takes care of the rest. Ideally go for a password manager with two-factor authentication and invest in a physical token like a Yubikey, or at the very minimum get an authentication app on your smartphone (different than SMS).
[QUOTE=amos106;50711524]Ideally go for a password manager with two-factor authentication and [B]invest in a physical token like a Yubikey[/B], or at the very minimum get an authentication app on your smartphone (different than SMS).[/QUOTE]
Bingo, get hardware 2FA and you're pretty much indestructible.
I want a future where everything uses smart cards. They're seriously really good forms of authentication for 2FA and I wish I saw them used more often. It's just very limited accessibility because every user of your product or service would require a smart card reader and smart-card compatible computer. Not to mention making the software or service also use smart cards with other forms of authentication.
They can't really be copied either. The only downside would be losing the card.
However even with that I'd imagine most users would just leave it in at all times...which just defeats the purpose of having it in the first place.
[QUOTE=helifreak;50711279]Swap that MD5 for some SHA512 with lots of iterations and suddenly your 40 billion is a few million at best.[/QUOTE]
That was kind of the point of the video wasn't it?
He was constantly saying how MD5 is shit and you need to switch away from it, and illustrating why it's shit.
I suppose this is as good a place as any to ask since I don't want to make a thread. I haven't used one of these password managers before and I'm looking into getting one, but I have a question - I see KeePass recommended most here, but I'm wondering why it is better than LastPass? LastPass I believe is more popular (not that that's a reason for it to be better), and looks more user friendly, so I was wondering.
[QUOTE=Zelle;50705502]
Or save your passwords in a text doc and copy paste them. That's a lazy alternative, but whichever floats your boat.[/QUOTE]
i have been doing this for years and can confirm that its perfectly safe and 100% unhackable my billions of dollars worth bitcoins are perfectly safe as well
here is my real safe and secure password .txt bet u can't get into this [url]https://drive.google.com/file/d/0B_gMG1oTusb_ODNxampWUjhPeFE/view?usp=sharing[/url]
[QUOTE=phabeZ;50713965]I suppose this is as good a place as any to ask since I don't want to make a thread. I haven't used one of these password managers before and I'm looking into getting one, but I have a question - I see KeePass recommended most here, but I'm wondering why it is better than LastPass? LastPass I believe is more popular (not that that's a reason for it to be better), and looks more user friendly, so I was wondering.[/QUOTE]
Whatever you think is the best - KeePass is open source though.
[QUOTE=evil-tedoz;50711481]With what we've seen recently with h3h3, I don't think it's that safe anymore.[/QUOTE]
In our country you have to physically be at your carrier's store & bring your ID with you for them to give you a replacement SMS
TBH it's an edge case as he said in the video that you need the hashfile
[QUOTE=FPtje;50710052]There's another reason why MD5 is insecure: [url=https://en.wikipedia.org/wiki/Collision_attack]collision attacks[/url]. Basically people can find a [U]different[/U] password that will generate the [I]same[/I] MD5 hash as your own password, and then use that to log in to some website where you use the same password.
Although that only works if the other website doesn't use [url=https://crackstation.net/hashing-security.htm]proper salting[/url][/QUOTE]
Collision attacks are inherent with any hashing algorithm, and are not generally considered useful. You would get a passphrase that's useless on most any other site, and the keyspace for such an attack is mindbogglingly large.
Consider the danger of such an attack to be the same as an extremely small crack in an enormous ship's hull. Sure, it's not great, but it's also not going to matter much, and it's not worth buying a new ship over.
[editline]15th July 2016[/editline]
[QUOTE=ichiman94;50714173]TBH it's an edge case as he said in the video that you need the hashfile[/QUOTE]
hash files are the #1 target of server dumps so
Sorry, you need to Log In to post a reply to this thread.