[QUOTE=eternalflamez;35003695]But if everyone starts using 3-4 words as passwords, don't hackers just change their programs, to test combinations of words instead of letters?
Because then those word combinations are almost as easy to figure out as 3 letters?[/QUOTE]
This is true isnt it? Say someone is using a 4 word password, and a hacker has a database 10000 different words. Isnt the possible combinations 40000? At 1000 guesses a second then thats 40 seconds to guess correctly (At most, assuming the database actually has the right words). (I am probably dumb and have my math wrong)
And this is exactly why every mutation of "password" is right at the top of wordlists.
[QUOTE=Zelacks;35004039]This is true isnt it? Say someone is using a 4 word password, and a hacker has a database 10000 different words. Isnt the possible combinations 40000? At 1000 guesses a second then thats 40 seconds to guess correctly (At most, assuming the database actually has the right words). (I am probably dumb and have my math wrong)[/QUOTE]
Indeed you've got your math wrong. The possible combinations is 10.000[sup]4[/sup].
That's 10.000.000.000.000.000.
that's my facepunch password, what a coincidence
You're not taking in to account grammar. I use passphrases nowadays, and use proper grammar with them. Some have multiple sentences. I average about 6 words per sentence. Easy to remember, impossible to brute force (unless P=NP gets solved), extremely unlikely to do under dictionary attack.
i personally just use password generators, it's just much more easy to just click a button and have a 20-character long jumbled mess that you can use
At work to use a checkout we need a till number and password. But you've got to change the password every couple of weeks. I recently discovered that you can make the password a single digit, my password currently is "1"
[QUOTE=Simski;35003487][img]http://imgs.xkcd.com/comics/password_strength.png[/img][/QUOTE]
I've still never understood the logic behind that, it seems to assume the attacker knows the length and makeup of the password, but is just guessing the characters.
[QUOTE=Doozle;35004723]At work to use a checkout we need a till number and password. But you've got to change the password every couple of weeks. I recently discovered that you can make the password a single digit, my password currently is "1"[/QUOTE]
Changing your password every few weeks is stupid. It's the same as changing the lock on your front door.
[QUOTE=TheDecryptor;35004772]I've still never understood the logic behind that, it seems to assume the attacker knows the length and makeup of the password, but is just guessing the characters.[/QUOTE]
No, it's assuming the attacker is a bot designed to test every possible symbol in your password. The bot won't know that you're using 4 words (possibly more possibly less), a human will have every word imaginable to choose for all 4 words, and the 4 words are to a computer with the ability to guess words like a 4 digit password where every value is equal to the number of words in a dictionary (where it will probably be limited to one language, and won't involve slang words).
A while ago when some group (Anonymous maybe?) published a massive list of stolen personal information, mostly emails and passwords, showing just the first three letters, I went through the list looking for "abc", "pas" and "qwe". Tried a couple, they all worked. Stayed out of their shit. Sent them all emails about it and why they should use proper passwords.
As I was typing it, Wordpress sent out their own "Oh dear all our accounts got hacked" email.
I suppose it's a bit more pressing when some of those warning emails came from their own account.
I remember in elementary school I used the password "guy111".
Years later my steam account was hacked because someone guessed it.
God I was retarded.
[QUOTE=Katatonic717;35005079]I remember in elementary school I used the password "guy111".
Years later my steam account was hacked because someone guessed it.
God I was retarded.[/QUOTE]
Would you like to sign up for a free Steam game? offer ends in 60 minutes answer fast thanks :)
I take a normal saying and take the first letters and add numbers.
The apple doesn't fall far from the tree = 7tadffftt64 (Mind you, I use Norwegian sayings)
I do use something more secure on my really sensitive stuff though. One code I won't reveal here :v:
[QUOTE=Tinter;35004830]Changing your password every few weeks is stupid. It's the same as changing the lock on your front door.[/QUOTE]
It's just to stop other people using your till number, because that can be quite serious.
Coincidently a few months ago I buggered something up on the till and somehow the person wasn't charged for their goods. They walked out without paying, because of my error and my checkout was £500 down.
I remember that I used the password "tortoises are fucking great" somewhere, and according to [url=http://howsecureismypassword.net/]this[/url] it would take about 54 octillion years for a desktop pc to hack it :v:
That's a single computer doing it on a letter-by-letter possibility thing though isn't it?
What a bunch of morons. They should really use this- [url]http://www.safe-password-generator.com/[/url].
It also helps to remember the keystrokes your do when typing in your password.
Using your phone number is the best password there is. Trust me.
my steam pass is imgay4anime dont tell no one
[QUOTE=cheesedelux;35005298]That's a single computer doing it on a letter-by-letter possibility thing though isn't it?[/QUOTE]
[QUOTE=Maximum Mod;35005270]desktop pc[/QUOTE]
I remember having my 15 mb/sec internet and gained 4 mb/sec with it.
Now I switched to 50 mb/sec and it only downloads in 250kb/sec
thanks Tele2
Reminds me of the people on facebook who said if you posted your password on your wall it would show up as ******* and people actually did it
and my pass is gulia96, since it's my first dog's name.
Don't tell anyone
Pfft, my school can't possibly get hacked than the password is "Password!"
one one one, uh.... one!
I hate services that have an arbitrary limit on passworld length. I can't use my normal pass (34 characters) on Paypal because the limit is 20. Then they ask me to change my pass every month when it's not as secure as I'd like it to be in the first place.
In Elementary school we used computer software for our homework where we all had users, and I guessed my teachers password and I was right on the second attempt. (It was his surname :v: )
So with his admin privileges I deleted every account for each student in the entire school and made a new one single new one called 'school sucks!' (remember I was like 10)
Sadly one guy told the teacher it was me and I got in a shit ton of trouble.
my pw is ******** xD they'll never gueess it
Sorry, you need to Log In to post a reply to this thread.
