[QUOTE=mac338;35003615]My passwords since I was a kid have always been like the last panel.
ApplePieWar
Hat hat tophat
Musicfafafafa
the list goes on[/QUOTE]
yup, passphrases are much much better, my passwords are usually 20 characters +
fuck you password character limits!
[editline]5th March 2012[/editline]
[QUOTE=mac338;35005963]In Elementary school we used computer software for our homework where we all had users, and I guessed my teachers password and I was right on the second attempt. (It was his surname :v: )
So with his admin privileges I deleted every account for each student in the entire school and made a new one single new one called 'school sucks!' (remember I was like 10)
Sadly one guy told the teacher it was me and I got in a shit ton of trouble.[/QUOTE]
I discovered that you could change the password on mac systems through terminal using the unix command [I]passwd[/I] while in elementary school.
Needless to say when I found out the password for the teacher account (it was student) I logged in and changed it :v:
Dictionary attack exist you know. Using only words isnt super safe as xkcd would like to believe
[QUOTE=a-k-t-w;35003499]but then they only have to guess 4 words and they're in?[/QUOTE]
In password finding, even just 4 words mean hell. Even if there were only 20,000 words in the dictionary, then it would still take 1,333,733,370,001 guesses to test all possible combinations. The calculator I was using would crash when I tried to input any number larger.
[QUOTE=YouWithTheFace.;35006117]Dictionary attack exist you know. Using only words isnt super safe as xkcd would like to believe[/QUOTE]
Not super safe, but you can start inserting in less common slang words and words from other languages that you know, and then a four or more word password is actually pretty decent, and still memorable. Most dictionary attacks are limited to the dictionary used, with a few common slang words added, (from my understanding) so you should have reasonable security, though not the best.
I like to use a memorable sentance or two, made up on the spot, for places that allow them, but most places have bullshit limits, or don't allow non-"standard" characters. (hang on, isn't a non-standard password a kind of benefit :v:)
Also, there are so many words in even one language that it'd be amazing to guess some of the less used ones, or archaeic words.
[QUOTE=YouWithTheFace.;35006117]Dictionary attack exist you know. Using only words isnt super safe as xkcd would like to believe[/QUOTE]
Given a password of 28 characters, it could be one uncommon word like "antidisestablishmentarianism" or several common words like "thecatjumpedoverasilverspoon" which is 7 words.
So even if the computer knew character length, it would have a fun time filling it with the proper amount of words and then finding the correct ones.
[QUOTE=Doozle;35004723]At work to use a checkout we need a till number and password. But you've got to change the password every couple of weeks. I recently discovered that you can make the password a single digit, my password currently is "1"[/QUOTE]
The first time I did that, I forgot to save the password I generated for my e-mail account, took me an age to get it back.
Use passwords that make the hacker type in things that he finds morally wrong.
No more hackers!
[QUOTE=Protocol7;35006707]Given a password of 28 characters, it could be one uncommon word like "antidisestablishmentarianism" or several common words like "thecatjumpedoverasilverspoon" which is 7 words.
So even if the computer knew character length, it would have a fun time filling it with the proper amount of words and then finding the correct ones.[/QUOTE]
Especially if you put numbers in between each word, which is what I do. I generally pick an easy-to-remember phrase with at least 3 words, put them together, and string them together with a 3- or 6- character numpad pattern. For example, off the top of my head, I will take a Starcraft cheat code and generate a password from it:
There456456is852852no951951cow753753level.
Fuck you, dictionary crackers.
[QUOTE=eternalflamez;35003855]If it's 30 letters, only containing a-z, 26[SUP]30[/SUP] if i am correct.
[editline]5th March 2012[/editline]
+- 2.8x10[SUP]42[/SUP][/QUOTE]
Assuming 1000 passwords/second like in xkcd, it will take 1.87475309 × 10[sup]43[/sup] years to break that.
[editline]5th March 2012[/editline]
[QUOTE=TheDecryptor;35004772]I've still never understood the logic behind that, it seems to assume the attacker knows the length and makeup of the password, but is just guessing the characters.[/QUOTE]
It appears to be assuming that the attacker is going through every possible combination of letters for a given length of password before adding one character to it and repeating the process.
[QUOTE=Gmod4ever;35007861]Especially if you put numbers in between each word, which is what I do. I generally pick an easy-to-remember phrase with at least 3 words, put them together, and string them together with a 3- or 6- character numpad pattern. For example, off the top of my head, I will take a Starcraft cheat code and generate a password from it:
There456456is852852no951951cow753753level.
Fuck you, dictionary crackers.[/QUOTE]
"It would take a desktop PC about 3 octodecillion years to hack your password"
Good work.
[QUOTE=Chubbs;35008056]...
It appears to be assuming that the attacker is going through every possible combination of letters for a given length of password before adding one character to it and repeating the process.[/QUOTE]
That's just brute forcing though, the comic seems to assume the attacker knows the exact length and makeup of the password.
According to the comic, adding a single uppercase character doubles the search area, but it doesn't. The only way it could just double it was if you knew the exact password, but not the case (and you'd have to know that there was exactly one uppercase character) Otherwise you'd have to test a-z A-Z for every letter up to the length (assuming 10 characters, that's 10^52, or 10 sextillion combinations)
And that's assuming there's no punctuation, etc.
[QUOTE=Simski;35003487][img]http://imgs.xkcd.com/comics/password_strength.png[/img][/QUOTE]
I still fail to understand how this can be true
[QUOTE=Hmn30;35015345]I still fail to understand how this can be true[/QUOTE]
It was explained like twice before in this thread
I like to take the sentence approach, and then use plenty of slang and profanity.
was a bit awkward when i called in for customer service one time and give my password though
[QUOTE=mooty;35003404]Easily guessable or entirely blank passwords were the most common vulnerability Trustwave's SpiderLabs unit found in its penetration tests last year on clients' systems.[/QUOTE]
heh
[QUOTE=Maximum Mod;35005270]I remember that I used the password "tortoises are fucking great" somewhere, and according to [URL="http://howsecureismypassword.net/"]this[/URL] it would take about 54 octillion years for a desktop pc to hack it :v:[/QUOTE]
"It would take a desktop PC
About 13 sextillion years
to hack your password"
Huh.
I like combining words to make passwords.
Smoothmoosecriminal
Dancedrugreligion
Freshappleprince
Hankyswankygorillapanky
sandpaperontitties apparently takes 3 billion years
My passwords change from website to website, but they're mostly the same. Let's say my password is password1 for example. On FP it might be fp_password1 and on Steam sm_password1. That way, it's easy to remember, the passwords are different and it is decently lengthy too.
I have a shelf above my monitor with 4 items on it, my password for shit I don't care about is just those 4 items put together like the second example on the xkcd image, of course I use more secure means for my bank and such.
Didn't some president or something of some country have 12345 as password for email or something?
[QUOTE=Starship;35017837]Didn't some president or something of some country have 12345 as password for email or something?[/QUOTE]
That was Assad, Syrian leader.
Also, relevant:
[IMG]http://www.smbc-comics.com/comics/20110506.gif[/IMG]
Sorry, you need to Log In to post a reply to this thread.
