CNN 'tech analyst' thinks 4chan is a person, recommends using 'pa$$word' as your password - Polidicks

He used he in reference to the person that hacked these peoples accounts, and he just said that using pa$$word would be relatively safer than just password.. The chick doesn't know anything on this subject (and she's not the tech analyst) but I fail to see where the actual tech analyst went wrong.

Or just roll your fingers in set directions on the keyboard like: qwertasdfzxc That way you can remember it and no one would be the wiser. Except for now. Now someone will know to try this.

[QUOTE=ragin cajun;45885150][img]http://puu.sh/bkjKd/d0318bce11.png[/img] Password is "aaaaaaaaaaaaaaaaaaaa" :v:[/QUOTE] tested my important-stuff password, said 80 billion years, so guessing like 5 minutes on a super computer or bot-net? [editline]3rd September 2014[/editline] [QUOTE=legolover122;45885919]He used he in reference to the person that hacked these peoples accounts, and he just said that using pa$$word would be relatively safer than just password.. The chick doesn't know anything on this subject (and she's not the tech analyst) but I fail to see where the actual tech analyst went wrong.[/QUOTE] did not know what the 4chan was on the interwebs and if did, did not bother to correct the horribly mistaken news reporter

[QUOTE=Hervey;45884730]On a serious note about password strength [img]http://imgs.xkcd.com/comics/password_strength.png[/img][/QUOTE] Oh cool I'm going to start using correcthorsebatterystaple as my new password. :downs:

[QUOTE=Hervey;45884730]On a serious note about password strength [img]http://imgs.xkcd.com/comics/password_strength.png[/img][/QUOTE] Do this but with an entire sentence then use arbitrary substitution rules to half ass leet speak the sentence and then do something funky like hold down shift every other letter for for half the password or something and you have a super easy to remember but probably really fucking hard to crack password that's an absurd mixture of capitals, symbols, numbers and also like 40 characters long That's what I generally do. I end up running into trouble with all those fucking shitty sites that force you to have a max of 8 characters for your pw though. That shit pisses me off so much.

[QUOTE=Shogoll;45886238]Do this but with an entire sentence then use arbitrary substitution rules to half ass leet speak the sentence and then do something funky like hold down shift every other letter for for half the password or something and you have a super easy to remember but probably really fucking hard to crack password that's an absurd mixture of capitals, symbols, numbers and also like 40 characters long[/QUOTE] And it only takes 5 minutes to enter

it took me 10 seconds to type this sentence [t]http://i.imgur.com/0dUh4FC.png[/t]

If the host and the "expert" got hacked right now I wouldn't even be mad.

It's me. I admit it. I am that 4chan fellow.

Someone on the Today Show the other day (Not one of the main hosts, but that weird, skinny guy that does weird, skinny news) asked if app crashes were evidence that your phone was being hacked... It amazes me that the public as a whole is still technologically illiterate. They don't know how their stuff works, just that it does. Bizarre, considering this whole "Personal Computer" thing's more than twenty years on already.

[t]http://i.imgur.com/QYtsCQ6.png[/t] Password is "1 billion years"

This one is almost as bad as the "rubber bullets" guy. Also, I decided to see how strong my wifi password was: [URL=http://imgur.com/iXGi9Ag][IMG]http://i.imgur.com/iXGi9Ag.jpg[/IMG][/URL] I think I'm good. (This was the result of my actual password. lol)

[QUOTE=Helix Snake;45886343]And it only takes 5 minutes to enter[/QUOTE] Once you get the phrase into muscle memory you can seriously type it in like a second, no joke. I mean shit, I'm assuming the average gamer can type some like 100wpm right? Probably even more if its a repeatedly practice phrase that you type out often. Going with what I feel are conservative estimates of 4 characters on average per word, you'll probably find yourself typing some ~7 characters per second at a little over 100wpm, so you could probably bash out some pretty damn long passwords in a few seconds.

[QUOTE=SPESSMEHREN;45885254]That is very flawed.[/QUOTE] It's only flawed if it becomes common enough for it to be worthwhile for a hacker to use a method incorporating that idea. One of the main advantage of a password like this it is too long to bruteforce normally, and an average cracker wouldn't have the slightest idea how a given person's password is constructed. They don't know how many characters it has, if it just a word, or even if it has special characters and numbers.

[QUOTE=Shogoll;45886238]Do this but with an entire sentence then use arbitrary substitution rules to half ass leet speak the sentence and then do something funky like hold down shift every other letter for for half the password or something and you have a super easy to remember but probably really fucking hard to crack password that's an absurd mixture of capitals, symbols, numbers and also like 40 characters long That's what I generally do. I end up running into trouble with all those fucking shitty sites that force you to have a max of 8 characters for your pw though. That shit pisses me off so much.[/QUOTE] sites that SPECIFICALLY only let you have numbers and letters need to fuck off I have a symbol in mine and it really screws me up when they force you to have at least 1 capital letter but no symbol the symbol makes it way more secure

[QUOTE=J!NX;45886855]sites that SPECIFICALLY only let you have numbers and letters need to fuck off I have a symbol in mine and it really screws me up when they force you to have at least 1 capital letter but no symbol the symbol makes it way more secure[/QUOTE] I remember my fucking health insurance provider site had a password length that had to be between 6 and 8 characters and alpha numeric characters only, but a capital and a number were both required. And I have to entrust these people with my card numbers. It's fucking stupid. [editline]4th September 2014[/editline] I ended up using something along the lines of fUCK0FF or something like that after it rejected 5 passwords

[QUOTE=Shogoll;45887105]I remember my fucking health insurance provider site had a password length that had to be between 6 and 8 characters and alpha numeric characters only, but a capital and a number were both required. And I have to entrust these people with my card numbers. It's fucking stupid. [editline]4th September 2014[/editline] I ended up using something along the lines of fUCK0FF or something like that after it rejected 5 passwords[/QUOTE] this is the type of stuff that made me change my paypal to gmail and completely just not use ymail ever again it's even worse when you have to do with with bank passwords and they don't even let you see recent activity. to sites that don't log activity, [B]FUCK YOU[/B] for not letting me view account activity. they force you to have 1 cap letter and 1 number because they want you to be more secure, why the hell can't I have about 8-16 characters and a few symbols in it then? I want to use a 20 digit password, let me do it.

I use long and hard passwords for everything and no two things have the same password. I have a notebook (a paper booklet, not an additional laptop) at home which contains all of them, and I can remember the three most used ones. I once lost the notebook and let's just say I felt a little bit stressed about it. Though I've never been happier than I was when I found it 2 hours later. :v:

[IMG]http://i.imgur.com/zeU2H8C.png[/IMG] Password is a long string of 309 zeroes.

[QUOTE=J!NX;45887128]this is the type of stuff that made me change my paypal to gmail and completely just not use ymail ever again it's even worse when you have to do with with bank passwords and they don't even let you see recent activity. to sites that don't log activity, [B]FUCK YOU[/B] for not letting me view account activity. they force you to have 1 cap letter and 1 number because they want you to be more secure, why the hell can't I have about 8-16 characters and a few symbols in it then? I want to use a 20 digit password, let me do it.[/QUOTE] I get how having one capital and one number makes you more secure, [i]unless[/i] you're specifically told to do so, in which case, anyone trying to pop it will just make sure to program at least one capital, one number into his brute-force code, and bam, got it just as easily as if it really was password. [editline]4th September 2014[/editline] Also, that website to check how secure your password is states that 'password' is among the 100 most common passwords. Really? People do that?

[QUOTE=Riller;45887721]I get how having one capital and one number makes you more secure, [i]unless[/i] you're specifically told to do so, in which case, anyone trying to pop it will just make sure to program at least one capital, one number into his brute-force code, and bam, got it just as easily as if it really was password.[/QUOTE] that's an even better way to think about it too actually especially when they specifically know it can only be 6-16 characters long with no symbols. it REALLY makes it easy to bruteforce that way. [QUOTE=Riller;45887721]Also, that website to check how secure your password is states that 'password' is among the 100 most common passwords. Really? People do that?[/QUOTE] [t]http://www.personal.psu.edu/afr3/blogs/siowfa12/old%20people%203.jpg[/t][t]http://www.shamokindamhealthcenter.com/wp-content/uploads/2012/06/happy-kids1.jpg[/t] these are the ones who do it oh and stupid people

[QUOTE=J!NX;45887729]these are the ones who do it oh and stupid people[/QUOTE] I'm getting the same feeling I did back when Yawmwen called police 'pigs', where I realize that that is a thing some real people actually do, and not just something said or done by the imaginary stupid people I tell jokes about as examples of excessive stupidity.

I am 4chan.

[QUOTE=Riller;45887721]I get how having one capital and one number makes you more secure, [i]unless[/i] you're specifically told to do so, in which case, anyone trying to pop it will just make sure to program at least one capital, one number into his brute-force code, and bam, got it just as easily as if it really was password. [editline]4th September 2014[/editline] Also, that website to check how secure your password is states that 'password' is among the 100 most common passwords. Really? People do that?[/QUOTE] I had a blast going on that site and just typing random profanities to see how far up the list they are :v: Turned out pussy is in top 10

'Who is this 4chan person' 'Probably a system administrator' Maybe I'm just giving him the benefit of the doubt but that statement makes perfect sense if you're not deliberately trying to find fault with it. 'Who's that Microsoft person on the news' would be understood to mean 'who is that person from Microsoft', not 'Microsoft is a person, who is he'. She may not have any idea what 4chan is but he seems to have understood '4chan person' as 'a person from 4chan'.

Is this satire?

[QUOTE=JtRtheRiPPeR;45888799]Is this satire?[/QUOTE] I wish.

My Steam password would take 501 nonillion years to crack. Thanks KeePass!

Dont dictionary attacks try a word, then swap the letters of that word to common "alternatives" like A to 4 and o to 0 and s to $?

[QUOTE=Amaurus;45886827]It's only flawed if it becomes common enough for it to be worthwhile for a hacker to use a method incorporating that idea. One of the main advantage of a password like this it is too long to bruteforce normally, and an average cracker wouldn't have the slightest idea how a given person's password is constructed. They don't know how many characters it has, if it just a word, or even if it has special characters and numbers.[/QUOTE] If you're not just a fat guy on an old desktop PC, you don't give a shit how long a persons password is. If you have at least access to a couple of somewhat highpowered machines, you tell those to run the maximum amount of times at a time that they can (minus one to be unnoticable), and run a simple pre-processed dictionary with various setups first. Assuming that the person didn't look words up on the internet, the average person knows only about up to 60.000 words, going through a combination of those words with maybe a small sentence is going to take a bit long (not really, but let's pretend it would), but there's plenty of filtering to do. Cut away the words that are rarely ever used, or that most people don't use. In most cases, you can probably cut away, say, half of those words. There we go, then it's durable in a very short amount of time. You can always run a customized bruteforce attack afterwards, if you didn't get any results, and then be sure to get results. Not to mention that if you have access to a (stolen/pirated) database where passwords are MAX 8 characters, and "must include X and Y", then chances are they aren't even using salts. What does that mean? Well, it means: Pull out your rainbow tables, check against those, then run a custom bruteforce with the parameters that the users are required, and 5-10 minutes - or whatever- later, you're good. [editline]4th September 2014[/editline] [QUOTE=Str4fe;45889171]Dont dictionary attacks try a word, then swap the letters of that word to common "alternatives" like A to 4 and o to 0 and s to $?[/QUOTE] Yep, this too. But it depends a lot on the parameters, which can be anything depending on the situation.