I’m tempted to go back to pencils, envelopes, and stamps.
no, especially not when those words can be found in a dictionary. forcing a hacker to use a brute force attack will make it take that much longer.
http://www.passwordmeter.com/
long version = 32% weak
my version = 88% very strong
Let me clarify my stance here. Your example is good. It is better than what most people will use. It’s just too short to be considered REALLY secure.
No dictionary/wordlist attack would of reasonable length would be successful on the one I posted. However, brute forcing by trying every possible combination of letters/chars/numbers, yours is weaker.
Both are good approaches but people often put too much trust in mixed numbers and special characters. Hackers and their tools are plenty smart enough to get around that.
I seriously believe that the term password should be changed to passphrase so that people would be encouraged to use multiple words.
Lol
It doesn’t really matter when you enter the shit into some phishing site anyways
You mean this morning when M&T emailed me asking for my mother’s maiden name, my SSN, DOB, name and address to update their records I shouldn’t have emailed it back to them? I should have known when they spelled 10 out of 20 words in the email wrong something was up.
Yeah I found it weird that I had a UPS package waiting for me and the sent me an exe file to run.
Password strength has a lot to do with context if your work uses LM hashes still which post places do it can be as a random as you want but if its 14 characters or less its stupid easy to crack.
The idea behind pass phrases is not having to write it down or store in a text file called passwords.txt on your desktop
From a password cracking perspective your better off with something longer anyways people don’t usually start cracking 15+ char passwords and move towards smaller.
Even if your password is fairly simple like Password69 if it doesn’t appear in some commonly used wordlist its not likely to get brute forced on say hotmail or gmail. It would take forever and that many attempts would get blocked.
---------- Post added at 08:28 AM ---------- Previous post was at 08:09 AM ----------
or this
http://news.hitb.org/content/0day-remote-password-reset-vulnerability-msn-hotmail-patched
god hotmail sucks
I would love to see actual numbers how often someone hacks an email account. Unless you are high profile or there is some reward, someone isn’t going to risk getting caught and wasting resources in brute forcing your personal email account. Just make your password somewhat hard to guess since most sites lock an account after 3-10 attempts.
My best is you got a key logger, caught your login on a target such as hotmail and dumped the credentials to a spam bot net which is now using it to relay spam messages to your inbox. To find out if someone is using your account or just your contacts and name, have someone forward you a message back and look or post the headers here and we can tell you if it came from your account or spoofed.
Reformat your computer, change your passwords on EVERYTHING and stop downloading porn and random attachments.
From what I understand, email accounts are hacked to facilitate the delivery of spam/phishing attacks usually.
From what I am hearing from some of my contacts, Malware like keyloggers are a commone source of stolen account passwords. It’s the exact reason that a lot of security folks will tell you to NEVER do your online banking from a computer that you do general web browsing on. Even the best security people can fall victim to malware. Non-Persistant bootable USB with an OS on it is the safest way…Most people aren’t paranoid enough to do that, but you have to think that if highly regarded security professionals are doing it, there is a reason.
me and never a problem… mostly every time it is the dumb ass between the keyboard and the chair that doesn’t know what they are doing
I do all my banking from a Faraday cage…
that must be awkward with the teller
You mean I shouldn’t have done that? I thought the .exe would be to sign for the package digitally. SHIT!
Computers suck I spend most of my days now yelling at people about shit like this
I love my yahoo account to send ‘grey’ mail too. However, about 3 months ago I had a spam email go out from it. Changed my password to something more secure and i’ve been fine since.
My password fucking rules. It’s the full VIN from a car I owned. Except I memorized it wrong so it’s my version of the vin.
Rock solid.
Computers should have never made it to the general population.
Speaking of computers
^ Looks ultra professional.