!!ATTENTION!! - Please Secure Your Passwords!

We sure do have a lot of rules and guidelines threads - find them all here, and please make sure you've read them! Also, community-wide announcements (that aren't major ZDoom News) go here as well.

Re: !!ATTENTION!! - Please Secure Your Passwords!

Postby boris » Thu May 26, 2016 7:03 am

wildweasel wrote:and testing your password's strength against known cracking algorithms with this tester

Entering your password on some random website that "tests" your password is a bad idea. They could as well store it in a dictionary.
boris
I post less than Manc and Hobo
 
Joined: 15 Jul 2003

Re: !!ATTENTION!! - Please Secure Your Passwords!

Postby 4thcharacter » Thu May 26, 2016 7:40 am

I think this is the time where the "Add foe" function works well. Report the trolls, then add them as foes.
User avatar
4thcharacter
"I have returned."
Banned User
 
Joined: 02 Jun 2015

Re: !!ATTENTION!! - Please Secure Your Passwords!

Postby scalliano » Thu May 26, 2016 10:03 am

Just changed my password, logged out, and THEN got the "too many login attempts" message as I tried logging in again. Is it time to panic?
User avatar
scalliano
Socially Distant
 
Joined: 21 Jun 2005
Location: Ireland

Re: !!ATTENTION!! - Please Secure Your Passwords!

Postby Slax » Thu May 26, 2016 10:35 am

WELP. Time to upgrade the forums.
User avatar
Slax
Saucy.
... in loving memory ...
 
Joined: 19 Oct 2010
Location: Window office.

Re: !!ATTENTION!! - Please Secure Your Passwords!

Postby wildweasel » Thu May 26, 2016 10:42 am

Slax wrote:WELP. Time to upgrade the forums.

I'm not sure that this would help anything, considering our troll has been getting in by random brute forcing.
User avatar
wildweasel
from a different perspective.
Moderator Team Lead
 
Joined: 15 Jul 2003

Re: !!ATTENTION!! - Please Secure Your Passwords!

Postby Slax » Thu May 26, 2016 10:48 am

Well, an IP ban on too many login attempts would be good. Proxy or not, it should help soothe the issue.
I dunno. It's something at least.
User avatar
Slax
Saucy.
... in loving memory ...
 
Joined: 19 Oct 2010
Location: Window office.

Re: !!ATTENTION!! - Please Secure Your Passwords!

Postby NeuralStunner » Thu May 26, 2016 10:56 am

scalliano wrote:Is it time to panic?
Nope. Just shows that someone was trying to guess your password from a different system.

Graf Zahl wrote:Numbers and capital letters are highly overrated.
From a technical standpoint, 62^len is less breakable than 26^len.
Graf Zahl wrote:Aside from some random sequence of characters, the best password is still some phrase that only has meaning to you.
This is why I suggested a hybrid of the two. :P

boris wrote:Entering your password on some random website that "tests" your password is a bad idea. They could as well store it in a dictionary.
I've seen this particular site recommended by the folks at Windows Secrets (who I've always seen on the ball about security-related things).
User avatar
NeuralStunner
Not "Neutral"
 
 
 
Joined: 21 Jul 2009
Location: capital N, capital S, no space
Discord: NeuralStunner#4201
Operating System: Windows Vista/7/2008 64-bit
Graphics Processor: nVidia (Modern GZDoom)

Re: !!ATTENTION!! - Please Secure Your Passwords!

Postby Gothic » Thu May 26, 2016 11:00 am

boris wrote:Entering your password on some random website that "tests" your password is a bad idea. They could as well store it in a dictionary.

But you don't click anything on that site, you just type and the result appears, like Google Translator.
User avatar
Gothic
Barely present
 
Joined: 16 Jun 2011
Location: harold
Discord: #1462

Re: !!ATTENTION!! - Please Secure Your Passwords!

Postby DoomRater » Thu May 26, 2016 11:01 am

You do that on Google.com as well and that data is sent to Google...
User avatar
DoomRater
Hi, I'm bob.
 
Joined: 28 Jul 2004
Location: WATR HQ
Discord: DoomRater#6308

Re: !!ATTENTION!! - Please Secure Your Passwords!

Postby demo_the_man » Thu May 26, 2016 11:06 am

I didn't even realize this happened. I thought i was banned the whole time,then i realized that the captcha need a space :oops:
User avatar
demo_the_man
Did i ever tell ye the story of me old bones?
 
Joined: 28 May 2013
Location: Workin
Discord: demo_the_man#8942

Re: !!ATTENTION!! - Please Secure Your Passwords!

Postby Graf Zahl » Thu May 26, 2016 11:10 am

NeuralStunner wrote:
Graf Zahl wrote:Numbers and capital letters are highly overrated.
From a technical standpoint, 62^len is less breakable than 26^len.


But that's not how password cracking works. A random combination of small letters is still more secure than a real word where some characters have been capitalized or where 'o's have been replaced with '0's.
User avatar
Graf Zahl
Lead GZDoom+Raze Developer
Lead GZDoom+Raze Developer
 
Joined: 19 Jul 2003
Location: Germany

Re: !!ATTENTION!! - Please Secure Your Passwords!

Postby boris » Thu May 26, 2016 11:29 am

Gothic wrote:
boris wrote:Entering your password on some random website that "tests" your password is a bad idea. They could as well store it in a dictionary.

But you don't click anything on that site, you just type and the result appears, like Google Translator.

The days where you had to press a button to send data to a server have been gone for a long time. Each time you type something into the Google translator this data is sent to Google, and the Google servers reply with the translation. This technique is called AJAX and very common nowadays.
boris
I post less than Manc and Hobo
 
Joined: 15 Jul 2003

Re: !!ATTENTION!! - Please Secure Your Passwords!

Postby NeuralStunner » Thu May 26, 2016 11:55 am

Graf Zahl wrote:But that's not how password cracking works. A random combination of small letters is still more secure than a real word where some characters have been capitalized or where 'o's have been replaced with '0's.
If we're talking about using a personal phrase, that's still real words. For most people, the phrase is still going to be somehow related to the site it's used on (unless they're reusing it across sites), and even one bizarre substitution (I.E. not something as obvious as o->0) is going to be unpredictable.

I admit I might be biased on the "but is it worth it" front since I can use an obtuse password and still remember it. (Through repeated use, if nothing else.)
User avatar
NeuralStunner
Not "Neutral"
 
 
 
Joined: 21 Jul 2009
Location: capital N, capital S, no space
Discord: NeuralStunner#4201
Operating System: Windows Vista/7/2008 64-bit
Graphics Processor: nVidia (Modern GZDoom)

Re: !!ATTENTION!! - Please Secure Your Passwords!

Postby Caligari87 » Thu May 26, 2016 12:07 pm

Our current woes are probably related to the slew of recent password dumps, as noted in this Reddit admin announcement. From that post, here's a decent write-up on modern password cracking, which I believe is what Graf's getting at. "H0r53" bay contain more entropy than "horse", but dictionary cracking is wise to leet-speak replacements, so it's liable to be higher on the list than a brute-force attack (which are really outdated).

As computers have become faster, the guessers have got better, sometimes being able to test hundreds of thousands of passwords per second. These guessers might run for months on many machines simultaneously.

They guess intelligently. They don't run through every eight-letter combination from "aaaaaaaa" to "zzzzzzzz" in order. That's 200bn possible passwords, most of them very unlikely. They try the most common password first: "password1". (Don't laugh; the most common password used to be "password".)

A typical password consists of a root plus an appendage. The root isn't necessarily a dictionary word, but it's something pronounceable. An appendage is either a suffix (90% of the time) or a prefix (10% of the time). One guesser I studied starts with a dictionary of about 1,000 common passwords, things like "letmein," "temp," "123456," and so on. Then it tests them each with about 100 common suffix appendages: "1", "4u", "69", "abc", "!" and so on. It recovers about 24% of all passwords with just these 100,000 combinations.

Basically, at this point you need to be using completely passwords like D9#%Rf9@pA* to be even close to secure.

8-)
Last edited by Caligari87 on Thu May 26, 2016 12:07 pm, edited 1 time in total.
User avatar
Caligari87
User Accounts Assistant
 
Joined: 26 Feb 2004
Discord: Caligari87#3089
Github ID: caligari87

Re: !!ATTENTION!! - Please Secure Your Passwords!

Postby Accensus » Thu May 26, 2016 12:07 pm

Some of my passwords are long and complicated enough that I need to do some air keyboarding to remember exactly how it goes. That moment when muscle memory > actual memory. I know the phrases, but, beat me with a stick, I can't type them on my phone. I forget how far I've typed halfway there.
Accensus
 
Joined: 11 Feb 2016

PreviousNext

Return to Rules and Forum Announcements

Who is online

Users browsing this forum: No registered users and 0 guests