Entering your password on some random website that "tests" your password is a bad idea. They could as well store it in a dictionary.wildweasel wrote:and testing your password's strength against known cracking algorithms with this tester
!!ATTENTION!! - Please Secure Your Passwords!
-
- Posts: 753
- Joined: Tue Jul 15, 2003 3:37 pm
Re: !!ATTENTION!! - Please Secure Your Passwords!
-
- Posts: 1183
- Joined: Tue Jun 02, 2015 7:54 am
Re: !!ATTENTION!! - Please Secure Your Passwords!
I think this is the time where the "Add foe" function works well. Report the trolls, then add them as foes.
-
- Posts: 2856
- Joined: Tue Jun 21, 2005 1:16 pm
- Location: Ireland
Re: !!ATTENTION!! - Please Secure Your Passwords!
Just changed my password, logged out, and THEN got the "too many login attempts" message as I tried logging in again. Is it time to panic?
-
- ... in rememberance ...
- Posts: 2121
- Joined: Tue Oct 19, 2010 7:01 am
- Location: Window office.
Re: !!ATTENTION!! - Please Secure Your Passwords!
WELP. Time to upgrade the forums.
-
- Posts: 21706
- Joined: Tue Jul 15, 2003 7:33 pm
- Preferred Pronouns: He/Him
- Operating System Version (Optional): A lot of them
- Graphics Processor: Not Listed
Re: !!ATTENTION!! - Please Secure Your Passwords!
I'm not sure that this would help anything, considering our troll has been getting in by random brute forcing.Slax wrote:WELP. Time to upgrade the forums.
-
- ... in rememberance ...
- Posts: 2121
- Joined: Tue Oct 19, 2010 7:01 am
- Location: Window office.
Re: !!ATTENTION!! - Please Secure Your Passwords!
Well, an IP ban on too many login attempts would be good. Proxy or not, it should help soothe the issue.
I dunno. It's something at least.
I dunno. It's something at least.
-
-
- Posts: 12328
- Joined: Tue Jul 21, 2009 12:04 pm
- Preferred Pronouns: He/Him
- Operating System Version (Optional): Windows 11
- Graphics Processor: nVidia with Vulkan support
- Location: capital N, capital S, no space
Re: !!ATTENTION!! - Please Secure Your Passwords!
Nope. Just shows that someone was trying to guess your password from a different system.scalliano wrote:Is it time to panic?
From a technical standpoint, 62^len is less breakable than 26^len.Graf Zahl wrote:Numbers and capital letters are highly overrated.
This is why I suggested a hybrid of the two.Graf Zahl wrote:Aside from some random sequence of characters, the best password is still some phrase that only has meaning to you.
I've seen this particular site recommended by the folks at Windows Secrets (who I've always seen on the ball about security-related things).boris wrote:Entering your password on some random website that "tests" your password is a bad idea. They could as well store it in a dictionary.
-
- Posts: 805
- Joined: Thu Jun 16, 2011 6:49 pm
Re: !!ATTENTION!! - Please Secure Your Passwords!
But you don't click anything on that site, you just type and the result appears, like Google Translator.boris wrote:Entering your password on some random website that "tests" your password is a bad idea. They could as well store it in a dictionary.
-
- Posts: 8265
- Joined: Wed Jul 28, 2004 8:21 am
- Preferred Pronouns: He/Him
- Location: WATR HQ
Re: !!ATTENTION!! - Please Secure Your Passwords!
You do that on Google.com as well and that data is sent to Google...
-
- Posts: 748
- Joined: Tue May 28, 2013 7:34 am
- Location: Workin
Re: !!ATTENTION!! - Please Secure Your Passwords!
I didn't even realize this happened. I thought i was banned the whole time,then i realized that the captcha need a space
-
- Lead GZDoom+Raze Developer
- Posts: 49183
- Joined: Sat Jul 19, 2003 10:19 am
- Location: Germany
Re: !!ATTENTION!! - Please Secure Your Passwords!
But that's not how password cracking works. A random combination of small letters is still more secure than a real word where some characters have been capitalized or where 'o's have been replaced with '0's.NeuralStunner wrote:From a technical standpoint, 62^len is less breakable than 26^len.Graf Zahl wrote:Numbers and capital letters are highly overrated.
-
- Posts: 753
- Joined: Tue Jul 15, 2003 3:37 pm
Re: !!ATTENTION!! - Please Secure Your Passwords!
The days where you had to press a button to send data to a server have been gone for a long time. Each time you type something into the Google translator this data is sent to Google, and the Google servers reply with the translation. This technique is called AJAX and very common nowadays.Gothic wrote:But you don't click anything on that site, you just type and the result appears, like Google Translator.boris wrote:Entering your password on some random website that "tests" your password is a bad idea. They could as well store it in a dictionary.
-
-
- Posts: 12328
- Joined: Tue Jul 21, 2009 12:04 pm
- Preferred Pronouns: He/Him
- Operating System Version (Optional): Windows 11
- Graphics Processor: nVidia with Vulkan support
- Location: capital N, capital S, no space
Re: !!ATTENTION!! - Please Secure Your Passwords!
If we're talking about using a personal phrase, that's still real words. For most people, the phrase is still going to be somehow related to the site it's used on (unless they're reusing it across sites), and even one bizarre substitution (I.E. not something as obvious as o->0) is going to be unpredictable.Graf Zahl wrote:But that's not how password cracking works. A random combination of small letters is still more secure than a real word where some characters have been capitalized or where 'o's have been replaced with '0's.
I admit I might be biased on the "but is it worth it" front since I can use an obtuse password and still remember it. (Through repeated use, if nothing else.)
-
- Admin
- Posts: 6191
- Joined: Thu Feb 26, 2004 3:02 pm
- Preferred Pronouns: He/Him
Re: !!ATTENTION!! - Please Secure Your Passwords!
Our current woes are probably related to the slew of recent password dumps, as noted in this Reddit admin announcement. From that post, here's a decent write-up on modern password cracking, which I believe is what Graf's getting at. "H0r53" bay contain more entropy than "horse", but dictionary cracking is wise to leet-speak replacements, so it's liable to be higher on the list than a brute-force attack (which are really outdated).
Basically, at this point you need to be using completely passwords like D9#%Rf9@pA* to be even close to secure.As computers have become faster, the guessers have got better, sometimes being able to test hundreds of thousands of passwords per second. These guessers might run for months on many machines simultaneously.
They guess intelligently. They don't run through every eight-letter combination from "aaaaaaaa" to "zzzzzzzz" in order. That's 200bn possible passwords, most of them very unlikely. They try the most common password first: "password1". (Don't laugh; the most common password used to be "password".)
A typical password consists of a root plus an appendage. The root isn't necessarily a dictionary word, but it's something pronounceable. An appendage is either a suffix (90% of the time) or a prefix (10% of the time). One guesser I studied starts with a dictionary of about 1,000 common passwords, things like "letmein," "temp," "123456," and so on. Then it tests them each with about 100 common suffix appendages: "1", "4u", "69", "abc", "!" and so on. It recovers about 24% of all passwords with just these 100,000 combinations.
Last edited by Caligari87 on Thu May 26, 2016 12:07 pm, edited 1 time in total.
-
- Posts: 2383
- Joined: Thu Feb 11, 2016 9:59 am
Re: !!ATTENTION!! - Please Secure Your Passwords!
Some of my passwords are long and complicated enough that I need to do some air keyboarding to remember exactly how it goes. That moment when muscle memory > actual memory. I know the phrases, but, beat me with a stick, I can't type them on my phone. I forget how far I've typed halfway there.