!!ATTENTION!! - Please Secure Your Passwords!

We sure do have a lot of rules and guidelines threads - find them all here, and please make sure you've read them! Also, community-wide announcements (that aren't major ZDoom News) go here as well.
boris
Posts: 707
Joined: Tue Jul 15, 2003 3:37 pm

Re: !!ATTENTION!! - Please Secure Your Passwords!

Post by boris »

wildweasel wrote:and testing your password's strength against known cracking algorithms with this tester
Entering your password on some random website that "tests" your password is a bad idea. They could as well store it in a dictionary.
User avatar
4thcharacter
Posts: 1183
Joined: Tue Jun 02, 2015 7:54 am

Re: !!ATTENTION!! - Please Secure Your Passwords!

Post by 4thcharacter »

I think this is the time where the "Add foe" function works well. Report the trolls, then add them as foes.
User avatar
scalliano
Posts: 2841
Joined: Tue Jun 21, 2005 1:16 pm
Location: Ireland

Re: !!ATTENTION!! - Please Secure Your Passwords!

Post by scalliano »

Just changed my password, logged out, and THEN got the "too many login attempts" message as I tried logging in again. Is it time to panic?
User avatar
Slax
... in rememberance ...
Posts: 2121
Joined: Tue Oct 19, 2010 7:01 am
Location: Window office.

Re: !!ATTENTION!! - Please Secure Your Passwords!

Post by Slax »

WELP. Time to upgrade the forums.
User avatar
wildweasel
Moderator Team Lead
Posts: 21519
Joined: Tue Jul 15, 2003 7:33 pm
Preferred Pronouns: He/Him
Operating System Version (Optional): Windows 10, 21H1
Graphics Processor: nVidia with Vulkan support

Re: !!ATTENTION!! - Please Secure Your Passwords!

Post by wildweasel »

Slax wrote:WELP. Time to upgrade the forums.
I'm not sure that this would help anything, considering our troll has been getting in by random brute forcing.
User avatar
Slax
... in rememberance ...
Posts: 2121
Joined: Tue Oct 19, 2010 7:01 am
Location: Window office.

Re: !!ATTENTION!! - Please Secure Your Passwords!

Post by Slax »

Well, an IP ban on too many login attempts would be good. Proxy or not, it should help soothe the issue.
I dunno. It's something at least.
User avatar
NeuralStunner
 
 
Posts: 12301
Joined: Tue Jul 21, 2009 12:04 pm
Preferred Pronouns: He/Him
Graphics Processor: nVidia (Modern GZDoom)
Location: capital N, capital S, no space

Re: !!ATTENTION!! - Please Secure Your Passwords!

Post by NeuralStunner »

scalliano wrote:Is it time to panic?
Nope. Just shows that someone was trying to guess your password from a different system.
Graf Zahl wrote:Numbers and capital letters are highly overrated.
From a technical standpoint, 62^len is less breakable than 26^len.
Graf Zahl wrote:Aside from some random sequence of characters, the best password is still some phrase that only has meaning to you.
This is why I suggested a hybrid of the two. :P
boris wrote:Entering your password on some random website that "tests" your password is a bad idea. They could as well store it in a dictionary.
I've seen this particular site recommended by the folks at Windows Secrets (who I've always seen on the ball about security-related things).
User avatar
Gothic
Posts: 794
Joined: Thu Jun 16, 2011 6:49 pm

Re: !!ATTENTION!! - Please Secure Your Passwords!

Post by Gothic »

boris wrote:Entering your password on some random website that "tests" your password is a bad idea. They could as well store it in a dictionary.
But you don't click anything on that site, you just type and the result appears, like Google Translator.
User avatar
DoomRater
Posts: 8265
Joined: Wed Jul 28, 2004 8:21 am
Location: WATR HQ

Re: !!ATTENTION!! - Please Secure Your Passwords!

Post by DoomRater »

You do that on Google.com as well and that data is sent to Google...
User avatar
demo_the_man
Posts: 748
Joined: Tue May 28, 2013 7:34 am
Location: Workin

Re: !!ATTENTION!! - Please Secure Your Passwords!

Post by demo_the_man »

I didn't even realize this happened. I thought i was banned the whole time,then i realized that the captcha need a space :oops:
User avatar
Graf Zahl
Lead GZDoom+Raze Developer
Lead GZDoom+Raze Developer
Posts: 48374
Joined: Sat Jul 19, 2003 10:19 am
Location: Germany

Re: !!ATTENTION!! - Please Secure Your Passwords!

Post by Graf Zahl »

NeuralStunner wrote:
Graf Zahl wrote:Numbers and capital letters are highly overrated.
From a technical standpoint, 62^len is less breakable than 26^len.
But that's not how password cracking works. A random combination of small letters is still more secure than a real word where some characters have been capitalized or where 'o's have been replaced with '0's.
boris
Posts: 707
Joined: Tue Jul 15, 2003 3:37 pm

Re: !!ATTENTION!! - Please Secure Your Passwords!

Post by boris »

Gothic wrote:
boris wrote:Entering your password on some random website that "tests" your password is a bad idea. They could as well store it in a dictionary.
But you don't click anything on that site, you just type and the result appears, like Google Translator.
The days where you had to press a button to send data to a server have been gone for a long time. Each time you type something into the Google translator this data is sent to Google, and the Google servers reply with the translation. This technique is called AJAX and very common nowadays.
User avatar
NeuralStunner
 
 
Posts: 12301
Joined: Tue Jul 21, 2009 12:04 pm
Preferred Pronouns: He/Him
Graphics Processor: nVidia (Modern GZDoom)
Location: capital N, capital S, no space

Re: !!ATTENTION!! - Please Secure Your Passwords!

Post by NeuralStunner »

Graf Zahl wrote:But that's not how password cracking works. A random combination of small letters is still more secure than a real word where some characters have been capitalized or where 'o's have been replaced with '0's.
If we're talking about using a personal phrase, that's still real words. For most people, the phrase is still going to be somehow related to the site it's used on (unless they're reusing it across sites), and even one bizarre substitution (I.E. not something as obvious as o->0) is going to be unpredictable.

I admit I might be biased on the "but is it worth it" front since I can use an obtuse password and still remember it. (Through repeated use, if nothing else.)
User avatar
Caligari87
User Accounts Assistant
Posts: 5998
Joined: Thu Feb 26, 2004 3:02 pm
Preferred Pronouns: He/Him

Re: !!ATTENTION!! - Please Secure Your Passwords!

Post by Caligari87 »

Our current woes are probably related to the slew of recent password dumps, as noted in this Reddit admin announcement. From that post, here's a decent write-up on modern password cracking, which I believe is what Graf's getting at. "H0r53" bay contain more entropy than "horse", but dictionary cracking is wise to leet-speak replacements, so it's liable to be higher on the list than a brute-force attack (which are really outdated).
As computers have become faster, the guessers have got better, sometimes being able to test hundreds of thousands of passwords per second. These guessers might run for months on many machines simultaneously.

They guess intelligently. They don't run through every eight-letter combination from "aaaaaaaa" to "zzzzzzzz" in order. That's 200bn possible passwords, most of them very unlikely. They try the most common password first: "password1". (Don't laugh; the most common password used to be "password".)

A typical password consists of a root plus an appendage. The root isn't necessarily a dictionary word, but it's something pronounceable. An appendage is either a suffix (90% of the time) or a prefix (10% of the time). One guesser I studied starts with a dictionary of about 1,000 common passwords, things like "letmein," "temp," "123456," and so on. Then it tests them each with about 100 common suffix appendages: "1", "4u", "69", "abc", "!" and so on. It recovers about 24% of all passwords with just these 100,000 combinations.
Basically, at this point you need to be using completely passwords like D9#%Rf9@pA* to be even close to secure.

8-)
Last edited by Caligari87 on Thu May 26, 2016 12:07 pm, edited 1 time in total.
Accensus
Posts: 2378
Joined: Thu Feb 11, 2016 9:59 am

Re: !!ATTENTION!! - Please Secure Your Passwords!

Post by Accensus »

Some of my passwords are long and complicated enough that I need to do some air keyboarding to remember exactly how it goes. That moment when muscle memory > actual memory. I know the phrases, but, beat me with a stick, I can't type them on my phone. I forget how far I've typed halfway there.

Return to “Rules and Forum Announcements”