Tilted Forum Project Discussion Community  

Go Back   Tilted Forum Project Discussion Community > Chatter > General Discussion


 
 
LinkBack Thread Tools
Old 02-24-2010, 06:01 AM   #41 (permalink)
Fly
see the links to my music?
 
Fly's Avatar
 
Location: Beautiful British Columbia
my password is fuckyou.........that's what i utter under my breath every time i forget my passwords.so i started using it.


hahahha
__________________
BASTARD

SterlingStudios
Fly is offline  
Old 02-24-2010, 07:41 AM   #42 (permalink)
Who You Crappin?
 
Derwood's Avatar
 
Location: Everywhere and Nowhere
Can you name the most used passwords of all time? - sporcle

a quiz about the most common passwords
__________________
"You can't shoot a country until it becomes a democracy." - Willravel
Derwood is offline  
Old 02-25-2010, 03:13 PM   #43 (permalink)
Junkie
 
Location: My head.
Xerxys is offline  
Old 02-26-2010, 07:01 PM   #44 (permalink)
Devoted
 
Redlemon's Avatar
 
Donor
Location: New England
'Pussy'? Seriously? Never would have thought it would rank so high.
__________________
I can't read your signature. Sorry.
Redlemon is offline  
Old 02-27-2010, 12:51 AM   #45 (permalink)
Broken Arrow
 
Vigilante's Avatar
 
Location: US
Quote:
Originally Posted by dksuddeth View Post
I use incredibly complex passwords. One time, it got me fired. I was hired as the systems administrator for a very small 60 employee company. I changed the primary domain administrator account password to K@$m1rF@bric$@dm1n

They were not amused
Me too.

Notice that administrators always use insane passwords. Mine here is over 10 characters, uses capitals, lowercase, numbers and symbols. I wish anyone luck with the hack attempt of my account.

My email password is vastly more complicated. Same ruleset, but much longer. I remember them by creating sentences. example:

I got laid on the 4th of July.
This translates to:

!g0tL4!d@4THuVJuLy

It took me 5 seconds to come up with a password I can remember from day to day. All I have to do is say it in my head as I type it. Eventually as I become more comfortable with it, I say the symbols instead of the words, and now I know it for years even if I don't use it.
__________________
We contend that for a nation to try to tax itself into prosperity is like a man standing in a bucket and trying to lift himself up by the handle.
-Winston Churchill
Vigilante is offline  
Old 02-27-2010, 06:59 AM   #46 (permalink)
Crazy
 
Location: Earth
deleted

Last edited by raptor9k; 09-07-2021 at 02:13 PM..
raptor9k is offline  
Old 02-27-2010, 07:22 AM   #47 (permalink)
You had me at hello
 
Poppinjay's Avatar
 
Location: DC/Coastal VA
Quote:
And the horse is now dead. And rotted. And the corpse has been hauled off to the dog food factory.

Can we put a stop to the jokes about the password change requirement? There was a very good reason that we asked everyone to do that (one I'm not about to discuss in a google-crawled area of the board). Yes, it was a pain in the ass. Yes, the message looked a little silly to some of you. The same joke being told in 2 different threads wore thin a while ago though.
Can't I tell it just one more time?

My password is so old it's Betty White.

But seriously folks, on our computers at work we use to edit news stories and audio, it was 123456. Corporate requires regular changes, so it is now 12345.
__________________
I think the Apocalypse is happening all around us. We go on eating desserts and watching TV. I know I do. I wish we were more capable of sustained passion and sustained resistance. We should be screaming and what we do is gossip. -Lydia Millet

Last edited by Poppinjay; 02-27-2010 at 07:24 AM..
Poppinjay is offline  
Old 02-27-2010, 10:21 AM   #48 (permalink)
Insane
 
LazyBoy's Avatar
 
Location: Memphis Area
I was just prompted to change mine after 14632 days or something like that.....so it's been awhile

-Will
__________________
Life is nothing, everything.....and something in between...
LazyBoy is offline  
Old 03-02-2010, 05:05 PM   #49 (permalink)
Insane
 
Ice|Burn's Avatar
 
Location: California
Quote:
Originally Posted by Martian View Post
The attack they're describing is a dictionary attack, and it's very common. A simple script, 20 minutes or so and if the website in question doesn't have specific measures in place to counteract it, an account can be cracked.

I do generally follow secure password policy. My only conceit is that I do reuse passwords to some extent. I have a list of them memorized and will select one more or less at random for a new account. One of the benefits of this system is that if I should forget what password goes with which account or website, I only have to guess a limited number of times before I hit on the right one. The monumental downside is that if someone were to somehow obtain a list of all my passwords they'd have access to basically everything.

The principles of a strong password have been understood for a long time. No words, mix of numbers and letters, mixed case, at least 8 characters. If more people followed these guidelines there'd be less cybercrime. It's as simple as that.
All true.

The problem with "secure" passwords is that they aren't human friendly. our brains are not wired to be able to use a completely random string of characters as anything usable. We assign meanings and use visual clues to help us along the way. We've all seen the email where the first and last letter of a word or correct but the middle is mixed around. Yet when we read it we still read it as being 'correct' because our brains complete the gap so to speak.

I would love it if everyone used the truly secure password method. However if that happened I suspect Post-it notes would become hard to find in a hurry.
__________________
"I contend that we are both atheists. I just believe in one fewer god than you do. When you understand why you dismiss all other possible gods, you will understand why I dismiss yours." -Stephen F. Roberts

IF PWNED > OWNED and PWNED=PWNAGE and OWN<PWN but PWN<PWNED and OWNAGE>OWN then what does OWNAGE+PWN equal?
Ice|Burn is offline  
Old 03-10-2010, 11:09 PM   #50 (permalink)
Upright
 
Savinkov's Avatar
 
Location: the Rust Belt
I use passwords on a rotating basis from one of three different tiers of quality, as needed: low, medium, and high security. The p/ws themselves are usually acronyms with liberal use of numbers and other characters.

If I'm feeling feisty I'll use a fairly lengthy phrase as fodder for a long acronym; one that also includes digits here-n-there. Add a few other characters and spice to serve.

I can't see *not* changing p/ws on a reasonably frequent basis.

All other viewpoints I harbour on this subject are [[REDACTED]]
__________________
"What is the thing we crave most in life? The sense that someone somewhere remembers and loves us.
Even better if we love them in return. Anything can be endured if that idea holds fast." -- Martin Cruz Smith, RED SQUARE
Savinkov is offline  
Old 03-18-2010, 10:43 PM   #51 (permalink)
Upright
 
I use a "weak" password for a lot of the stuff I don't care all that much about just because its quick and easy to remember since I share it across many accounts. I then use much stronger passwords for things such as my primary email, bank accounts, accounts with CC info etc...
SoulStealer is offline  
Old 03-31-2010, 06:24 PM   #52 (permalink)
Tilted Cat Head
 
Cynthetiq's Avatar
 
Administrator
Location: Manhattan, NY
Quote:
How I’d Hack Your Weak Passwords

Posted on Mar 26, 2007 - 2:17am by John P. in Computing, Security
If you invited me to try and crack your password, you know the one that you use over and over for like every web page you visit, how many guesses would it take before I got it?
Let’s see… here is my top 10 list. I can obtain most of this information much easier than you think, then I might just be able to get into your e-mail, computer, or online banking. After all, if I get into one I’ll probably get into all of them.
  1. Your partner, child, or pet’s name, possibly followed by a 0 or 1 (because they’re always making you use a number, aren’t they?)
  2. The last 4 digits of your social security number.
  3. 123 or 1234 or 123456.
  4. “password”
  5. Your city, or college, football team name.
  6. Date of birth – yours, your partner’s or your child’s.
  7. “god”
  8. “letmein”
  9. “money”
  10. “love”
Statistically speaking that should probably cover about 20% of you. But don’t worry. If I didn’t get it yet it will probably only take a few more minutes before I do…

Hackers, and I’m not talking about the ethical kind, have developed a whole range of tools to get at your personal data. And the main impediment standing between your information remaining safe, or leaking out, is the password you choose. (Ironically, the best protection people have is usually the one they take least seriously.)
One of the simplest ways to gain access to your information is through the use of a Brute Force Attack. This is accomplished when a hacker uses a specially written piece of software to attempt to log into a site using your credentials. Insecure.org has a list of the Top 10 FREE Password Crackers right here.
So, how would one use this process to actually breach your personal security? Simple. Follow my logic:
  • You probably use the same password for lots of stuff right?
  • Some sites you access such as your Bank or work VPN probably have pretty decent security, so I’m not going to attack them.
  • However, other sites like the Hallmark e-mail greeting cards site, an online forum you frequent, or an e-commerce site you’ve shopped at might not be as well prepared. So those are the ones I’d work on.
  • So, all we have to do now is unleash Brutus, wwwhack, or THC Hydra on their server with instructions to try say 10,000 (or 100,000 – whatever makes you happy) different usernames and passwords as fast as possible.
  • Once we’ve got several login+password pairings we can then go back and test them on targeted sites.
  • But wait… How do I know which bank you use and what your login ID is for the sites you frequent? All those cookies are simply stored, unencrypted and nicely named, in your Web browser’s cache. (Read this post to remedy that problem.)
And how fast could this be done? Well, that depends on three main things, the length and complexity of your password, the speed of the hacker’s computer, and the speed of the hacker’s Internet connection.
Assuming the hacker has a reasonably fast connection and PC here is an estimate of the amount of time it would take to generate every possible combination of passwords for a given number of characters. After generating the list it’s just a matter of time before the computer runs through all the possibilities – or gets shut down trying.
Pay particular attention to the difference between using only lowercase characters and using all possible characters (uppercase, lowercase, and special characters – like @#$%^&*). Adding just one capital letter and one asterisk would change the processing time for an 8 character password from 2.4 days to 2.1 centuries.
Remember, these are just for an average computer, and these assume you aren’t using any word in the dictionary. If Google put their computer to work on it they’d finish about 1,000 times faster.
Now, I could go on for hours and hours more about all sorts of ways to compromise your security and generally make your life miserable – but 95% of those methods begin with compromising your weak password. So, why not just protect yourself from the start and sleep better at night?
Believe me, I understand the need to choose passwords that are memorable. But if you’re going to do that how about using something that no one is ever going to guess AND doesn’t contain any common word or phrase in it.
Here are some password tips:
  1. Randomly substitute numbers for letters that look similar. The letter ‘o’ becomes the number ‘0′, or even better an ‘@’ or ‘*’. (i.e. – m0d3ltf0rd… like modelTford)
  2. Randomly throw in capital letters (i.e. – Mod3lTF0rd)
  3. Think of something you were attached to when you were younger, but DON’T CHOOSE A PERSON’S NAME! Every name plus every word in the dictionary will fail under a simple brute force attack.
  4. Maybe a place you loved, or a specific car, an attraction from a vacation, or a favorite restaurant?
  5. You really need to have different username / password combinations for everything. Remember, the technique is to break into anything you access just to figure out your standard password, then compromise everything else. This doesn’t work if you don’t use the same password everywhere.
  6. Since it can be difficult to remember a ton of passwords, I recommend using Roboform for Windows users. It will store all of your passwords in an encrypted format and allow you to use just one master password to access all of them. It will also automatically fill in forms on Web pages, and you can even get versions that allow you to take your password list with you on your PDA, phone or a USB key. If you’d like to download it without having to navigate their web site here is the direct download link.
  7. Mac users can use 1Password. It is essentially the same thing as Roboform, except for Mac, and they even have an iPhone application so you can take them with you too.
  8. Once you’ve thought of a password, try Microsoft’s password strength tester to find out how secure it is.
By request I also created a short RoboForm Tutorial. Hope it helps…
Another thing to keep in mind is that some of the passwords you think matter least actually matter most. For example, some people think that the password to their e-mail box isn’t important because “I don’t get anything sensitive there.” Well, that e-mail box is probably connected to your online banking account. If I can compromise it then I can log into the Bank’s Web site and tell it I’ve forgotten my password to have it e-mailed to me. Now, what were you saying about it not being important?
Often times people also reason that all of their passwords and logins are stored on their computer at home, which is save behind a router or firewall device. Of course, they’ve never bothered to change the default password on that device, so someone could drive up and park near the house, use a laptop to breach the wireless network and then try passwords from this list until they gain control of your network – after which time they will own you!
Now I realize that every day we encounter people who over-exaggerate points in order to move us to action, but trust me this is not one of those times. There are 50 other ways you can be compromised and punished for using weak passwords that I haven’t even mentioned.
I also realize that most people just don’t care about all this until it’s too late and they’ve learned a very hard lesson. But why don’t you do me, and yourself, a favor and take a little action to strengthen your passwords and let me know that all the time I spent on this article wasn’t completely in vain.
Please, be safe. It’s a jungle out there.
Check out the matrix of how many letters and how fast it is to crack them.

personally I'm warm and fuzzy by not following any of the conventions that he's touting.
__________________
I don't care if you are black, white, purple, green, Chinese, Japanese, Korean, hippie, cop, bum, admin, user, English, Irish, French, Catholic, Protestant, Jewish, Buddhist, Muslim, indian, cowboy, tall, short, fat, skinny, emo, punk, mod, rocker, straight, gay, lesbian, jock, nerd, geek, Democrat, Republican, Libertarian, Independent, driver, pedestrian, or bicyclist, either you're an asshole or you're not.
Cynthetiq is offline  
Old 03-31-2010, 07:25 PM   #53 (permalink)
Confused Adult
 
Shauk's Avatar
 
Location: Spokane, WA
I contest that the password has always been a small part of the hacking process.

it is a hell of a lot easier to have the site itself try to hand you access to the account via their weak attempts to be user friendly to people who forget their passwords.

Seriously, what do they want to know before they're like "durf, ok here you go?"

some of them only require an email address. Getting your intended target's email address isn't hard. getting access to it tends to open up the world to all the other accounts.

Out of all of your accounts, your email is the most important, the end.
Every account you have on a forum, with a bank, on your porn sites, whatever it is you do online, generally will have your email address associated with it in some way.

Take hotmail, say you want to hack bob who lives across the street, his dog has been shitting on your lawn. You see him checking his mail, you know bob has kids, tell him you need his email address for a petition you're working on to have old cartoons brought back to public television to expose our children to classics instead of modern garbage, I dunno be creative.

he gives you bob@hotmail.com

you wander on over to the site and whats this? all you need to change the password is his state/city/zip and the name of the city he was born in?

well you can guess all the major cities around where you live, and if that doesn't work, well next time he checks his mail you can just make casual conversation, Man, schools these days just don't cut it do they, why my school from 20 years ago back in Washington could kick the pants of these locals, where did you grow up? xyz response, "oh really, were you born there?" "Oh nooo I was born in wichita kansas"

/cinch



Your security questions are by far a bigger weakness than your password.

by far.

Thats why when someone asks me where I was born, my 1st dogs name, my mothers maiden name, casual conversation or not, they can just shut the fuck up.

I do tell people where I was born though so I just stopped answering that one online.

Last edited by Shauk; 04-01-2010 at 10:54 AM..
Shauk is offline  
Old 04-01-2010, 10:23 AM   #54 (permalink)
Tilted Cat Head
 
Cynthetiq's Avatar
 
Administrator
Location: Manhattan, NY
Quote:
Originally Posted by Shauk View Post
Your security questions are by far a bigger weakness than your password.

by far.

Thats why when someone asks me where I was born, my 1st dogs name, my mothers maiden name, casual conversation or not, they can just shut the fuck up
I understood that from the first time I got asked a security challenge question. I made it not my mother's maiden name or my pet's name, but decided to use my friend's maiden name or my friend's pet name.
__________________
I don't care if you are black, white, purple, green, Chinese, Japanese, Korean, hippie, cop, bum, admin, user, English, Irish, French, Catholic, Protestant, Jewish, Buddhist, Muslim, indian, cowboy, tall, short, fat, skinny, emo, punk, mod, rocker, straight, gay, lesbian, jock, nerd, geek, Democrat, Republican, Libertarian, Independent, driver, pedestrian, or bicyclist, either you're an asshole or you're not.
Cynthetiq is offline  
Old 04-01-2010, 10:53 AM   #55 (permalink)
Junkie
 
Location: My head.
My password here was 123456 for a very long time.

The article posted above by cynth is merely fear mongering. Sure "cracking" a password may be easy but HACKING is hard. I want anyone here (you are stupid if you do this) to attempt downloading any of the software posted in the article and try hacking or breaking into ANY site worth it's water like facebook, hotmail, google, yahoo or even TFP.

Until people stop throwing around the word "hacking" and grasp the efforts web masters have gone through to implement simple security measures, then you're still a luddite in my mind.
Xerxys is offline  
Old 04-03-2010, 05:20 AM   #56 (permalink)
The Death Card
 
Ace_O_Spades's Avatar
 
Location: EH!?!?
I use two levels of password

One: is a short, easily remembered placeholder I use for forums and bullshit things I need to sign up for

Two: is a 12+ character alpha-numeric combination of CAPS, lowercase, numbers (0-9), and characters (!*$). I use this for my e-mail accounts, work loginID, blog, anything I don't want anyone accessing.

PS: Use Chrome, it is by far the most secure browser.

Oh, forgot to say how often I change them... Not often for my less secure one. I change my strong passwords about as often as I change my toothbrush, once every 3-5 months.
__________________
Feh.

Last edited by Ace_O_Spades; 04-03-2010 at 05:24 AM..
Ace_O_Spades is offline  
Old 04-03-2010, 07:00 AM   #57 (permalink)
Upright
 
Thrombatic Pyle's Avatar
 
I use the same password for most Message Board Stuff, otherwise I'd have to have a notebook full of passwords.
Thrombatic Pyle is offline  
Old 04-12-2010, 06:21 PM   #58 (permalink)
Upright
 
SlowJoeCrow's Avatar
 
Location: The Ever-Changing Chaos of Limbo
I am simply amazed by that sporcle quiz. Mankind's top 5 concerns: pussy, dragons, 69, mustangs, and baseball?
SlowJoeCrow is offline  
Old 04-12-2010, 08:29 PM   #59 (permalink)
Upright
 
Taralynn's Avatar
 
Location: The midwest
My passwords are all the same. I have no creativity. No memory. The only thing I retain on a regular basis is water.
Taralynn is offline  
Old 12-15-2010, 07:53 PM   #60 (permalink)
Young Crumudgeon
 
Martian's Avatar
 
Location: Canada
I thought with the recent issues due to Gawker, this thread deserved a bump.

The whole Gawker thing highlights (yet again) various security vulnerabilities.

We can talk about Gawker's failures (storing passwords using DES encryption, of all things), but the user failures and how this impacts the wider internet is more interesting to me.

The Wall Street Journal has a fun article that breaks down the most popular passwords in a few different ways. The usual suspects show up with the usual prevalence, but some of the others seem as though they're almost attempts at being secure. "trustno1" for example, seems almost like an effort at choosing something truly secure -- it fails the test, but it seems to indicate that some users are at least thinking about password security.

On the other hand, apparently only ~30% are using passwords of 8 characters or more, which is generally considered to be the bare minimum to prevent simple brute force cracking.

In one of life's grand ironies, Lifehacker has an article about creating secure passwords that actually isn't that bad. Mind you, none of their methods are preferred (they have a tendency to generate passwords that are too short and/or not random enough) but the basic method of generating secure passwords using an easy-to-remember method rather than using easy-to-remember passwords (or worse, one password) is sound.

One thing that shocks me is when sites themselves prevent one from using a secure password. Financial institutions seem to be fond of this, and they of all institutions should know better, as it were. Magpie's bank only allows passwords of up to 6 characters in length -- including all letters (upper and lower case) and all numbers, that provides a grand total of just shy of 57 billion possibilities. Granted that may seem like a big number, but keep in mind that big numbers are what computers do best and that even modest household PCs today typically possess 2-3 GHz of processing power and that not including the graphics chipset.

So how has the Gawker thing affected you? Has it caused you to think about security more, or to take password security more seriously? Have you changed any of your passwords as a response?

My prior method of password selection was reasonably secure, but lately I've found it's gotten a bit unwieldy. I was getting into a position where I was having to make a choice between using my passwords in too many different places, causing potential insecurity, or trying to remember too many different passwords, causing me inconvenience. As a result and because I honestly can't remember whether or not I've ever signed up for a Gawker site, I took this as a prompt to change my own password policy.

One thing that I've noticed is that password managers have more or less taken over my logins. This means that for anything other than local systems I can safely move to a more secure/less convenient password without making my life that much more difficult. Granted, this introduces a new form of insecurity in that anyone with access to one of my usual machines will have the ability to access everything, but access to my local machines implies much bigger problems anyway (aside from which, they would have to first break into any computer of mine they had access to -- all of them use secure passwords and all of them are set to lock automatically after a short period of inactivity).

I won't divulge my current method of generating passwords, but I will say that it generates passwords of up to 32 characters, random alphanumeric. I can be a bit paranoid sometimes, but I think that's probably good enough.
__________________
I wake up in the morning more tired than before I slept
I get through cryin' and I'm sadder than before I wept
I get through thinkin' now, and the thoughts have left my head
I get through speakin' and I can't remember, not a word that I said

- Ben Harper, Show Me A Little Shame
Martian is offline  
 

Tags
change, easy, passwords

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -8. The time now is 06:20 AM.

Tilted Forum Project

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0 PL2
© 2002-2012 Tilted Forum Project

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360