Be Excellent To Each Other https://www.beexcellenttoeachother.com/forum/ |
|
Passwords https://www.beexcellenttoeachother.com/forum/viewtopic.php?f=3&t=8483 |
Page 1 of 2 |
Author: | Grim... [ Fri Apr 13, 2012 14:36 ] |
Post subject: | Passwords |
We talked about passwords a bit the other day, but it was in the iPad thread so I didn't want to derail it further. Anyway, this is by far the most accurate password strength tester I have ever seen: http://dl.dropbox.com/u/209/zxcvbn/test/index.html If you're interested, this is how it works: http://tech.dropbox.com/?p=165 My hardcore password's crack times were all measured in "months", so that's good. My 'general' one that I use for things I don't really care about was 0.2 seconds so, er... That's not so good. |
Author: | devilman [ Fri Apr 13, 2012 14:43 ] |
Post subject: | Re: Passwords |
Both your links are the same. Interesting stuff though - my 'strong' password is still only a 30-minute one. |
Author: | Bamba [ Fri Apr 13, 2012 14:51 ] |
Post subject: | Re: Passwords |
Mine are predictably shite and piss easy to crack. The secret seems to be to avoid any words that appear in the English language (whether you use number swapping or not). Even just stripping the vowels from a known word seems to work wonders. The real question is: how much does this site reflect the technqiues people really use to crack passwords? And how do we know the answer to that question? |
Author: | Bobbyaro [ Fri Apr 13, 2012 14:56 ] |
Post subject: | Re: Passwords |
Well, Grim... now knows half the forums' passwords for starters! |
Author: | TheVision [ Fri Apr 13, 2012 14:58 ] |
Post subject: | Re: Passwords |
My hardcore password would take 5 months to crack apparently. Why someone would want to spend 5 months just to read my emails is anyones guess, but still... Up to them isn't it? |
Author: | Runcle [ Fri Apr 13, 2012 15:00 ] |
Post subject: | Re: Passwords |
One of my passwords has a crack time of 4 years, anyone beat that? |
Author: | Plissken [ Fri Apr 13, 2012 15:02 ] |
Post subject: | Re: Passwords |
Bobbyaro wrote: Well, Grim... now knows half the forums' passwords for starters! The one and only correct answer! |
Author: | Runcle [ Fri Apr 13, 2012 15:02 ] |
Post subject: | Re: Passwords |
Runcle wrote: One of my passwords has a crack time of 4 years, anyone beat that? Ha I've just realised if I add a letter to the end of it, the crack time changes into centuries. |
Author: | myp [ Fri Apr 13, 2012 15:02 ] |
Post subject: | Re: Passwords |
That thing is great. I've generated a new password that's easy to remember that will take 97 years to crack. |
Author: | Grim... [ Fri Apr 13, 2012 15:02 ] |
Post subject: | Re: Passwords |
devilman wrote: Both your links are the same. Interesting stuff though - my 'strong' password is still only a 30-minute one. Oops! Fixed. Bamba wrote: The secret seems to be to avoid any words that appear in the English language (whether you use number swapping or not). Nah, man. Try Code: My name is Bamba.
|
Author: | myp [ Fri Apr 13, 2012 15:03 ] |
Post subject: | Re: Passwords |
It seems to be the spaces that makes those hard to crack. |
Author: | markg [ Fri Apr 13, 2012 15:05 ] |
Post subject: | Re: Passwords |
Yeah, spaces or anything that isn't a letter or a number. Is it just that brute force attacks try combinations without those first or something? |
Author: | KovacsC [ Fri Apr 13, 2012 15:12 ] |
Post subject: | Re: Passwords |
my work one is measured in centuries!! |
Author: | devilman [ Fri Apr 13, 2012 15:13 ] |
Post subject: | Re: Passwords |
KovacsC wrote: my work one is measured in centuries!! 'measured in centuries!!' was a good password, but you should probably change it now. |
Author: | Bamba [ Fri Apr 13, 2012 15:16 ] |
Post subject: | Re: Passwords |
Grim... wrote: Nah, man. Try Code: My name is Bamba. As others have said, take the spaces out (and also remove 'Bamba' which isn't a real word) and the crack time drops massively. Alternatively, try flibbertygibbet. |
Author: | Grim... [ Fri Apr 13, 2012 15:16 ] |
Post subject: | Re: Passwords |
markg wrote: Yeah, spaces or anything that isn't a letter or a number. Is it just that brute force attacks try combinations without those first or something? They may well do, as a load of things don't allow spaces in passwords (cunts). |
Author: | Grim... [ Fri Apr 13, 2012 15:17 ] |
Post subject: | Re: Passwords |
Bamba wrote: Grim... wrote: Nah, man. Try Code: My name is Bamba. As others have said, take the spaces out (and also remove 'Bamba' which isn't a real word) and the crack time drops massively. I, er... Well, yes. Or, to put it another way, "change the secure password to a non-secure one and it becomes less secure" Replacing the spaces and the word 'Bamba' to get something like Code: My.name.is.a.name is still really good.
|
Author: | Curiosity [ Fri Apr 13, 2012 15:19 ] |
Post subject: | Re: Passwords |
Mine is surprisingly good! 59 years! Not pad considering it only has 8 characters, none of which are anything odd. |
Author: | Grim... [ Fri Apr 13, 2012 15:20 ] |
Post subject: | Re: Passwords |
Curiosity wrote: Not pad considering it only has 8 characters, none of which are anything odd. Obv. pad is three characters. |
Author: | zaphod79 [ Fri Apr 13, 2012 15:20 ] |
Post subject: | Re: Passwords |
password: correcthorsebatterystaple entropy: 45.212 crack time (seconds): 2037200406.475 crack time (display): 65 years I wonder how many passwords in systems are now that :-) |
Author: | Curiosity [ Fri Apr 13, 2012 15:21 ] |
Post subject: | Re: Passwords |
Grim... wrote: Curiosity wrote: Not pad considering it only has 8 characters, none of which are anything odd. Obv. pad is three characters. Whatevs |
Author: | Grim... [ Fri Apr 13, 2012 15:24 ] |
Post subject: | Re: Passwords |
zaphod79 wrote: password: correcthorsebatterystaple entropy: 45.212 crack time (seconds): 2037200406.475 crack time (display): 65 years I wonder how many passwords in systems are now that :-) Enough to assume it's a dictionary word by now. |
Author: | ApplePieOfDestiny [ Fri Apr 13, 2012 15:34 ] |
Post subject: | Re: Passwords |
Centuries, motherfuckers. No Cap changes, no words, no spaces. I fucking rock. Apple can go fuck themselves. |
Author: | Dimrill [ Fri Apr 13, 2012 15:34 ] |
Post subject: | Re: Passwords |
Passwords are things on a computer. |
Author: | Grim... [ Fri Apr 13, 2012 15:35 ] |
Post subject: | Re: Passwords |
Dimrill wrote: Passwords are things on a computer. 4,329,143,000 years! |
Author: | Hero of Excellence [ Fri Apr 13, 2012 15:36 ] |
Post subject: | Re: Passwords |
password: boiledvimtoflattoptwopoundsamonth entropy: 73.001 crack time (seconds): 472663088655908860 crack time (display): centuries |
Author: | zaphod79 [ Fri Apr 13, 2012 15:36 ] |
Post subject: | Re: Passwords |
Grim... wrote: Dimrill wrote: Passwords are things on a computer. 4,329,143,000 years! password: 4,329,143,000 years! entropy: 62.886 crack time (seconds): 426159280464937.9 crack time (display): centuries score from 0 to 4: 4 calculation time (ms): 55 |
Author: | markg [ Fri Apr 13, 2012 15:37 ] |
Post subject: | Re: Passwords |
p a s s w o r d Is good for centuries too apparently. |
Author: | Zardoz [ Fri Apr 13, 2012 15:37 ] |
Post subject: | Re: Passwords |
|-|0t35tc|-|1|1|/\†|-|\/\/0®|∂ |
Author: | Grim... [ Fri Apr 13, 2012 15:39 ] |
Post subject: | Re: Passwords |
Zardoz wrote: |-|0t35tc|-|1|1|/\†|-|\/\/0®|∂ It's a great password from a security point of view, but you'd kill yourself trying to remember it. Or write it down, rendering it fairly useless. |
Author: | Grim... [ Fri Apr 13, 2012 15:44 ] |
Post subject: | Re: Passwords |
TheVision wrote: Why someone would want to spend 5 months just to read my emails is anyones guess, but still... Up to them isn't it? Just saw this - the reason they'll spend a lot of time trying to get into your emails is because they can reset pretty much all your other passwords once they've done so. Or because they're Sky news, and they think you've done something bad. |
Author: | Hero of Excellence [ Fri Apr 13, 2012 15:45 ] |
Post subject: | Re: Passwords |
Grim... wrote: Zardoz wrote: |-|0t35tc|-|1|1|/\†|-|\/\/0®|∂ It's a great password from a security point of view, but you'd kill yourself trying to remember it. Or write it down, rendering it fairly useless. Writing it down wouldn't be too bad in certain circumstances - most people wouldn't have the vaguest clue how to get those symbols from a computer keyboard. |
Author: | Grim... [ Fri Apr 13, 2012 15:49 ] |
Post subject: | Re: Passwords |
Hero of Excellence wrote: Grim... wrote: Zardoz wrote: |-|0t35tc|-|1|1|/\†|-|\/\/0®|∂ It's a great password from a security point of view, but you'd kill yourself trying to remember it. Or write it down, rendering it fairly useless. Writing it down wouldn't be too bad in certain circumstances - most people wouldn't have the vaguest clue how to get those symbols from a computer keyboard. That's true - plus you could write it down in "English". |
Author: | zaphod79 [ Fri Apr 13, 2012 15:50 ] |
Post subject: | Re: Passwords |
Grim... wrote: TheVision wrote: Why someone would want to spend 5 months just to read my emails is anyones guess, but still... Up to them isn't it? Just saw this - the reason they'll spend a lot of time trying to get into your emails is because they can reset pretty much all your other passwords once they've done so. Or because they're Sky news, and they think your hot. FTFY |
Author: | Zardoz [ Fri Apr 13, 2012 15:53 ] |
Post subject: | Re: Passwords |
Grim... wrote: Zardoz wrote: |-|0t35tc|-|1|1|/\†|-|\/\/0®|∂ It's a great password from a security point of view, but you'd kill yourself trying to remember it. |-|/\/\/\/\ 1 ∂0/\† |</\0\/\/, 1 †3/\∂ †0 \/53 †|-|3 5/\/\/\3 ç|-|/\®5 \/\/|-|3/\ 13375P3/\|<1/\G. |
Author: | itsallwater [ Fri Apr 13, 2012 15:56 ] |
Post subject: | Re: Passwords |
Try however using that password on something as simple as a US keyboard. Stupid \ in the wrong place *mummble grummble* |
Author: | TheVision [ Fri Apr 13, 2012 16:08 ] |
Post subject: | Re: Passwords |
zaphod79 wrote: Grim... wrote: TheVision wrote: Why someone would want to spend 5 months just to read my emails is anyones guess, but still... Up to them isn't it? Just saw this - the reason they'll spend a lot of time trying to get into your emails is because they can reset pretty much all your other passwords once they've done so. Or because they're Sky news, and they think your hot. FTFY My hot what? |
Author: | Malabelm [ Fri Apr 13, 2012 16:11 ] |
Post subject: | Passwords |
Grim... wrote: TheVision wrote: Why someone would want to spend 5 months just to read my emails is anyones guess, but still... Up to them isn't it? Just saw this - the reason they'll spend a lot of time trying to get into your emails is because they can reset pretty much all your other passwords once they've done so. Or because they're Sky news, and they think you've done something bad. *Hugs Google’s two-step logins* My standard-but-slightly-varying-depending-on-the-site thirteen-character password would take centuries, supposedly. That’ll do. |
Author: | Warhead [ Fri Apr 13, 2012 17:19 ] |
Post subject: | Re: Passwords |
Author: | Derek The Halls [ Fri Apr 13, 2012 19:49 ] |
Post subject: | Re: Passwords |
My passwords generally take months. Apart from my amazon one which takes centuries. |
Author: | Pundabaya [ Fri Apr 13, 2012 20:19 ] |
Post subject: | Re: Passwords |
It proves what XKCD said about passwords "rowdy roddy piper at the gates of dawn" is way more secure than "3fg£cgh" and is also easier to remember. eta: https://xkcd.com/936/ |
Author: | Joans [ Sat Apr 14, 2012 7:50 ] |
Post subject: | Re: Passwords |
My work one would take centuries, but only because I stuck a 1 on the end when I had to change it. Before that it was only 38 years. Some of my other passwords have crack times in seconds, or in some cases "instant" |
Author: | Grim... [ Sat Apr 14, 2012 20:48 ] |
Post subject: | Re: Passwords |
Malabelm wrote: *Hugs Google’s two-step logins* Their what? |
Author: | ApplePieOfDestiny [ Sat Apr 14, 2012 21:02 ] |
Post subject: | Re: Passwords |
Effectively, an rsa key app on your phone which runs alongside your password for any new login location. |
Author: | Malabelm [ Sun Apr 15, 2012 14:32 ] |
Post subject: | Passwords |
Grim... wrote: Malabelm wrote: *Hugs Google’s two-step logins* Their what? You put your password in, they send a code to you via SMS to log in. If anything doesn’t support logging in that way, you can generate an app-specific password for it. It’s quite effective, but obviously more hassle. |
Author: | Malabelm [ Sun Apr 15, 2012 14:33 ] |
Post subject: | Passwords |
http://support.google.com/accounts/bin/ ... wer=180744 |
Author: | Malabelm [ Wed Apr 18, 2012 8:57 ] |
Post subject: | Passwords |
Aha, Jeff Atwood has just blogged about this two-step lark: http://www.codinghorror.com/blog/2012/0 ... proof.html |
Author: | KovacsC [ Wed Apr 18, 2012 9:06 ] |
Post subject: | Re: Passwords |
I have started changing all my passwords.. |
Author: | ElephantBanjoGnome [ Wed Apr 18, 2012 10:11 ] |
Post subject: | Re: Passwords |
My shit passwords for stuff I don't care about are instantly breakable. My better ones for important stuff are measured in tens of years. Interesting stuff to know though. God help anyone that uses the same password for everything. |
Author: | Plissken [ Wed Apr 18, 2012 10:42 ] |
Post subject: | Re: Passwords |
ElephantBanjoGnome wrote: God help anyone that uses the same password for everything. This is why I get very twitchy when asked to sign in to some site using my Facebook, Twitter or Google account. |
Page 1 of 2 | All times are UTC [ DST ] |
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/ |