Password breach? 12:17 - Jun 20 with 4288 views | SimonCleggsNeck | How come User passwords for this site are available to purchase on hacking websites? | |
| | |
Password breach? on 14:50 - Jun 20 with 624 views | Coastalblue |
Password breach? on 12:51 - Jun 20 by Guthrum | How secure are password managers? Genuine question, as always sounded an iffy idea to me. |
I've used Last Pass for years and always felt secure, it also is interesting sometimes going back through your 'vault' and rediscovering stuff you registered with many, many moons ago. Without this I doubt I'd use my phone online at all as I'd never remember log in details but the fact I can have it across different formats helps a ton with that. | |
| |
Password breach? on 16:40 - Jun 20 with 587 views | DanTheMan |
Password breach? on 14:20 - Jun 20 by giant_stow | Fair enough, but does a long series of gibberish charavcters (noted somewhere secure) beat a long series of words? Do password guessing programmes start with words or assume nothing? |
If they are of equal length and truly random, then the long series of characters beats words. With password managers, you can just use a massive list of random characters and that works fine. However the password for your password manager is the one you want to be memorable and long, and preferably just in your memory. One thing that computers are really good at is working out patterns. So p@ssw0rd is effectively no different than password because all you have to do is tell the program to also try @ when there is an a. Most hacking programs will use lists of the most commonly used passwords and combinations of common words with replacements. Also things like dates etc. What they won't bother doing is dictionary attacks (where you use words) with spaces in because almost nobody uses this type of password. In a hypothetical future where everyone uses this type of password then they might switch up the way they attack and go for these passwords. Ultimately though most passwords are not guessed, they are leaked through poor security practices such as passwords being stored in insecure formats and then cracked and sold. And because people re-use their password, the password for some random eCommerce style site is as useful as the one to your bank account. Another TL;DR: Use a set of random words you can remember to get into your password manager. Store your passwords in the password manager and they can be long and random. | |
| |
Password breach? on 17:18 - Jun 20 with 563 views | Swansea_Blue |
Password breach? on 14:07 - Jun 20 by Guthrum | Thanks Dan. |
No, I think they need to be longer than that | |
| |
Password breach? on 17:22 - Jun 20 with 561 views | Swansea_Blue |
Password breach? on 14:13 - Jun 20 by giant_stow | I'm confused - I thought using words as passwords was a real no no. |
As long as you use ‘correct horse battery staple’ you’ll be fine. Nobody knows about that one. | |
| |
Password breach? on 17:38 - Jun 20 with 544 views | giant_stow |
Password breach? on 16:40 - Jun 20 by DanTheMan | If they are of equal length and truly random, then the long series of characters beats words. With password managers, you can just use a massive list of random characters and that works fine. However the password for your password manager is the one you want to be memorable and long, and preferably just in your memory. One thing that computers are really good at is working out patterns. So p@ssw0rd is effectively no different than password because all you have to do is tell the program to also try @ when there is an a. Most hacking programs will use lists of the most commonly used passwords and combinations of common words with replacements. Also things like dates etc. What they won't bother doing is dictionary attacks (where you use words) with spaces in because almost nobody uses this type of password. In a hypothetical future where everyone uses this type of password then they might switch up the way they attack and go for these passwords. Ultimately though most passwords are not guessed, they are leaked through poor security practices such as passwords being stored in insecure formats and then cracked and sold. And because people re-use their password, the password for some random eCommerce style site is as useful as the one to your bank account. Another TL;DR: Use a set of random words you can remember to get into your password manager. Store your passwords in the password manager and they can be long and random. |
Thanks Dan, really appreciate that run through - ta. | |
| |
| |