|
Title: New MtGox password Post by: michaelmclees on June 21, 2011, 05:03:11 PM So, umm, what exactly are the requirements of our new passwords?
For example, something like "mic396pip$!" is apparently not strong enough for Mt Gox. What's the deal? Title: Re: New MtGox password Post by: anatolikostis on June 21, 2011, 05:13:55 PM So, umm, what exactly are the requirements of our new passwords? use passgenerator soft...20-digit pass will fit to...For example, something like "mic396pip$!" is apparently not strong enough for Mt Gox. What's the deal? something like a ........GMqojrOcjjCFeqhCNwzM...... Title: Re: New MtGox password Post by: dodgrr on June 21, 2011, 05:45:39 PM This is insane, there has to be a better way to security ???
Title: Re: New MtGox password Post by: michaelmclees on June 21, 2011, 06:03:16 PM This is insane, there has to be a better way to security ??? I agree. I used lastpass to generate a 20 character password which it accepted. But I remember trading stocks on Zecco with a password weaker than what I originally had on MtGox. Oh well. Title: Re: New MtGox password Post by: Randall Flagg on June 21, 2011, 07:42:05 PM Well, use something like keepass. Will help you get through the day, just avoid keyloggers. So true ! LOLTitle: Re: New MtGox password Post by: hawks5999 on June 21, 2011, 08:25:12 PM 14 chars accepted with upper/lower/number/symbol
Title: Re: New MtGox password Post by: Oldminer on June 21, 2011, 08:30:20 PM This is insane, there has to be a better way to security ??? RSA token IMO Title: Re: New MtGox password Post by: myrkul on June 21, 2011, 08:36:25 PM Two options:
1: Lastpass/Keepass/password manager du jour Pros: Random, nigh impossible to crack. Cons: Twice as impossible to remember, Database may be vulnerable if you use a weak password. 2: GRC's Password Haystack (http://www.grc.com/haystack.htm) Method. Pros: Easy to remember, hard to crack Cons: Difficulty to crack is based on how good your haystacking method is. Examples: Generated from my Lastpass: R7b!ij2zi^74QVS Made up for a previous thread: !....1gOd1....! Test them, if you'd like. Title: Re: New MtGox password Post by: hawks5999 on June 21, 2011, 08:37:25 PM This is insane, there has to be a better way to security ??? RSA token IMO Or Not: In a letter to customers Monday, the EMC Corp. unit openly acknowledged for the first time that intruders had breached its security systems at defense contractor Lockheed Martin Corp. using data stolen from RSA. Read more: http://online.wsj.com/article/SB10001424052702304906004576369990616694366.html#ixzz1PweLseTU Title: Re: New MtGox password Post by: ttyler333 on June 21, 2011, 08:47:42 PM A better way to secure would be the do aes_254 encryption.. i beleive thats what the banks are using. As well has a sha1 or md5 hash that has been salted. Very easy to do.
Also maybe throw in some geolocation into the login process. So you have to be atleast from the same country or even same state/region. All security should be on mtgox's end, not your guy's. A simple password of "hi" should be secure. Look at the recent hacks against sony. They didnt secure anything so 1 million people had account info stolen and then if you had that list you could get on their email, find paypal or other payment sites... All because one site did not encrypt or hash anything. Security resides within. Also do not reuse passwords. Plain and simple!. Reuse them if you want but don't over use them. Keep a different password for your email account. Simple PHP MD5 Salting. Code: $salt= 'SOME UNIQUE STRING MAYBE WITH NUMBERS'; Title: Re: New MtGox password Post by: myrkul on June 21, 2011, 08:54:07 PM A simple password of "hi" should be secure. Uh... No. That would get cracked in milliseconds. No matter what the security on the server side was. Title: Re: New MtGox password Post by: ttyler333 on June 21, 2011, 11:10:30 PM A simple password of "hi" should be secure. Uh... No. That would get cracked in milliseconds. No matter what the security on the server side was. I do not think you understand... But anywho, lets keep you in the dark :P Title: Re: New MtGox password Post by: myrkul on June 21, 2011, 11:19:35 PM A simple password of "hi" should be secure. Uh... No. That would get cracked in milliseconds. No matter what the security on the server side was. I do not think you understand... But anywho, lets keep you in the dark :P A weak password is a weak password. IP geolocation will not save you from the hacker next door. Title: Re: New MtGox password Post by: qed on June 21, 2011, 11:22:29 PM 32 random characters is my new standard. Nice, where did you write it? Into a txt file on your desktop? Title: Re: New MtGox password Post by: perfectchoice4u on June 22, 2011, 05:57:59 AM I understand everyone wants to be super secure and all that good jazz.
But why don't i need a 20 character password for paypal or my banks or whatever, filled with all kinds of crap garbage and symbols and all other kinds of stuff? "Spotruns22" = good enough (and no thats not my password) My point is, this shit has nothing to do with your password. Your password could be 1000 characters long and contain upside down letters in it too. It all means jack if the mtgox site isn't secure. Bottom line. The problem here wasn't that your password wasn't good enough guys. Its that they were taken. Title: Re: New MtGox password Post by: ttyler333 on July 07, 2011, 01:11:46 AM A simple password of "hi" should be secure. Uh... No. That would get cracked in milliseconds. No matter what the security on the server side was. I do not think you understand... But anywho, lets keep you in the dark :P A weak password is a weak password. IP geolocation will not save you from the hacker next door. Title: Re: New MtGox password Post by: myrkul on July 07, 2011, 01:22:34 AM Anyways security really isnt that good for online activity once they have that database. My Password was in that database. It was not cracked. |