|
Title: password security Post by: arythmic on July 31, 2014, 02:54:30 AM Maybe I'm just old-fashioned.
https://i.imgur.com/VgS309m.png I'm guessing that at some point in technology history, someone must have thought "no, we don't need to do that..." why is this so common? It seems I only started seeing this when I got started with bitcoin. Title: Re: password security Post by: dudexer on July 31, 2014, 03:23:58 AM This is sily, you cant trust this system at all.
Anyone with some amount brute force can get the login in the website. Title: Re: password security Post by: TheNewAnon135246 on July 31, 2014, 06:39:51 AM This is sily, you cant trust this system at all. Anyone with some amount brute force can get the login in the website. You can make it difficult for them. I am using a password with 8 letters and 10 numbers, which would take a bit longer to bruteforce. Some people use 8 characters max. Title: Re: password security Post by: forever21 on July 31, 2014, 10:05:43 AM i used 20 characters including number letters capital and a special character which is not related to my personal info some nonsense word which is not english words
Title: Re: password security Post by: sapta on July 31, 2014, 11:50:11 AM And use different password for every site. Don't ever use your email password, and don't ever register to untrusted site. Especially when it doesn't have SSL Certificate.
Title: Re: password security Post by: rohnearner on July 31, 2014, 12:06:36 PM i used 20 characters including number letters capital and a special character which is not related to my personal info some nonsense word which is not english words Although it is recommended to have strong passwords with a good mix of alphanumeric and special characters but in some cases it doesn't matter how strong your password is , key-loggers can upset you any day or worst case scenario a screen logger with key logger. So I never-ever feel secure doesn't matter how strong my password is.Title: Re: password security Post by: DjPxH on July 31, 2014, 12:22:09 PM Brute-forcing passwords on an online resource of which you don't have the password hashes from is more complicated than most people think, I guess. The server can limit the amount of tries an attacker can perform. That way the number of brute-force attempts can be severely limited!
Title: Re: password security Post by: Lauda on July 31, 2014, 12:35:15 PM Brute-forcing passwords on an online resource of which you don't have the password hashes from is more complicated than most people think, I guess. The server can limit the amount of tries an attacker can perform. That way the number of brute-force attempts can be severely limited! Imagine just how many attempts it takes to figure out a ~20 character password, including numbers and symbols. Title: Re: password security Post by: forever21 on July 31, 2014, 12:49:06 PM i used 20 characters including number letters capital and a special character which is not related to my personal info some nonsense word which is not english words Although it is recommended to have strong passwords with a good mix of alphanumeric and special characters but in some cases it doesn't matter how strong your password is , key-loggers can upset you any day or worst case scenario a screen logger with key logger. So I never-ever feel secure doesn't matter how strong my password is.you can always prevent on how to be a victim of key logger it usually can install easily on windows but if you used debian or any other open source system then the chance is not so high Title: Re: password security Post by: DjPxH on July 31, 2014, 12:51:58 PM Brute-forcing passwords on an online resource of which you don't have the password hashes from is more complicated than most people think, I guess. The server can limit the amount of tries an attacker can perform. That way the number of brute-force attempts can be severely limited! Imagine just how many attempts it takes to figure out a ~20 character password, including numbers and symbols. Depends on the entropy of the individual characters ;) But yeah, if it really is chosen randomly this is practically impossible. But even a shorter password could be effective if the amount of tries is limited by the server. Title: Re: password security Post by: vit1988 on July 31, 2014, 05:34:20 PM Don't see a fail here. Confirming passwords does not increase security. It only prevents you from misstyping which is a non-issue as long as you are able to reset your credentials.
And as only long generated passwords are good passwords (which you typically generate in your password manager and copy+paste into that field with absolutely no chance of misstyping) confirmation form fields are in fact useless. Title: Re: password security Post by: nottm28 on July 31, 2014, 05:42:47 PM http://passwordsafe.sourceforge.net/
Opensource (free) password safe - everyone should use it... Title: Re: password security Post by: slurpy on July 31, 2014, 05:48:22 PM Good thing I don't bump in to those websites much.
Title: Re: password security Post by: PolarPoint on July 31, 2014, 05:55:11 PM The problem with some sites is they don't accept password length more than 10 and no special characters, and they don't tell you about it. So, you enter this extra complicated password and you can never login with the password you typed. :D
Title: Re: password security Post by: Baitty on July 31, 2014, 06:27:28 PM http://passwordsafe.sourceforge.net/ Opensource (free) password safe - everyone should use it... Nice little program! Thanks for sharing. Title: Re: password security Post by: nottm28 on July 31, 2014, 06:28:59 PM http://passwordsafe.sourceforge.net/ Opensource (free) password safe - everyone should use it... Nice little program! Thanks for sharing. There's also an iphone version for when you are out and about :) - if you do the apple thingy that is... |
