BrickWall (OP)
Newbie
Offline
Activity: 24
Merit: 0
|
|
May 27, 2015, 03:58:34 PM |
|
My password is like a brick wall reinforced with steel bars. I have written it down manually and type it in manually every time I use it. It's over 100 characters long. Special characters, capitals letters and numbers are all included. Its a randomly generated password.
Am I in risk of losing more data? my understanding they would need to still bruteforce the password because its not stored in plain text in the database. Which being realistic is almost impossible and would take hundreds of years.
Should I change my password?
|
|
|
|
RodeoX
Legendary
Offline
Activity: 3066
Merit: 1147
The revolution will be monetized!
|
|
May 27, 2015, 03:59:51 PM |
|
Yes. build another brick wall. The attacker(s) have a salted copy of your password and it ain't made of brick.
|
|
|
|
Xialla
Legendary
Offline
Activity: 1036
Merit: 1001
/dev/null
|
|
May 27, 2015, 04:01:01 PM |
|
imho is just good practice to change password. even they were somehow crypted and you are using this big ass long phrase, it takes few minutes and better safe then sorry..
you are writing down manually over 100 characters every time you used it? such paranoia..
|
|
|
|
X7
Legendary
Offline
Activity: 1162
Merit: 1009
Let he who is without sin cast the first stone
|
|
May 27, 2015, 04:03:32 PM |
|
My password is like a brick wall reinforced with steel bars. I have written it down manually and type it in manually every time I use it. It's over 100 characters long. Special characters, capitals letters and numbers are all included. Its a randomly generated password.
Am I in risk of losing more data? my understanding they would need to still bruteforce the password because its not stored in plain text in the database. Which being realistic is almost impossible and would take hundreds of years.
Should I change my password?
Username checks out
|
For what shall it profit a man, if he shall gain the world, and lose his own soul?
|
|
|
Athertle
|
|
May 27, 2015, 04:19:03 PM |
|
My password is like a brick wall reinforced with steel bars. I have written it down manually and type it in manually every time I use it. It's over 100 characters long. Special characters, capitals letters and numbers are all included. Its a randomly generated password.
Am I in risk of losing more data? my understanding they would need to still bruteforce the password because its not stored in plain text in the database. Which being realistic is almost impossible and would take hundreds of years.
Should I change my password?
Yes. Especially if you use the password for other sites as well. Which being realistic is almost impossible and would take hundreds of years. Realistically speaking? It would take quadrillions on quadrillions of years for the average bruteforcer.
|
|
|
|
botany
Legendary
Offline
Activity: 1582
Merit: 1064
|
|
May 27, 2015, 04:27:53 PM |
|
It's over 100 characters long. Special characters, capitals letters and numbers are all included. Its a randomly generated password.
Why? If what you say is true, your password should be safe. Estimated time (conservative) for an attacker to break randomly-constructed bitcointalk.org passwords with current technology
s=second; m=minute; h=hour; d=day; y=year; ky=1000 years; My=1 million years
Password length a-z a-zA-Z a-zA-Z0-9 <all standard> 8 0 3s 12s 2m 9 0 2m 13m 3h 10 8s 2h 13h 13d 11 3m 5d 34d 1y 12 1h 261d 3y 260y 13 1d 37y 366y 22ky 14 43d 1938y 22ky 1My 15 1y 100ky 1My 160My ------------------------------------------------------- 1 word 0 2 words 0 3 words 0 4 words 3m 5 words 19d 6 words 405y 7 words 3My
|
|
|
|
emelac
|
|
May 27, 2015, 08:40:13 PM |
|
My password is like a brick wall reinforced with steel bars. I have written it down manually and type it in manually every time I use it. It's over 100 characters long. Special characters, capitals letters and numbers are all included. Its a randomly generated password.
...
How did you ensure it's random? If you used software then it might not be properly random. You need to use dice or a random number generator to make it properly random.
|
|
|
|
dogie
Legendary
Offline
Activity: 1666
Merit: 1185
dogiecoin.com
|
|
May 27, 2015, 10:40:49 PM |
|
Get a password generator then you'll never have to remember or type it in. And can change it as often as you like with no consequences on your end.
|
|
|
|
expert4knowledge
|
|
May 28, 2015, 06:14:00 AM |
|
Get a password generator then you'll never have to remember or type it in. And can change it as often as you like with no consequences on your end.
Can you tell more details about the password generator you are taking about?
|
|
|
|
dsattler
Legendary
Offline
Activity: 924
Merit: 1000
|
|
May 28, 2015, 06:28:58 AM |
|
Get a password generator then you'll never have to remember or type it in. And can change it as often as you like with no consequences on your end.
Can you tell more details about the password generator you are taking about? You could use the free password manager keepass2, it has a built-in password generator: http://keepass.info
|
Bitcointalk member since 2013!
|
|
|
dogie
Legendary
Offline
Activity: 1666
Merit: 1185
dogiecoin.com
|
|
May 28, 2015, 07:02:24 AM |
|
Get a password generator then you'll never have to remember or type it in. And can change it as often as you like with no consequences on your end.
Can you tell more details about the password generator you are taking about? You could use the free password manager keepass2, it has a built-in password generator: http://keepass.infoLast pass is a good one as thery never store your master pass.
|
|
|
|
sdp
|
|
May 29, 2015, 01:58:11 PM Last edit: May 29, 2015, 02:54:00 PM by sdp |
|
What if keypass goes down? I added one of my passwords to a password manager site and then later I couldn't log in. A trojan in your computer could read a passwords.txt file and then upload it to a command and control server. If you put it into the browser, it really is the same problem. Ultimately, a trojan could keylog your password in. I had a ten character password and according to grc's password haystack's page that was two weeks of super computer hacking. Now, considering everytime you add an interesting character you multiply the time it takes by the key space, one hundred should be more than enough. I copied the 63 random ASCII printable characters at the password generator at www.grc.com and put it into the password haystack's page at the same domain and got this for a massive offline super computer scenario: 1.27 hundred thousand trillion trillion trillion trillion trillion trillion trillion trillion centuries P.S.: The reason for changing frequently though is so in case your plain text password gets out, the attacker will lose control of your account as soon as you change your password.
|
Coinsbank: Left money in their costodial wallet for my signature. Then they kept the money.
|
|
|
BadBear
v2.0
Legendary
Offline
Activity: 1652
Merit: 1128
|
|
May 29, 2015, 02:07:29 PM |
|
What if keypass goes down? I added one of my passwords to a password manager site and then later I couldn't log in. A trojan in your computer could read a passwords.txt file and then upload it to a command and control server. If you put it into the browser, it really is the same problem. Ultimately, a trojan could keylog your password in. I had a ten character password and according to grc's password haystack's page that was two weeks of super computer hacking. Now, considering everytime you add an interesting character you multiply the time it takes by the key space, one hundred should be more than enough. I copied the 63 random ASCII printable characters at the password generator at www.grc.com and put it into the password haystack's page at the same domain and got this for a massive offline super computer scenario: 1.27 hundred thousand trillion trillion trillion trillion trillion trillion trillion trillion centuries You should read up on the security on some of the password managers, it's pretty impressive, but nothing is perfect. The entire database is encrypted, typing the master password supports Secure Desktop, and the autotype functionality also fools most keyloggers with Two Channel AutoType. Also supports two factor with a master file, which can be on a USB stick or wherever else.
|
|
|
|
Welsh
Staff
Legendary
Offline
Activity: 3290
Merit: 4115
|
|
May 29, 2015, 02:10:58 PM |
|
What if keypass goes down?
By default Keepass is kept locally.
|
|
|
|
dsattler
Legendary
Offline
Activity: 924
Merit: 1000
|
|
May 29, 2015, 06:04:40 PM |
|
What if keypass goes down? I added one of my passwords to a password manager site and then later I couldn't log in. A trojan in your computer could read a passwords.txt file and then upload it to a command and control server. If you put it into the browser, it really is the same problem. Ultimately, a trojan could keylog your password in. I had a ten character password and according to grc's password haystack's page that was two weeks of super computer hacking. Now, considering everytime you add an interesting character you multiply the time it takes by the key space, one hundred should be more than enough. I copied the 63 random ASCII printable characters at the password generator at www.grc.com and put it into the password haystack's page at the same domain and got this for a massive offline super computer scenario: 1.27 hundred thousand trillion trillion trillion trillion trillion trillion trillion trillion centuries You should read up on the security on some of the password managers, it's pretty impressive, but nothing is perfect. The entire database is encrypted, typing the master password supports Secure Desktop, and the autotype functionality also fools most keyloggers with Two Channel AutoType. Also supports two factor with a master file, which can be on a USB stick or wherever else. This. And: don't forget that keepass is open source. You can fetch the source files, inspect the code and build your own keepass.exe!
|
Bitcointalk member since 2013!
|
|
|
DiamondCardz
Legendary
Offline
Activity: 1134
Merit: 1118
|
|
May 29, 2015, 09:23:40 PM |
|
You'll need to make sure to be careful of cheeky gecko squad members trying to DDoS your password, really you should be preparing your password security about 36-48 months before conception if you want any real chance of being able to have a secure password. Based on that, I think you have to change your password unfortunately.
In all seriousness in case someone tries to mug me for having a joke, no.
|
BA Computer Science, University of Oxford Dissertation was about threat modelling on distributed ledgers.
|
|
|
teddy5145
|
|
May 29, 2015, 10:00:18 PM |
|
Get a password generator then you'll never have to remember or type it in. And can change it as often as you like with no consequences on your end.
Can you tell more details about the password generator you are taking about? You could use the free password manager keepass2, it has a built-in password generator: http://keepass.infowhoa thanks dude, never know this software exist before finally i don't need to remember all of my password now
|
|
|
|
DropsOfJupiter
|
|
May 29, 2015, 11:08:29 PM |
|
OP, sorry for hijacking your thread, but I need some opinions.
I store my passwords in a text file (over three hundred passwords) in a non-OS drive on my PC. I usually just copy paste when logging at any site, so I don't think I should worry about keyloggers, right? My password is a random 8-15 characters alphanumeric+symbol combo, so that's pretty secure, right? Trojans typical only focuses on OS drives, right?
|
The most amazing graphic designer in the universe
|
|
|
Welsh
Staff
Legendary
Offline
Activity: 3290
Merit: 4115
|
|
May 30, 2015, 12:39:04 AM |
|
OP, sorry for hijacking your thread, but I need some opinions.
I store my passwords in a text file (over three hundred passwords) in a non-OS drive on my PC. I usually just copy paste when logging at any site, so I don't think I should worry about keyloggers, right? My password is a random 8-15 characters alphanumeric+symbol combo, so that's pretty secure, right? Trojans typical only focuses on OS drives, right?
Some keyloggers can read the information in your clipboard. If you want to reduce the effectiveness of some of these keyloggers, you should probably opt in for using a password manager. Keepass has a Two Channel AutoType feature, which can avoid some problems with keyloggers, however not all. It's a much better approach than your current method.
|
|
|
|
DropsOfJupiter
|
|
May 30, 2015, 02:57:35 AM |
|
OP, sorry for hijacking your thread, but I need some opinions.
I store my passwords in a text file (over three hundred passwords) in a non-OS drive on my PC. I usually just copy paste when logging at any site, so I don't think I should worry about keyloggers, right? My password is a random 8-15 characters alphanumeric+symbol combo, so that's pretty secure, right? Trojans typical only focuses on OS drives, right?
Some keyloggers can read the information in your clipboard. If you want to reduce the effectiveness of some of these keyloggers, you should probably opt in for using a password manager. Keepass has a Two Channel AutoType feature, which can avoid some problems with keyloggers, however not all. It's a much better approach than your current method. Thank you Welsh. One follow up question. How easy is it to compromise Keepass? Are there, and would there be, trojans capable of extracting data from Keepass, and does it communicate/send saved passwords to a server somewhere? Sometimes I wish retinal scanning tech or something along that lines becomes widely adopted and we can completely dispense with passwords.
|
The most amazing graphic designer in the universe
|
|
|
|