TrainDeluxe (OP)
Newbie
 Offline
Activity: 56
Merit: 0
|
 |
June 21, 2011, 04:31:01 PM |
|
|
|
|
|
|
|
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
frozen
|
 |
June 21, 2011, 04:50:54 PM |
|
It seems MtGox has really stepped up their password security requirements to the point that I am not able to claim my account now because I've yet to enter a password that passes the security check. I used a randomly generated password consisting of symbols, letters (uppercase and lowercase) and numbers, more than 10 characters in length, and I got this error:
The new password is not secure enough. Security tips include using special characters, make the password longer, etc...
|
|
|
|
|
imperi
|
|
June 21, 2011, 04:51:43 PM |
|
It seems MtGox has really stepped up their password security requirements to the point that I am not able to claim my account now because I've yet to enter a password that passes the security check. I used a randomly generated password consisting of symbols, letters (uppercase and lowercase) and numbers, more than 10 characters in length, and I got this error:
The new password is not secure enough. Security tips include using special characters, make the password longer, etc...
My new password did not need special characters. It was long, however. |
|
|
|
|
|
BitcoinPorn
|
|
June 21, 2011, 04:52:24 PM |
|
The new password is not secure enough. Security tips include using special characters, make the password longer, etc...
I don't know what more I can do. If I have to write my password down to remember it, it is no good. I swear I typed a phrase and it wasn't good enough. |
|
|
|
carbonc
Member
Offline
Activity: 126
Merit: 60
|
|
June 21, 2011, 04:53:09 PM |
|
I just used a bunch of random numbers Uppers Lowers and symbols.
Take that me!
I'll love typing that crap out.
|
|
|
|
|
|
imperi
|
|
June 21, 2011, 04:53:23 PM |
|
The new password is not secure enough. Security tips include using special characters, make the password longer, etc...
I don't know what more I can do. If I have to write my password down to remember it, it is no good. I swear I typed a phrase and it wasn't good enough. Just put xxxxxxxxxxx at the end of it? |
|
|
|
|
|
frozen
|
|
June 21, 2011, 04:57:19 PM |
|
Maybe I'll just double up on the password, enter the same damn thing twice.
Would be nice if they posted the new password requirements so we wouldn't have to guess.
|
|
|
|
RodeoX
Legendary
Offline
Activity: 3066
Merit: 1145
The revolution will be monetized!
|
|
June 21, 2011, 05:05:10 PM |
|
Remember it is not just length and complexity. If you use real words that is not strong enough. There are about 80k English words in common usage. It would take only seconds for a dictionary attack to check if your PW is one of those words.
I hate long, hard to remember passwords also, but the days of anything less are gone. In the past year or two simple PWs became obsolete. You may have not noticed because no one really wants to break into your facebook account. Now that BTC users have accounts with money in them, the serious criminals are here to show you just how open you are.
Below is an example of a hard to brute force pw. Not very user friendly is it?
Kt#*8t487C9cV;F7C*^8c(*vexlk7dsYry%$C6E5
|
|
|
|
|
Mark Oates
|
|
June 21, 2011, 05:09:35 PM |
|
to generate a solid password, create an .html file and copy/paste this code into it. This will locally create a random string of 12-17 characters. Confusing similar letters were removed (eg L 1, I, l, |, 0, o, O, `, ') you can add them if you wish. <script language="javascript" type="text/javascript">
var chars = "~!@#$%^&*()23456789-=+-[]<>?,./;:'{}23456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
var string_length = Math.floor(Math.random()*6)+12;
function randomString() {
var randomstring = '';
for (var i=0; i<string_length; i++) {
var rnum = Math.floor(Math.random() * chars.length);
randomstring += chars.substring(rnum,rnum+1);
}
document.randform.randomfield.value = randomstring;
}
</script>
<form name="randform">
<input type="button" value="Create Random String" onClick="randomString();">
<input type="text" name="randomfield" value="">
</form> I recommend that you: 1) write down the password 2) take photo of the password 3) don't store the password on your computer |
|
|
|
|
|
frozen
|
|
June 21, 2011, 05:11:45 PM |
|
I had to use 16 characters to get an acceptable password on mtgox. My bank doesn't even require that level of security.
|
|
|
|
carbonc
Member
Offline
Activity: 126
Merit: 60
|
|
June 21, 2011, 05:12:56 PM |
|
Kt#*8t487C9cV;F7C*^8c(*vexlk7dsYry%$C6E5
How the H$(( did you guess my password  now I have to change it again |
|
|
|
|
|
tymothy
|
|
June 21, 2011, 05:13:24 PM |
|
The new password is not secure enough. Security tips include using special characters, make the password longer, etc...
I don't know what more I can do. If I have to write my password down to remember it, it is no good. I swear I typed a phrase and it wasn't good enough. Take a phrase and l33t speak it, and add some numbers that you can remember. myB1RTHDAY15t0day! or whatever. |
|
|
|
|
TonyHoyle
Newbie
Offline
Activity: 59
Merit: 0
|
|
June 21, 2011, 05:15:44 PM |
|
Well.. since it rejected a password like XC357g1w0sZeV2f1 (example), I'd expect anything resembling an actual word you'd have no chance.
Of course the danger now is everyone sticks their mtgox password on a file on their PC because they can't remember it...
|
|
|
|
|
proudhon
Legendary
Offline
Activity: 2198
Merit: 1311
|
|
June 21, 2011, 05:18:21 PM |
|
Anyone have any thoughts on Steve Gibson's recent stuff on length vs entropy? Per his Haystack page: Which of the following two passwords is stronger,
more secure, and more difficult to crack?
D0g.....................
PrXyc.N(n4k77#L!eVdAfp9
You probably know this is a trick question, but the answer is: Despite the fact that the first password is HUGELY easier to use and more memorable, it is also the stronger of the two! In fact, since it is one character longer and contains uppercase, lowercase, a number and special characters, that first password would take an attacker approximately 95 times longer to find by searching than the second impossible-to-remember-or-type password! |
Bitcoin Fact: the price of bitcoin will not be greater than $70k for more than 25 consecutive days at any point in the rest of recorded human history.
|
|
|
|
GeniuSxBoY
|
|
June 21, 2011, 05:18:39 PM |
|
I claimed.
Just waiting on hackers to release all my proof data to the world now.
|
Be humble!
|
|
|
|
Mark Oates
|
|
June 21, 2011, 05:19:48 PM |
|
To get an idea of how "easy" it is to crack a simple password, you can go to this site: http://howsecureismypassword.net/(you obviously don't have to type in your exact password, just something like it  ) |
|
|
|
|
TonyHoyle
Newbie
Offline
Activity: 59
Merit: 0
|
|
June 21, 2011, 05:22:57 PM |
|
"It would take about 6 trillion years for a desktop PC to crack your password" (One that mtgox rejected as too simple) "It would take about 288 duodecillion years for a desktop PC to crack your password" (One that was accepted) Clearly MagicalTux thinks bitcoin has a long future!  |
|
|
|
|
|
Findeton
|
|
June 21, 2011, 05:23:32 PM |
|
Use imagination. Something like /Jdy4%*L$) will suffice.
|
|
|
|
TraderTimm
Legendary
Offline
Activity: 2408
Merit: 1121
|
|
June 21, 2011, 05:27:42 PM |
|
Perhaps this may help: http://www.random.org/passwords/Password generator, select length and how many you need generated, done. (I'd insert some special characters as well.) |
fortitudinem multis - catenum regit omnia
|
|
|
hlksis
Jr. Member
Offline
Activity: 55
Merit: 3
|
|
June 21, 2011, 05:31:36 PM |
|
About 717 quattuorvigintillion years.  I love password managers. Every account with a new random 50 char password.  |
|
|
|
|
|
Poll
