Bitcoin Forum
May 27, 2015, 07:42:14 AM *
News: Change your password!
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: New MtGox password  (Read 1405 times)
michaelmclees
Hero Member
*****
Offline Offline

Activity: 618


View Profile

Ignore
June 21, 2011, 05:03:11 PM
 #1

So, umm, what exactly are the requirements of our new passwords?

For example, something like "mic396pip$!" is apparently not strong enough for Mt Gox.  What's the deal?
1432712534
Hero Member
*
Offline Offline

Posts: 1432712534

View Profile Personal Message (Offline)

Ignore
1432712534
Reply with quote  #2

1432712534
Report to moderator
1432712534
Hero Member
*
Offline Offline

Posts: 1432712534

View Profile Personal Message (Offline)

Ignore
1432712534
Reply with quote  #2

1432712534
Report to moderator
ANTMINER S5 Cloud Mining Contracts on Hashnest
100% Verifiably Backed by Real Bitmain Hardware

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1432712534
Hero Member
*
Offline Offline

Posts: 1432712534

View Profile Personal Message (Offline)

Ignore
1432712534
Reply with quote  #2

1432712534
Report to moderator
1432712534
Hero Member
*
Offline Offline

Posts: 1432712534

View Profile Personal Message (Offline)

Ignore
1432712534
Reply with quote  #2

1432712534
Report to moderator
1432712534
Hero Member
*
Offline Offline

Posts: 1432712534

View Profile Personal Message (Offline)

Ignore
1432712534
Reply with quote  #2

1432712534
Report to moderator
1432712534
Hero Member
*
Offline Offline

Posts: 1432712534

View Profile Personal Message (Offline)

Ignore
1432712534
Reply with quote  #2

1432712534
Report to moderator
anatolikostis
Legendary
*
Offline Offline

Activity: 1288



View Profile

Ignore
June 21, 2011, 05:13:55 PM
 #2

So, umm, what exactly are the requirements of our new passwords?

For example, something like "mic396pip$!" is apparently not strong enough for Mt Gox.  What's the deal?
use passgenerator soft...20-digit pass will fit to...
something like a ........GMqojrOcjjCFeqhCNwzM......
dodgrr
Jr. Member
*
Offline Offline

Activity: 56



View Profile

Ignore
June 21, 2011, 05:45:39 PM
 #3

This is insane, there has to be a better way to security  Huh

michaelmclees
Hero Member
*****
Offline Offline

Activity: 618


View Profile

Ignore
June 21, 2011, 06:03:16 PM
 #4

This is insane, there has to be a better way to security  Huh

I agree.  I used lastpass to generate a 20 character password which it accepted.  But I remember trading stocks on Zecco with a password weaker than what I originally had on MtGox.  Oh well.
Randall Flagg
Jr. Member
*
Offline Offline

Activity: 41


View Profile

Ignore
June 21, 2011, 07:42:05 PM
 #5

Well, use something like keepass. Will help you get through the day, just avoid keyloggers.
So true ! LOL
hawks5999
Full Member
***
Offline Offline

Activity: 168



View Profile WWW

Ignore
June 21, 2011, 08:25:12 PM
 #6

14 chars accepted with upper/lower/number/symbol

■ ▄▄▄
■ ███
■ ■  ■               
LEDGER  WALLET    ████
■■■ ORDER NOW! ■■■
              LEDGER WALLET
Smartcard security for your BTCitcoins
■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■
Decentralized. Open. Secure.
Oldminer
Legendary
*
Offline Offline

Activity: 882



View Profile

Ignore
June 21, 2011, 08:30:20 PM
 #7

This is insane, there has to be a better way to security  Huh

RSA token IMO

Carboncoin Talk - Crypto currency for a 'greener' future!
If you like my post please feel free to give me some positive rep
https://bitcointalk.org/index.php?action=trust;u=18639
Tip me BTC: 1FBmoYijXVizfYk25CpiN8Eds9J6YiRDaX
myrkul
Hero Member
*****
Offline Offline

Activity: 532


FIAT LIBERTAS RVAT CAELVM


View Profile WWW

Ignore
June 21, 2011, 08:36:25 PM
 #8

Two options:

1: Lastpass/Keepass/password manager du jour

Pros: Random, nigh impossible to crack.
Cons: Twice as impossible to remember, Database may be vulnerable if you use a weak password.

2: GRC's Password Haystack Method.

Pros: Easy to remember, hard to crack
Cons: Difficulty to crack is based on how good your haystacking method is.

Examples:
Generated from my Lastpass: R7b!ij2zi^74QVS
Made up for a previous thread: !....1gOd1....!

Test them, if you'd like.

BTC1MYRkuLv4XPBa6bGnYAronz55grPAGcxja
Need Dispute resolution? Public Key ID: 0x11D341CF
No person has the right to initiate force, threat of force, or fraud against another person or their property. VIM VI REPELLERE LICET
hawks5999
Full Member
***
Offline Offline

Activity: 168



View Profile WWW

Ignore
June 21, 2011, 08:37:25 PM
 #9

This is insane, there has to be a better way to security  Huh

RSA token IMO

Or Not:

In a letter to customers Monday, the EMC Corp. unit openly acknowledged for the first time that intruders had breached its security systems at defense contractor Lockheed Martin Corp. using data stolen from RSA.

Read more: http://online.wsj.com/article/SB10001424052702304906004576369990616694366.html#ixzz1PweLseTU


■ ▄▄▄
■ ███
■ ■  ■               
LEDGER  WALLET    ████
■■■ ORDER NOW! ■■■
              LEDGER WALLET
Smartcard security for your BTCitcoins
■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■
Decentralized. Open. Secure.
ttyler333
Member
**
Offline Offline

Activity: 76


View Profile WWW

Ignore
June 21, 2011, 08:47:42 PM
 #10

A better way to secure would be the do aes_254 encryption.. i beleive thats what the banks are using. As well has a sha1 or md5 hash that has been salted. Very easy to do.

Also maybe throw in some geolocation into the login process. So you have to be atleast from the same country or even same state/region.

All security should be on mtgox's end, not your guy's. A simple password of "hi" should be secure. Look at the recent hacks against sony. They didnt secure anything so 1 million people had account info stolen and then if you had that list you could get on their email, find paypal or other payment sites... All because one site did not encrypt or hash anything. Security resides within. Also do not reuse passwords. Plain and simple!. Reuse them if you want but don't over use them. Keep a different password for your email account.
Simple PHP MD5 Salting.
Code:
$salt= 'SOME UNIQUE STRING MAYBE WITH NUMBERS';
$password = md5($salt.$password);

sharecoin:SWgYjAecZT38Y9pYEPbLmyjRvf8Uht7q9U
myrkul
Hero Member
*****
Offline Offline

Activity: 532


FIAT LIBERTAS RVAT CAELVM


View Profile WWW

Ignore
June 21, 2011, 08:54:07 PM
 #11

A simple password of "hi" should be secure.


Uh... No. That would get cracked in milliseconds. No matter what the security on the server side was.

BTC1MYRkuLv4XPBa6bGnYAronz55grPAGcxja
Need Dispute resolution? Public Key ID: 0x11D341CF
No person has the right to initiate force, threat of force, or fraud against another person or their property. VIM VI REPELLERE LICET
ttyler333
Member
**
Offline Offline

Activity: 76


View Profile WWW

Ignore
June 21, 2011, 11:10:30 PM
 #12

A simple password of "hi" should be secure.


Uh... No. That would get cracked in milliseconds. No matter what the security on the server side was.

I do not think you understand... But anywho, lets keep you in the dark Tongue

sharecoin:SWgYjAecZT38Y9pYEPbLmyjRvf8Uht7q9U
myrkul
Hero Member
*****
Offline Offline

Activity: 532


FIAT LIBERTAS RVAT CAELVM


View Profile WWW

Ignore
June 21, 2011, 11:19:35 PM
 #13

A simple password of "hi" should be secure.


Uh... No. That would get cracked in milliseconds. No matter what the security on the server side was.

I do not think you understand... But anywho, lets keep you in the dark Tongue

A weak password is a weak password. IP geolocation will not save you from the hacker next door.

BTC1MYRkuLv4XPBa6bGnYAronz55grPAGcxja
Need Dispute resolution? Public Key ID: 0x11D341CF
No person has the right to initiate force, threat of force, or fraud against another person or their property. VIM VI REPELLERE LICET
qed
Full Member
***
Offline Offline

Activity: 196


View Profile

Ignore
June 21, 2011, 11:22:29 PM
 #14

32 random characters is my new standard.

Nice, where did you write it? Into a txt file on your desktop?

Mobile App (Android)

Monitor miners, exchange rates and Bitcoin network stats.
perfectchoice4u
Newbie
*
Offline Offline

Activity: 14


View Profile

Ignore
June 22, 2011, 05:57:59 AM
 #15

I understand everyone wants to be super secure and all that good jazz.

But why don't i need a 20 character password for paypal or my banks or whatever,
filled with all kinds of crap garbage and symbols and all other kinds of stuff?

"Spotruns22" = good enough (and no thats not my password)

My point is, this shit has nothing to do with your password.
Your password could be 1000 characters long and contain upside down letters in it too.
It all means jack if the mtgox site isn't secure. Bottom line.

The problem here wasn't that your password wasn't good enough guys. Its that they were taken.
ttyler333
Member
**
Offline Offline

Activity: 76


View Profile WWW

Ignore
July 07, 2011, 01:11:46 AM
 #16

A simple password of "hi" should be secure.


Uh... No. That would get cracked in milliseconds. No matter what the security on the server side was.

I do not think you understand... But anywho, lets keep you in the dark Tongue

A weak password is a weak password. IP geolocation will not save you from the hacker next door.
Yeah you do have a point but i was talkin about a database being taken too and the person having the hashes/encryption. Anyways if they just brute force it, then yeah... don't matter the password is SOL unless they implement some features to lock an account after 5 attempts in 15 mins or something and say 10 in 30 would be an ip ban. Of course ip bans are almost pointless.Throw in cookie checker or some vbscript and save a file to their pc. Problem solved if they don't know you saved that file. Anyways security really isnt that good for online activity once they have that database.

sharecoin:SWgYjAecZT38Y9pYEPbLmyjRvf8Uht7q9U
myrkul
Hero Member
*****
Offline Offline

Activity: 532


FIAT LIBERTAS RVAT CAELVM


View Profile WWW

Ignore
July 07, 2011, 01:22:34 AM
 #17

Anyways security really isnt that good for online activity once they have that database.

My Password was in that database. It was not cracked.

BTC1MYRkuLv4XPBa6bGnYAronz55grPAGcxja
Need Dispute resolution? Public Key ID: 0x11D341CF
No person has the right to initiate force, threat of force, or fraud against another person or their property. VIM VI REPELLERE LICET
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!