Password security

The title says it all

Password security

Postby DrFunkenstein » Sat Dec 28, 2013 4:47 pm

Thanks for fixing this part of the forums, singing_fish :) . I created it but it didn't show up, I didn't understand why and I was in a hurry as well and forgot about it...

OK, I came across an interesting article about password security on arstechnica. They invited 3 experienced hackers to hack a list of 16000 passwords and the best hacker managed to get 90% of the passwords in 20 hours, even though the list was encrypted with the MD5 hash function (which is more or less the standard on websites but apparently not very suited for the task.)

You can read the article here.

I don't know about the rest of you, but I developed a couple of "password habits" over the years and that's probably the most stupid thing you can do according to the article, even though most of my passwords contain numbers, capital letters and signs. The biggest problem is that you have to memorize passwords so people tend to use passwords like "heLlo4%56" and not passwords like "PHIttBR"0+lyu~X1U~8mhvCDEk$#KnviNHuHBS,2P/#.jRE8m". Which are a lot more difficult to crack but also impossible to remember.

Although they're not ideal, at least not for me since I need to be able to access my email accounts on different PC's, I decided to start using a password manager on my home PC. You can read about how they work and why they are a lot more secure in this article on the same site.

I decided to go with Keepass since it's open source and it has an extension that works with Firefox, which is what I use for browsing.

I wouldn't describe myself as paranoid by any stretch of the imagination, but reading these articles made me scratch my head. I don't think it's a good idea to rely on a website to provide the necessary security and hope for the best. You have to make sure your passwords are truly random and as strong as the site allows and a password manager helps with that. My password for these forums has a length of 100 characters and it contains all the possible characters the site allows.

Dr. Funkenstein
How easy it must be not to think of nipple clamps!
User avatar
DrFunkenstein
 
Posts: 402
Joined: Tue Nov 19, 2013 6:02 pm
Location: Somewhere over the Rainbow!

Re: Password security

Postby singing_fish » Sun Dec 29, 2013 2:00 pm

KeePass is a nice Programm. Works well in Linux, too.
I use it for a long time and never had problems with it :)

cheers,
rené
User avatar
singing_fish
Site Admin
 
Posts: 305
Joined: Fri Nov 15, 2013 7:07 pm
Location: RepublicasBananasAléman

Re: Password security

Postby DrFunkenstein » Fri Jun 26, 2015 6:13 pm

Microsoft has a funny attitude towards security

I registered there because I needed a key for Visual Studio 2012 Express. I usually register with a password I can remember and then change the password to something I absolutely cannot remember with the help of Keepass. This is what I see if I try to enter a 20 signs long password, generated by Keepass::

Image

Here's the password I tried to enter btw:

+&4:#uBcCNkvlt0:0^By

(Good luck trying to crack that.)

What baffles me is that they start out by saying "A strong password helps prevent unauthorized access to you email account" but put a limit on the strength of my password by putting a cap on the length.

Dr. Funkenstein
How easy it must be not to think of nipple clamps!
User avatar
DrFunkenstein
 
Posts: 402
Joined: Tue Nov 19, 2013 6:02 pm
Location: Somewhere over the Rainbow!

Re: Password security

Postby Simulacron » Sat Jun 27, 2015 10:09 am

short and simple, but that says it all.

http://xkcd.com/936/
perl -e 'print "Good ",qw(night morning afternoon evening)[(localtime)[2]/6]," fellow gamer."'
User avatar
Simulacron
 
Posts: 26
Joined: Thu Dec 12, 2013 7:16 pm
Location: Frankfurt, Germany

Re: Password security

Postby camperstriker » Sat Jun 27, 2015 9:57 pm

i just lost all hope (quite some time ago)

when you have things like this:
https://www.qualys.com/research/securit ... 5-0235.txt
going around for so long, and so spread out, what kind of security can you expect ?

and things are about to go much worse. just think about "internet of things". and also about ipv6 (without NAT as 1st line of defense)
camperstriker
 
Posts: 149
Joined: Wed May 28, 2014 8:45 pm


Return to Off Topic

cron