The importance of password protection

[MJ DeMarco]

Very interesting article about hacking passwords ...

Enjoy!

How I’d Hack Your Weak Passwords - Passwords - Lifehacker

 

Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

[NoMoneyDown]

Back in the early days of Yahoo!, I had an account that one day became inaccessible ... I even tried answering security questions I had set for the account, but no luck ... Interestingly, this occurred shortly after I had a debate with another person on one of the message boards there ... Luckily, I didn't have much (if any) info about me, personally, and the password I used would have been easy to hack with brute force ... It definetly made be realized the importance of using a strong password.

 

[faq88]

Some advice on strong Passwords.

AKO for the Army requires the use of a minimum of two capital letters, two numbers, and two special characters and must be at least 8 characters long. They also require that you change it every 6 months. To add to this protection they just recently made it that you either have to log in with an ID card (CAC card) which could be an option for some people or after logging in they will give you 3 random questions that you answered from a question bank of 15. Security is high on that website now a days. Another example is MyPay doesn't even allow you to type on your keyboard. You enter you pin by clicking on the numbers with your mouse.

 

[Lusches]

Bruteforce-attacks don't make sense at all.
1. Its very slow. You need too much time to Crack a password without a dictionary. There is a algorithm called DES-Algorithm that was very popular in the past. Just google it :smxF: The texts had a length of 56 bit and it took them very long to crack the password. In the DES Challenge III a system of 100 000 computers cracked it in about 22 hours (222 BILLION KEYS PER SECOND). The normal Md5 -hashes have a length of 128 bit and you have to have much luck to crack the password :groove:

2. Every website will automatically ban you if you try to start a bruteforce-attack.
3. If you get the md5-hases over SQL-injections or XSS(cross site scripting) you don't need to crack it anymore. You can modify your browsers header-information to fake the login.

What do we lern out of it ? Get a password that cant be found in dictionarys/other lists and you will be save. :smxF:

 

Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

[DeletedUser394]

hahahaha, I feel like a total moron after reading that article xD

Time to switch up my passwords

 

[bflbob]

I'm a big fan of Robo-Form. It has a great password generator, and it pops up automatically on most sites.

 

[hatterasguy]

My solution is simple, I don't do any banking online.

 

Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.