Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
How long should a password be?
Message
<blockquote data-quote="jetman" data-source="post: 897241" data-attributes="member: 63028"><p>My (limited) understanding is that hackers can access websites using one of 4 main techniques...</p><p></p><p>1. Social engineering methods (no hacking required).</p><p></p><p>2. Trying out previously compromised login credentials (which can be purchased on the dark web) on multiple websites in the hope that some will work. This is why unique passwords for each site are important.</p><p></p><p>3. Using brute force techniques to try to guess passwords (which is why length and complexity are important). This is also why its good to avoid dictictionary words or common phrases.</p><p></p><p>4. Directly hacking websites to find databases containing the login credentials of each user. This is out of the control of the user as you just have to trust the security policies of the website holding your password. Whether a stolen password database is of any use to the hacker depends on how it is stored. Plain text would be very easy to exploit, whereas 'salted' hash values would be very difficult to exploit. However, if the database contains unsalted hash values (as many apparently do) then it is open to attack using Rainbow Tables. In that case, it doesn't matter how long or complex a password is- every account is potentially at risk of being breached- even if a password is a 128 character long string of random chacaracters.</p><p></p><p>Please can someone tell me if I am correct about this ?</p><p></p><p>Have I got anything wrong ?</p></blockquote><p></p>
[QUOTE="jetman, post: 897241, member: 63028"] My (limited) understanding is that hackers can access websites using one of 4 main techniques... 1. Social engineering methods (no hacking required). 2. Trying out previously compromised login credentials (which can be purchased on the dark web) on multiple websites in the hope that some will work. This is why unique passwords for each site are important. 3. Using brute force techniques to try to guess passwords (which is why length and complexity are important). This is also why its good to avoid dictictionary words or common phrases. 4. Directly hacking websites to find databases containing the login credentials of each user. This is out of the control of the user as you just have to trust the security policies of the website holding your password. Whether a stolen password database is of any use to the hacker depends on how it is stored. Plain text would be very easy to exploit, whereas 'salted' hash values would be very difficult to exploit. However, if the database contains unsalted hash values (as many apparently do) then it is open to attack using Rainbow Tables. In that case, it doesn't matter how long or complex a password is- every account is potentially at risk of being breached- even if a password is a 128 character long string of random chacaracters. Please can someone tell me if I am correct about this ? Have I got anything wrong ? [/QUOTE]
Insert quotes…
Verification
Post reply
Top