Q&A Passwords: "This is fun" is 10 times more secure than "J4fS!2"

  • This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

What kind of passwords do you use?

  • "This is fun"

    Votes: 11 31.4%
  • "J4fS!2"

    Votes: 24 68.6%

  • Total voters
    35

shmu26

Level 57
Jul 3, 2015
4,670
14,862
Operating System
Windows 10
Installed Antivirus
Default-Deny
#21
Password reuse or 'similar' password reuse is one of the most common methods people get hit.

I set a time to change my passwords and stick to the schedule. So for me as an example, I change all of my passwords between Dec.30 and Jan.2. Easy to remember, start fresh for the new year. I login to a legacy laptop running Debian that has been air gapped for the entire year, connect it to the internet, change my passwords, disconnect the machine when I am finished then wipe it and reinstall the latest Debian version. It's a ritual I've done for several years and don't plan to stop.
Man, you don't take any chances, do you...
 

Slyguy

Level 28
Jan 27, 2017
1,754
7,047
Operating System
Other OS
#22
Man, you don't take any chances, do you...
None whatsoever bro.

Here's an Xfinity Pineapple attack on my network two days ago for example. I planned for such events and my Rogue AP Detection/Suppression unit was ready and suppressed the attack with ARP Poisoning within 300 seconds of it initiating. I wasn't even home at the time, but if I didn't have specific technologies deployed we'd of been PWNED.

 

Opcode

Level 26
Content Creator
Aug 17, 2017
1,511
9,524
Installed Antivirus
Qihoo 360
#23
I agree with @Lockdown because what he said is the most logical, good attackers do know that trying to brute-force thousands or even hundreds of passwords just isn't realistic. It'll require huge resource power and it won't work out well even then with a reality time space.

My advice would be to just not re-use the same passwords over, and don't aimlessly sign up to services you don't need to sign up on. That way if a service you would have signed up for gets hacked, now you don't have stolen credentials for it which are also valid for your e-mail account.
 

Slyguy

Level 28
Jan 27, 2017
1,754
7,047
Operating System
Other OS
#24
I agree with @Lockdown and don't aimlessly sign up to services you don't need to sign up on.
This.. I do this.

Use a fake name generator; (even use the password they generate if you wish)
Get a whole new identity at the Fake Name Generator

Then use My10MinuteEmail to create a one-time-use email for lame signups.
My 10 minute mail · Disposable email address

You can go full disposable, one time use on these fake accounts. Or save the information somewhere if you need it more than once or to re-login again. Any spam will go to a dead email account after X number of minutes so no worries there, or any worries about a compromise. I have 20-30 fake identities on crap sites.
 
Feb 10, 2012
373
891
#28
I have 20 Chatacters with all special symbols and ANSI code :D (in some web not work spacebar and ANSI)

While login i use 2 Two channel auto-type(keepass which type passowrd in shake method) which are also encryptedwith SpyShelter
And in my mail i use yet 2FA(Authy) :)
 

Attachments

Last edited: