Q&A Passwords: "This is fun" is 10 times more secure than "J4fS!2"

Discussion in 'General Security Discussions' started by jackuars, Dec 29, 2017.

?

What kind of passwords do you use?

  1. "This is fun"

    11 vote(s)
    31.4%
  2. "J4fS!2"

    24 vote(s)
    68.6%
  1. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,288
    13,654
    Utopia
    Man, you don't take any chances, do you...
     
    TerrakionSmash likes this.
  2. Slyguy

    Slyguy Level 22

    Jan 27, 2017
    1,116
    4,457
    Fortinet Engineer
    USA
    Other OS
    None whatsoever bro.

    Here's an Xfinity Pineapple attack on my network two days ago for example. I planned for such events and my Rogue AP Detection/Suppression unit was ready and suppressed the attack with ARP Poisoning within 300 seconds of it initiating. I wasn't even home at the time, but if I didn't have specific technologies deployed we'd of been PWNED.

    [​IMG]
     
    jackuars, Opcode and shmu26 like this.
  3. Opcode

    Opcode Level 18
    Content Creator

    Aug 17, 2017
    894
    6,340
    Caille
    Windows 10
    I agree with @Lockdown because what he said is the most logical, good attackers do know that trying to brute-force thousands or even hundreds of passwords just isn't realistic. It'll require huge resource power and it won't work out well even then with a reality time space.

    My advice would be to just not re-use the same passwords over, and don't aimlessly sign up to services you don't need to sign up on. That way if a service you would have signed up for gets hacked, now you don't have stolen credentials for it which are also valid for your e-mail account.
     
  4. Slyguy

    Slyguy Level 22

    Jan 27, 2017
    1,116
    4,457
    Fortinet Engineer
    USA
    Other OS
    This.. I do this.

    Use a fake name generator; (even use the password they generate if you wish)
    Get a whole new identity at the Fake Name Generator

    Then use My10MinuteEmail to create a one-time-use email for lame signups.
    My 10 minute mail · Disposable email address

    You can go full disposable, one time use on these fake accounts. Or save the information somewhere if you need it more than once or to re-login again. Any spam will go to a dead email account after X number of minutes so no worries there, or any worries about a compromise. I have 20-30 fake identities on crap sites.
     
    shmu26, TerrakionSmash and Opcode like this.
  5. Opcode

    Opcode Level 18
    Content Creator

    Aug 17, 2017
    894
    6,340
    Caille
    Windows 10
    @Slyguy Great minds think alike ;)

    I do the same as you... :D
     
    shmu26 and Slyguy like this.
  6. monkeylove

    monkeylove Level 2

    Mar 9, 2014
    59
    107
    Opcode likes this.
  7. Opcode

    Opcode Level 18
    Content Creator

    Aug 17, 2017
    894
    6,340
    Caille
    Windows 10
    Claims it would take "23.49 thousand trillion trillion trillion trillion trillion trillion trillion centuries" or "2.35 hundred million trillion trillion trillion trillion trillion trillion centuries" to crack a test password I just wrote in it. It was shell-code... LOL.
     
    Danielx64 and Slyguy like this.
  8. Quassar

    Quassar Level 7

    Feb 10, 2012
    326
    727
    Poland, Bielsko - Biała
    #28 Quassar, Dec 31, 2017
    Last edited: Dec 31, 2017
    I have 20 Chatacters with all special symbols and ANSI code :D (in some web not work spacebar and ANSI)

    While login i use 2 Two channel auto-type(keepass which type passowrd in shake method) which are also encryptedwith SpyShelter
    And in my mail i use yet 2FA(Authy) :)
     
Loading...
Similar Threads Forum Date
Hacking Alert L0phtCrack 7 audits passwords up to 500 times faster News Archive Aug 31, 2016
Thousands of Serial-To-Ethernet Devices Leak Telnet Passwords Security News Dec 1, 2017
Anyone Can Change macOS High Sierra Passwords Security News Nov 28, 2017