Passwords: "This is fun" is 10 times more secure than "J4fS!2"

What kind of passwords do you use?

  • "This is fun"

    Votes: 12 33.3%
  • "J4fS!2"

    Votes: 24 66.7%

  • Total voters
    36

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Password reuse or 'similar' password reuse is one of the most common methods people get hit.

I set a time to change my passwords and stick to the schedule. So for me as an example, I change all of my passwords between Dec.30 and Jan.2. Easy to remember, start fresh for the new year. I login to a legacy laptop running Debian that has been air gapped for the entire year, connect it to the internet, change my passwords, disconnect the machine when I am finished then wipe it and reinstall the latest Debian version. It's a ritual I've done for several years and don't plan to stop.
Man, you don't take any chances, do you...
 
  • Like
Reactions: Handsome Recluse
F

ForgottenSeer 58943

Man, you don't take any chances, do you...

None whatsoever bro.

Here's an Xfinity Pineapple attack on my network two days ago for example. I planned for such events and my Rogue AP Detection/Suppression unit was ready and suppressed the attack with ARP Poisoning within 300 seconds of it initiating. I wasn't even home at the time, but if I didn't have specific technologies deployed we'd of been PWNED.

rogueap.png
 
D

Deleted member 65228

I agree with @Lockdown because what he said is the most logical, good attackers do know that trying to brute-force thousands or even hundreds of passwords just isn't realistic. It'll require huge resource power and it won't work out well even then with a reality time space.

My advice would be to just not re-use the same passwords over, and don't aimlessly sign up to services you don't need to sign up on. That way if a service you would have signed up for gets hacked, now you don't have stolen credentials for it which are also valid for your e-mail account.
 
F

ForgottenSeer 58943

I agree with @Lockdown and don't aimlessly sign up to services you don't need to sign up on.

This.. I do this.

Use a fake name generator; (even use the password they generate if you wish)
Get a whole new identity at the Fake Name Generator

Then use My10MinuteEmail to create a one-time-use email for lame signups.
My 10 minute mail · Disposable email address

You can go full disposable, one time use on these fake accounts. Or save the information somewhere if you need it more than once or to re-login again. Any spam will go to a dead email account after X number of minutes so no worries there, or any worries about a compromise. I have 20-30 fake identities on crap sites.
 

Quassar

Level 12
Verified
Well-known
Feb 10, 2012
585
I have 20 Chatacters with all special symbols and ANSI code :D (in some web not work spacebar and ANSI)

While login i use 2 Two channel auto-type(keepass which type passowrd in shake method) which are also encryptedwith SpyShelter
And in my mail i use yet 2FA(Authy) :)
 

Attachments

  • Ashampoo_Snap_niedziela, 31 grudnia 2017_19h21m03s_001_.png
    Ashampoo_Snap_niedziela, 31 grudnia 2017_19h21m03s_001_.png
    49.1 KB · Views: 297
  • Ashampoo_Snap_niedziela, 31 grudnia 2017_19h21m24s_002_.png
    Ashampoo_Snap_niedziela, 31 grudnia 2017_19h21m24s_002_.png
    55.2 KB · Views: 315
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top