Dear all,
Figured I'd post something on the forum for once. And I just wanted to ask about how seriously you guys treat your passwords and what do you think about the whole ''I will get hax0red if my password is my grandma's cats name" thing.
Personally, most of the stuff I use passwords for, such as gmail, random forums around the web and stuff like this, I honestly do not bother with using MD5 hash like passwords(in terms of length and complexity), because I find that I have nothing major to lose in those areas if I was to get ''hacked'' assuming that would happen.
However I do agree with the fact that in order to thwart your average script kiddie's efforts to brute-force his way into your email or whathaveyou is to utilise passwords such as - th3rM0n00Cl34rM0nk3y*!.
What I also found interesting is how long it takes for the simplest and most inefficient hacking technique (Brute-force) to crack anything of 7 chars in length and utilising mixed-case, special chars and numbers. Effectively, your average dual-core (correct me if I am mistaken?) would huff and puff at - "h3r0*As" for 2.1 years.
So what form of password do you most often use?
Also, this - because I can.
5 Responses
Average modern computer would take about 14 hours to crack "h3r0*As" without the "" and 9 years with them. The length makes things exponentially more difficult to crack. I have a few passwords that I just slap onto things that I never reuse and don't care about.. I have one password that is a master, is written nowhere, and is 30 characters long crossing all major character groups. The rest of the passwords I use frequently come out of a generator in my toolbar, they look like this:
,gD^c.VREu3XSJ?ZP{_(
Interesting. Then again, even 14 hours seem as enough of a deterrent for your average "hacker".
This is why I like to use two-factor authentication whenever possible. For example my Gmail password is usually above 16 characters while my bank will be a lot more. It will contain upper and lower characters, numbers and symbols. Each account I have will have a different password to the other so that way when one account gets compromised the other can't.
With two factor authentication - it might not be enough to keep the real determined and serious hackers out but it might be enough to confuse the script-kiddies. I wonder what you think of multi language characters? I've always thought adding English with another language would make the perfect password (so long as they contain upper and lower case, symbols, numbers and at least 12 characters in length).
I have also read a few articles over the past few weeks about passwords dying out. But I have an issue with that - what is going to be the replacement? Do we have to use webcams to have our eyes scanned or use touch-pads with our fingerprints? Frankly, I don't like the idea of giving my fingerprint over the internet.
Well that is my 2cents worth.
I agree on the first point, that no password should repeat. Point two - face recognition is still a "password" system.
The software calculates points on your face according to a pre-coded algorithm and compares it to the control, exactly how passwords and hashes work. A password is not necessarily a keyword, anything that can be used to grant access to something can be considered a password or a component of that item at least. Although I don't think I need to tell you how passwords work. :)
What bugs me the most is Moore's Law. If that keeps up, we will end up with computers powerful enough to slice through your 25 char long - two/three language ascii format password in days. What then? :P
We will need more powerful encryption mechanisms, and the matter of keeping things secret, not just secured will be important again.
Share Your Thoughts