It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
Community
General discussionPassword creations are redic(55 posts)(55 posts)
(55 posts)
Pages:
1
2
3
4
This is my favourite topic
Posted March 08, 2016
avatar
tinyE: 12345
Well, between 1962 and 1977 the code to the US nuclear arsenal was 00000000. That's not me making a joke, either.
Posted March 08, 2016
avatar
rtcvb32: Passwords really need to be thrown out, and replaced with pass-phrases. Sure adding in and replacing letters with unexpected things can help strengthen it, but true brute force is usually not needed, rather a list of common passwords often works. Some of the easiest passwords to crack are simply 'password'.
Read above.
Posted March 08, 2016
avatar
Matewis: 0118 999 881 999 119 725 3
That's dumb. Just email them.

SUBJECT: Fire

Dear sir or madam,

I am writing to inform you of a fire that has broken out on the premises of...

wait. Maybe some thing more urgent:


Fire! Fire! Help!


That episode actually reminds me of the highly ridiculous event that happened in the US where a student got in trouble for assisting a student instead of waiting for the nurse to answer an email about how to proceed with a student on the floor having an asthma attack.

https://www.washingtonpost.com/news/morning-mix/wp/2016/01/24/texas-eight-grader-suspended-for-rescuing-classmate-during-asthma-attack/
Posted March 08, 2016
avatar
rtcvb32: Passwords really need to be thrown out, and replaced with pass-phrases. Sure adding in and replacing letters with unexpected things can help strengthen it, but true brute force is usually not needed, rather a list of common passwords often works. Some of the easiest passwords to crack are simply 'password'.
The quick brown fox jumps over the lazy dog
Posted March 08, 2016
avatar
Romire: Gotta admit that making a password is completely weird!
G4tmap1cw!
Posted March 08, 2016
avatar
tinyE: 12345
Liar! Your real password is:
ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn
Posted March 08, 2016
Brute forcing should NEVER work. Any system that doesn't lock an account and send a notification after a certain number of failed attempts is a bad system.
Posted March 08, 2016
Well, if you think about it, have you ever really passed a word?
Posted March 08, 2016
avatar
Romire: Gotta admit that making a password is completely weird!
Tried using a 20 numercial password with numbers - Password not safe
Tried using 10 and 5 numbers - Password not safe
After 20 mins of trying i made something short and random...it accepted!
#Logic
That's strange. For the record just as a data point, I use a password on GOG that is 20 characters and includes both upper and lower case, numbers and punctuation randomly generated by software and it works fine. I have not changed my password in a while however so it is possible bugs could be introduced or something but it seems rather unlikely. If you continue to have problems, contact GOG support.
Posted March 08, 2016
avatar
Maxvorstadt: The quick brown fox jumps over the lazy dog
That is simply not secure at all. Let me fix it for you:

god yzal eht revo spmuj xof nworb kciuq ehT
Posted March 08, 2016
avatar
RWarehall: Brute forcing should NEVER work. Any system that doesn't lock an account and send a notification after a certain number of failed attempts is a bad system.
Depends. Unix and related systems used to have a hash table of the password that the system used for logging in. Accessing that you could make unlimited retries without ever having to actually make a password attempt. Often with hacked sites this is what is stolen and then shortly after tens of millions of combinations are brute-forced. Website databases especially will have this issue, since Unix moved to shadow passwords (the hashed password is a separate protected file only root has access to, and in turn the login client)

I agree though, overtly strong passwords with a 3-5 attempt system before locking you down is absurd. Reminds me of working at Fred Meyers, and the mandatory 3 month new password system where you couldn't reuse the last 10 passwords, making you either append to the password with something stupid (like a 1) or come up with a different password.
Posted March 09, 2016
avatar
Titanium: Well, if you think about it, have you ever really passed a word?
I eat a lot of Alpha-Bits cereal...
Posted March 09, 2016
avatar
Romire: Gotta admit that making a password is completely weird!

Tried using a 20 numercial password with numbers - Password not safe
Tried using 10 and 5 numbers - Password not safe

-.-

After 20 mins of trying i made something short and random...it accepted!

#Logic
you are not trying to create a password that a human couldn't guess.

you are trying to create a password that a machine would have a hard time guessing, a machine that is aided by massive databases of both stored captured passwords and heuristic rulesets for word and character probability.

l0ngl1veth3k1ngPOTATOES is a shit password not because a human could easily guess it but because a machine could. maybe not one that long but it is still on the weaker side of things. random and write it on paper. memorise the ones you use most.
Posted March 09, 2016
avatar
Romire: Gotta admit that making a password is completely weird!
Tried using a 20 numercial password with numbers - Password not safe
Tried using 10 and 5 numbers - Password not safe
After 20 mins of trying i made something short and random...it accepted!
#Logic
avatar
skeletonbow: That's strange. For the record just as a data point, I use a password on GOG that is 20 characters and includes both upper and lower case, numbers and punctuation randomly generated by software and it works fine. I have not changed my password in a while however so it is possible bugs could be introduced or something but it seems rather unlikely. If you continue to have problems, contact GOG support.
Not so strange if you carefully read what the OP actually tried. Though, even with numbers only, it's still 10**20...
Posted March 09, 2016
avatar
RWarehall: Brute forcing should NEVER work. Any system that doesn't lock an account and send a notification after a certain number of failed attempts is a bad system.
avatar
rtcvb32: Depends. Unix and related systems used to have a hash table of the password that the system used for logging in. Accessing that you could make unlimited retries without ever having to actually make a password attempt. Often with hacked sites this is what is stolen and then shortly after tens of millions of combinations are brute-forced. Website databases especially will have this issue, since Unix moved to shadow passwords (the hashed password is a separate protected file only root has access to, and in turn the login client)
Just be aware that it is still possible for someone to do harm. It involves the following steps:
1. Get root access to server, and hence to the shadow password file.
2. Brute force the passwords in parallel. There is a good chance that at least one of them has an easy password to crack. We now have a username/password combination that is valid on this server.
3. Try the username/password combination on other servers. We have now gained access to the other server, and hence to that user's personal details. This has a good chance of working because people tend to reuse passwords on multiple sites (and is why you should use a different password for every site).
Pages:
1
2
3
4
This is my favourite topic
Community
General discussionPassword creations are redic(55 posts)(55 posts)
(55 posts)