It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
Rubberbabybuggybumpers420

Eh? Eh?!
secret


No, didn't work.
P@st3lP0n13s&g14lbOts

eh that feature isn't working for me either
Post edited September 09, 2015 by Rusty_Gunn
Dammit, this thread gave me the flu AND changed the locks on my door.
avatar
awalterj: How about using one of the 20 most popular passwords from the Ashley Madison website:
avatar
Crosmando: Why are people so goddamn stupid?
I don't think they are really stupid, just unaware of different ways the security is hacked by the bad people. E.g. "brute-force attacks" don't mean anything to common people.

They just think that the only way to log into their account is if some human either sees your password while you type it in, or just invents it out of blue, like "Hey, she has a dog called Sparky, so I wonder... Yes, it worked!". After all, that's how the passwords are "cracked" in movies, ie. it is the first name of the late son of the account holder or some such shit (Wargames?). Even in Die Hard the password to the big money vault was something like "Red Castle", related to Japanese mythology or something?

They have no idea there are some brute-force methods where a NVidia GTX 980 GPU is used to try zillions of different passwords per second, and the only weapon against that is to use a password like ahorsestaplecorrectayayaycarambaaaa or l33Th4Ck3R.
avatar
timppu: or l33Th4Ck3R.
These actually don't work anymore. Modern brute-force tools check for common letter substitutions.
avatar
timppu: or l33Th4Ck3R.
avatar
Starmaker: These actually don't work anymore. Modern brute-force tools check for common letter substitutions.
Either does biometrics, but that doesn't stop the tech companies and governments from trying to shove it down our throats. It's all been hacked and reverse engineered and it hasn't even been rolled out yet.
avatar
AntonB: Fun little known fact: if you actually type your password anywhere in GOG, the system censors it to prevent you giving access to your account to anyone else. For example, my password is ******. Try it yourself!
gofuckyourself

Nah, didn't work.
avatar
Crosmando: Why are people so goddamn stupid?
avatar
timppu: I don't think they are really stupid, just unaware of different ways the security is hacked by the bad people.
Using "123456" as a password is a bad idea. It's basic knowledge for anyone who has used the internet for more than a week.
Poorer the security, Easier to claim insurance money.
avatar
timppu: or l33Th4Ck3R.
avatar
Starmaker: These actually don't work anymore. Modern brute-force tools check for common letter substitutions.
Yes, I remember reading that from that same cartoon which mentioned the "horsestablecorrectbombaayamblaa"-password as the most secure one, or something, but I still decided to mention it anyway.

Either way, I guess it doesn't matter which kind of password you use, in case you have keylogger malware on your PC. Like Windows 10. It will catch "horsestablecorrect" with ease as well while you type it.
avatar
timppu: They have no idea there are some brute-force methods where a NVidia GTX 980 GPU is used to try zillions of different passwords per second, and the only weapon against that is to use a password like ahorsestaplecorrectayayaycarambaaaa or l33Th4Ck3R.
This video has some good ideas to pick a password
https://youtu.be/yzGzB-yYKcc
avatar
apehater: how long should be a bruteforce resistant password?
Can be very short. Something like 4k!F6bLx should be quite safe already. Problem is that you'll have a hard time remembering it. That's why I love sites that allow long passwords, like R2D2AndC3POAreMyFavoriteDroids!HaveFunHackingThis!
avatar
Ingsoc85: This video has some good ideas to pick a password
https://youtu.be/yzGzB-yYKcc
I'll check if that has some new information. Many year ago I once used some very long passphrase for encypting a RAR file (e.g. "this_file_is_for_personal_use_only") because I copied it through some public server where someone else might theoretically get a hold of it too, but later I couldn't remember the exact passphrase anymore. :) Maybe the "only" was in the different place, or wasn't there at all originally, or I didn't actually use underscores but wrote it all together, etc. I just couldn't remember anymore. Oh well, I couldn't open that rar file anymore, and I had deleted the original uncompressed source files already. Something that you think should be easy to remember, isn't so necessarily.

By the way, when talking about these "brute force attacks", are people suggesting scripts trying to log in continuously to different GOG.com accounts, or hackers having an offline database with usernames and passwords, and trying to brute-force the passwords out of it? So the antibot measures like "click on all the pictures with penguins in it" do not work, they don't block such bots/scripts from continuosly trying to log in with different passwords?

That occurred to me as Snowden mentioned in that video that a normal 8-digit password can be brute-forced in less than a second. I presume he was referring to a case where you have a whole username/password database in your own possession, not when trying to repeatedly log in to someone's account on some website with a bot script?

So if people believe GOG accounts are being brute-forced, shouldn't it mean the hackers have first been able to copy all the GOG username/password databases from GOG servers? Or?


avatar
Ingsoc85: This video has some good ideas to pick a password
https://youtu.be/yzGzB-yYKcc
Ok so that video mainly said one should use a long and easily remembered passphrase. Ok then, I already did e.g. with the RAR file many many years ago, too bad I forgot the exact passphrase, only remembering it vaguely. :)
Post edited September 09, 2015 by timppu
avatar
timppu: By the way, when talking about these "brute force attacks", are people suggesting scripts trying to log in continuously to different GOG.com accounts, or hackers having an offline database with usernames and passwords, and trying to brute-force the passwords out of it?
I hope (and think) we're talking about people trying to log in on GOG.com, because there's no "brute force safe" password if someone has a local copy of the database. Modern CPUs wouldn't need a lot of time to throw a dictionary at our accounts if there's no slow server in their way.