Page 3 of 6 FirstFirst 123456 LastLast
Results 31 to 45 of 80

Thread: How secure is your password?

  1. #31
    Join Date
    Dec 2012
    Location
    Northeast TN
    Posts
    217
    Being particularly ignorant about passwords and computers, wouldn't I simply put a key stroke logger on your PC, or run some software which reads the Password file in your PC, if I wanted this information?

    I always assume that anything I put in my PC, and anywhere in the net, is public information.

    I equate it to having a security systems on a car..it takes a professional thief all of five seconds to penetrate the 'security'.

  2. #32
    Join Date
    Feb 2003
    Location
    Doylestown, PA
    Posts
    7,551
    Quote Originally Posted by Scott Shepherd View Post
    And I'm sure if that were your target, you're not some hack in your parent's basement, you're backed by some serious money, which would allow you to step up to some fairly serious computing power where your supercomputer(s) did nothing but work on the issue 24/7 at a really fast pace. You could spend $20,000,000 on a state of the art computer center that did nothing but work on cracking it, and you'd still make a ton of money if you could ever crack it.
    I'm not even sure you'd need mega money to build a cracking setup. I don't understand the theory or practice but I've seen articles where people have built a chassis to hold a number of high end GPUs. As I understand it the sort of math operations that go into rendering 3D graphics are also useful for brute forcing passwords. GPUs are optimized for those math operations. Here's a 2 year old article:

    In a test, the researcher’s system was able to churn through 348 billion NTLM password hashes per second. That renders even the most secure password vulnerable to compute-intensive brute force and wordlist (or dictionary) attacks. A 14 character Windows XP password hashed using LM NTLM (NT Lan Manager), for example, would fall in just six minutes, said Per Thorsheim, organizer of the Passwords^12 Conference.


    https://securityledger.com/2012/12/n...ds-in-seconds/
    Last edited by Curt Harms; 07-10-2014 at 7:33 AM.

  3. #33
    That would be true if a simple password was what was keeping them out of those large databases, but it's not. There's a lot more to getting into a bank database than guessing a password.
    Lasers : Trotec Speedy 300 75W, Trotec Speedy 300 80W, Galvo Fiber Laser 20W
    Printers : Mimaki UJF-6042 UV Flatbed Printer , HP Designjet L26500 61" Wide Format Latex Printer, Summa S140-T 48" Vinyl Plotter
    Router : ShopBot 48" x 96" CNC Router Rotary Engravers : (2) Xenetech XOT 16 x 25 Rotary Engravers

    Real name Steve but that name was taken on the forum. Used Middle name. Call me Steve or Scott, doesn't matter.

  4. #34
    Join Date
    Nov 2007
    Location
    Glenelg, MD
    Posts
    12,256
    Blog Entries
    1
    I'm reminded of this XKCD (which, incidentally (but not accidentally) came out just a couple of days after the NSA changed their password requirements to 16 characters):
    password_strength.png
    Hi-Tec Designs, LLC -- Owner (and self-proclaimed LED guru )

    Trotec 80W Speedy 300 laser w/everything
    CAMaster Stinger CNC (25" x 36" x 5")
    USCutter 24" LaserPoint Vinyl Cutter
    Jet JWBS-18QT-3 18", 3HP bandsaw
    Robust Beauty 25"x52" wood lathe w/everything
    Jet BD-920W 9"x20" metal lathe
    Delta 18-900L 18" drill press

    Flame Polisher (ooooh, FIRE!)
    Freeware: InkScape, Paint.NET, DoubleCAD XT
    Paidware: Wacom Intuos4 (Large), CorelDRAW X5

  5. #35
    Join Date
    Feb 2003
    Location
    Doylestown, PA
    Posts
    7,551
    Quote Originally Posted by Scott Shepherd View Post
    That would be true if a simple password was what was keeping them out of those large databases, but it's not. There's a lot more to getting into a bank database than guessing a password.
    I'm sure that's true. Cracking the POS system at a busy retailer may not be as lucrative as Chase or Bank of America but I'll bet it's a lot easier and still well worth the effort.
    Last edited by Curt Harms; 07-11-2014 at 7:14 AM.

  6. #36
    Join Date
    Oct 2006
    Location
    Minneapolis, MN
    Posts
    5,427
    The problem with requiring ridiculous long or complex passwords or frequent password changes is users will write their password down because they can't remember it. If someone's password is on a Post-It stuck to the monitor there is no security at all. I was at a Ford dealership about a decade ago and the monitor was completely surrounded by notes showing passwords for different systems.

    There are serious questions if requiring password changes on a regular basis really improves security. If someone is able to break into an account the damage is usually done right away and the password may not change again for weeks. Frequent password changes make it more likely users will write down passwords.
    Last edited by Brian Elfert; 07-11-2014 at 9:07 AM.

  7. #37
    The only "good part" of people writing down their pw's because they're too complex to remember is that a hacker can't see the Post-it note in your desk drawer.. or the notecard in your wallet... (key phrase, "only good part")... just trying to see the silver lining

  8. #38
    I've had 3 passwords, ever. Because of "rules", like 'your password must contain at least one captial, one letter, one number, one symbol, 1 Russian letter and 1 Chinese character' (groan), I've added them in when needed. And because of that I have a "login info" notepad stuck to the desktop of every computer I own so I can remember the additions. (but I don't actually spell out the passwords themselves)

    2 of my passwords are actual words. My best password is an 11 character mishmash of letters that means completely nothing, and not one single real English-language word can be formed-not even a 2-letter word- from the characters when read left-to-right OR right-to-left. IMO it's completely un-guessable. My own invented, personal word. And, it's a word I can pronounce. Because of that, I'll never forget it.
    ========================================
    ELEVEN - rotary cutter tool machines
    FOUR - CO2 lasers
    THREE- make that FOUR now - fiber lasers
    ONE - vinyl cutter
    CASmate, Corel, Gravostyle


  9. #39
    Join Date
    Sep 2009
    Location
    Atlanta, GA
    Posts
    6,393
    So .......

    You are saying that 123abc can be improved on?

    Hmmmm....may be something to that.

    How about my first name and birthday? Is that better?


    When I started woodworking, I didn't know squat. I have progressed in 30 years - now I do know squat.

  10. #40
    Join Date
    Oct 2007
    Location
    Arlington, VA
    Posts
    1,850
    I've always preferred this one:

    http://www.explainxkcd.com/wiki/imag...word_reuse.png
    Attached Images Attached Images

  11. #41
    Join Date
    Oct 2011
    Location
    Blairstown, NJ
    Posts
    270
    Quote Originally Posted by Art Mann View Post
    Accounts that people would really want to keep secure - bank account access for example - will only allow three tries and then you are locked out until you get the password reset by some secure method.
    That's correct. And locked means locked to everybody, including the security engineers at the bank/brokerage, plus any and all hackers. The only way to unlock is usually to answer the "Memorable Questions" (e.g. "First name of your best man" ,etc.). So... don't ever store your memorable answers on your computer.

    Financial transactions are very secure. Whenever you read about lists of passwords being stolen, that is from "flat files" (which Sawmillcreek.org probably uses), not encrypted security applications, like Siteminder, which all bank/brokerages use. At the latter, there are NO employees who have access to your password.

    Disclaimer: worked at HSBC.com secure portal for 5 years.

  12. #42
    Quote Originally Posted by Tom Fischer View Post
    And locked means locked to everybody, including the security engineers at the bank/brokerage, plus any and all hackers.
    There is always someone that can get in.

    Always.

  13. #43
    Oh well, forget everything discussed.....

    http://www.nytimes.com/2014/08/06/te...ials.html?_r=0
    Lasers : Trotec Speedy 300 75W, Trotec Speedy 300 80W, Galvo Fiber Laser 20W
    Printers : Mimaki UJF-6042 UV Flatbed Printer , HP Designjet L26500 61" Wide Format Latex Printer, Summa S140-T 48" Vinyl Plotter
    Router : ShopBot 48" x 96" CNC Router Rotary Engravers : (2) Xenetech XOT 16 x 25 Rotary Engravers

    Real name Steve but that name was taken on the forum. Used Middle name. Call me Steve or Scott, doesn't matter.

  14. #44
    The most secure password I use regularly would take 88 nonillion years to crack according to that site.


    • Length: 26 characters
    • Character Combinations: 77
    • Calculations Per Second: 4 billion
    • Possible Combinations: 11 quindecillion

    My least secure, and no longer used alone (due to various sites being hacked in the past) would last about 10 hours.

    Now my password methodology consists of five separate passwords with each used in combination, and each password according to this site ranging from 6-14 years to hack.
    1, 2, 3, 4, 5 passwords used in combination for a given site:
    1+5
    2+1+5
    5+_+3

  15. #45
    Join Date
    Aug 2010
    Location
    USA
    Posts
    5,582
    Quote Originally Posted by Dale Murray View Post
    The most secure password I use regularly would take 88 nonillion years to crack according to that site.


    • Length: 26 characters
    • Character Combinations: 77
    • Calculations Per Second: 4 billion
    • Possible Combinations: 11 quindecillion

    My least secure, and no longer used alone (due to various sites being hacked in the past) would last about 10 hours.

    Now my password methodology consists of five separate passwords with each used in combination, and each password according to this site ranging from 6-14 years to hack.
    1, 2, 3, 4, 5 passwords used in combination for a given site:
    1+5
    2+1+5
    5+_+3
    If the NY Times article Scott provided has any merit it don't matter how secure you think you are or what those fancy calculations tell you. You are at risk just like if you were using abc123 (one of my old passwords)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •