Daily reminder that there are people who unironically take this as gospel

Daily reminder that there are people who unironically take this as gospel.

Attached: password_strength.png (740x601, 91K)

Other urls found in this thread:

ae7.st/g/test.html
twitter.com/AnonBabble

to be fair for a while people just ran brutes instead of dict attacks

anyone have a good stolen password list? like the ones from leaks an shit? where can I get those data dumps when "X COMPANY IS LEAKED"

Why is it wrong?

It isn't OP is just a contrarian
>but muh dictionary attacks
1. you can still throw in meme characters to fuck with a pure dictionary attack
2. there are more words than letters by huge amount, if you picked several uncommon words and mixed it up a bit (dreadnoughtStarshipanallyrapingsarahpalin#) you've got a solid password

the problem is retarded websites and banks put limits on password length, they can go die in a fire

Nobody brute forces. At best they use dictionary + topology. But even that is rare.

I recall watching some 1 hour talk on YouTube saying that the 100 most common topologies are used by 90% of the people.

Anyway, most hacks are because of database breaches and sites using horrible password security. Rather than having a complicated password, using a different password for each site is much, much more secure. I wish sites that still store passwords in plaintext could be held accountable.

If you wish to hack an individual, not brute forcing but social engineering is the way to go.

literally any infosec communities you're in glow-kun

>niggeratonguemyanus4chan
>niggerstonguemyanus9gag
>niggeratonguemyanusgaysexwithhatson
>niggerstonguemyanusfacebook
rate my passwords

I mean does rockyou have those leaks coallessed or something?

Whats topology

Niggertonguemyanus(websitename)

so yeah, really, that's a great password

N!gg3rtonguemyanus and it's perfect.

i feel like this entire argument is pointless because the point of failure is most likely to be the attacker finding the password through some other exploit or through phishing, not through the innate cryptographic security of the password itself

It's kind of dumb. People use common passwords because they're common. If the common method for developing passwords changed then that would be the target.

Regardless, I like using Military alphabet with certain letters I remember swapped out for numbers/symbols.

Most passwords are acquired via viruses/malware, phishing, subterfuge and inside hacking. Nearly all things that require a password can't be brute forced since those systems look out for that and shut down the ability to even try anything after a few fails. For everything else, it means the person has the time to brute force because they have the storage device or file in their possession. Dictionary attacks that use words, phrases, phrase abbreviations, and like combinations usually work pretty quickly for a password like in that image. Some brute force programs even access the internet and use stuff like google or wolframalpha to do the work for them.

TQBFJOTLD

Basically it has to do with the probability that your password can be cracked by brute force, the more bits of entropy your password has the harder it becomes to guess but only through brute force attacks.

ae7.st/g/test.html

I used to recommend a method of inserting a symbol in a long word and turns out it's pretty terrible irl. My apologies for anyone who took it seriously. ie "t.r.i.p.f.a.g.g.o.t.".

HOWEVER dictionary attacks complicate things because modern methods take heuristic approaches and out of the ~5K "common" English words in existence most people would choose the 4 "random" ones from a pool of only a few hundred because the aim is to easily memorize them (ie few would choose "autochthonouschiaroscuristcnemidocopteskierkegaardian" if any.

The real challenge then becomes how to defeat a brute force AND dictionary style attack while ALSO making passwords easy to remember.

Attached: 1490372496630.jpg (680x464, 45K)

>Anyway, most hacks are because of database breaches and sites using horrible password security. Rather than having a complicated password, using a different password for each site is much, much more secure.
This so fucking much. The important thing is that your accounts shouldn't be linked together.

a secret override script that measures the time between key presses to accurately understand the typing style of X person to properly read that and judge if it's the person under duress while he tries to remember the 3 passwords and different rules involving swapping voules and shit

I mean it would be a solid strat but unfortunately a lot of sites enforce special characters, numbers, etc in passwords so it'll be hard to remember regardless

>dictionary attacks
that's not an argument against diceware
that's an argument FOR diceware
7-word diceware can't be cracked with a dictionary attack except maybe with a glow-in-the-dark supercluster, in which case throw a few more words

le contrarian webcomic

Now that the dust has settled, what does everyone think of """security questions"""

>the problem is retarded websites and banks put limits on password length
Hard drive space is expensive, user.

Attached: [raffs].gif (538x572, 338K)

if your average word that's part of your password is the 200th most common word then it's more like the equivalent of 30 bits for four such words.

weak because your epic maymay is already a common phrase

useless shit
in theory a second password is nice but you always end up resetting it or forgetting about it

>200th most common words
If you're literally picking words like "dog" or "house" or "car" the yeah, it's shit

if your password is "solvetheJewishproblembyconvertingthemintooil#1488" then it's hella secure

Damn I hope you're trolling.

he is or he works for Rakesh Inuui Bank Today(TM)

for the r/4channelers here, a password hash will always be the same length and its salt is usually not too long. a 256 bit hash and salt takes 64 bytes per user. auth tokens take more but still

The only place it makes sense is during password reset: stop people who have access to your email account from resetting other passwords.

But too often people don't take it seriously and just enter garbage.
Then when they forgot their password they cannot reset and have to get their accounts deleted and re-created.

It's actually good advice.

Fine, but similarly to your password, you shouldn't JUST have the plain information as the answer. Put in something that will trip up an attacker. You should be notified of the attempt.

The stick figures are white.