NOOOO YOUR PASSWORD NEEDS TO BE 64 CHARACTERS WITH ALTERNATING CASES, NUMBERS...

>NOOOO YOUR PASSWORD NEEDS TO BE 64 CHARACTERS WITH ALTERNATING CASES, NUMBERS, SPECIAL CHARACTERS AND AT LEAST TWO LETTERS FROM THE CYRILLIC, GREEK AND GEORGIAN ALPHABETS
>*stores password as plaintext and gets hacked anyway*

Attached: 1568833589427.jpg (720x720, 61K)

>not using a password like "secretpassword"

Attached: 155401050435.jpg (500x495, 56K)

i dont understand why this is necssary since most services wont allow your script to guess more than 3 passowrds in 10 minutes

if they get hacked and the hashes go public then people can bruteforce them at their leisure

damn thats nice, never thought about it

Use a password manager!
>stored in plaintext
You can tell when a website does this, when they ask you stuff like
>don't use symbols like ';', '(', and ')'
implying that it'll mess with their database tables or something. Sadly, credit card companies do that, so you should expect all of our credit card numbers to be leaked in the next year or so, screenshit this

Attached: 1329708755952.gif (300x250, 499K)

>applel

Attached: 1538756100215.png (714x834, 393K)

All my passwords are N repetitions of "faggot"

>Sadly, credit card companies do that, so you should expect all of our credit card numbers to be leaked in the next year or so, screenshit this
This is why you max out my cards and get new ones constantly.

>plaintext
just use gpg

OP means the site stores them plain anyway

How do they know it's my script?

Just use the password chrome suggests

>n0t us1ng 1337 pa55w0rd5
Realtime Hacking

Still will take hundreds if not thousands attempts or am I wrong?

redpill me on password dbs/managers considering I access things from a PC, a laptop and a smartphone? I would have to keep a copy of the db on each, right?

I use pass on linux, with a git repository to store and sync to my laptop, all encrypted with pgp

2000 attempts can be done in a microsecond.

KeePass on Desktop and Laptop
Kee for Firefox for Browser Auto-fill
Keepass2Android for Phone
Nextcloud your database between all 3
or if you're really devilish then put the database on mega/google drive
or just use Bitwarden
LastPass/1Password shills are to be ignored

How bad it is to use passwords like these :
The SamePassword[name of the site]

That way I have different passwords for every site

A thousand attempts won't take long with a computer

Smartphone is insecure, access only junk sites from it, and use junk passwords for them, like hunter2.

I like this pepe edit

I do the same except I don't use the ff extension. good advice

Horrible
One leak is enough to compromise all other passwords

>password123

Attached: gfgds.jpg (1068x601, 65K)

But companies give you captcha after few attempts?

Yeah. You bruteforce from hashes and then use the correct one on your target

If you compute a hash of that and use the hash as the password. It's better if the password is long and random. Remembering a long 20 character password can take a week or so. You can split it into 4 smaller groups of characters and remember them separately.

How do you even brute force even without signing in and checking if it works, if you do that won't you be solving captcha after each wrong password?

>2018

>Person who created password policy is some executive with a BA in music theory and a MA in creative writing that took a weekend course on cybersecurity.
>They get paid high 6 figures
>Person who implements policy is busy sysadmin who gets paid $65,000 and won't get corporate approval to create needed infrastructure.

This is why this shit happens.

Most secure is keepass with syncthing hosted at home on an encrypted drive. Drains battery and requires a bit of upkeep.

Second most secure is bitwarden_rs hosted in docker compose either at home or locked down VPS somewhere.

>Why yes user, I do use Last Pass and of course I pay for premium services. Now if you'll excuse me, I have to attend the weekly project managers gold retreat

>not using a password that isn't valid with the parameters given on the site, literally making dictionary attacks useless
lmao get rekt

>not using a phrase like this as a passphase
>not allowing space in passwords
is this 2009?

>stored in plaintext to google botnet data miners