Author

Topic: ㅤ (Read 221 times)

hero member
Activity: 952
Merit: 555
20BET - Premium Casino & Sportsbook
March 06, 2022, 09:07:13 AM
#23
  • Do not use words or a set of numbers as passwords
  • Do not use automatic password generators, it is better to come up with a complex password yourself, it may be easier to remember it.
  • Do not use a universal password to enter all sites (exchanges, wallets, etc.)
  • Do not store your passwords in the cloud and on Internet sites
  • Do not store your passwords in a text document on your computer desktop

This is true about the best way to secure your password is by combining both alphabets and numbers not less than 16 characters, I've come across some sites which will show you an indication to how strong your password is, while some site will not even accept only numbers or alphabets only as password, they will insist you correct it by mixing both and atimes if possible with the use of symbols in addition.

Lastly is not how long it is but how fast you can easily remember your password, therefore its good to make use of the combination of what is close to you, precious to you or what you do often as part of your password combination techniques which are things you can easily remember.
legendary
Activity: 2534
Merit: 1233
March 05, 2022, 06:57:44 PM
#22
But also remember the simple truths:

  • Do not use words or a set of numbers as passwords
  • Do not use automatic password generators, it is better to come up with a complex password yourself, it may be easier to remember it.
  • Do not use a universal password to enter all sites (exchanges, wallets, etc.)
  • Do not store your passwords in the cloud and on Internet sites
  • Do not store your passwords in a text document on your computer desktop
I tend to agree with this and these are true.
But the graphic might be oversimplified by the author which is not just easy to crack a password.  I have been watched on Youtube video tutorial on How Brute-force your online blockchain.info wallet with btcrecover and based on the video not just simply to brute force the password.

We should have extra care in our valuable stuff, especially crypto wallets, and be careful upon storing on our private key and password.

A funny FB post that was I found on Binance group, he was proud that he brought a Ledger wallet but the key was exposed. (Bit off-topic)

copper member
Activity: 2128
Merit: 1814
฿itcoin for all, All for ฿itcoin.
March 05, 2022, 06:41:08 PM
#21
Can someone explain why it takes seconds to brute force say a 7 digit number?  So someone password is say 8090050.  You telling me it would go through each number and then find a match?  Or it would not only find the match but then log in?
Are you for real?

With the good scripts and automation tools available. A hacker can take only seconds. Brute forcing is more like a trial and error method until the right credentials are got. So by the time they got the credentials, it means they tried logging in.

full member
Activity: 1792
Merit: 186
March 05, 2022, 05:27:26 PM
#20
Can someone explain why it takes seconds to brute force say a 7 digit number?  So someone password is say 8090050.  You telling me it would go through each number and then find a match?  Or it would not only find the match but then log in?
legendary
Activity: 2212
Merit: 7064
March 05, 2022, 05:01:38 PM
#19
Having strong password is very important, but it's best not to use same password multiple times on different websites, and you would be surprised how many people are doing that.
I would not try to remember many complex passwords, except maybe one master passwords and all other passwords should be saved in KeePass or some other open source password manager.
I think that passphrases are easier to remember and they can be very strong, considering that random is not always truly random when you are generating password.
member
Activity: 336
Merit: 41
March 05, 2022, 03:55:42 PM
#18


  • Do not use words or a set of numbers as passwords
  • Do not use automatic password generators, it is better to come up with a complex password yourself, it may be easier to remember it.
  • Do not use a universal password to enter all sites (exchanges, wallets, etc.)
  • Do not store your passwords in the cloud and on Internet sites
  • Do not store your passwords in a text document on your computer desktop
[/quote]

I strongly disagree with the second statement which says complex password may be easier to remember, cause just as the word "complex" implies, it's obvious that such a password with different characters can be that easy to remember especially one has many other differwnt passwords to other operations.

I remember creating a strong lenthy password of different characters for myself all in the name of strong security, only to end up looking myself out just because I forgot where a certain character comes before the other. KInda funny but it thought me a lesson, that I had to start moderating my passwords.
sr. member
Activity: 1764
Merit: 260
March 05, 2022, 12:06:47 PM
#17
I'm glad most of my passwords could take 400+ trillion years to decipher Smiley



Do you think it is possible to remember those passwords? Complex passwords cannot be remembered. Therefore you need to have a simple password that can be supported by 2FA.

Saving a password on the internet is always safe if you know how to securely use the cloud or the internet.
Yep it is possible to remember those complex passwords. People have ways on how they can memorize the combination of anything, even that combination of numbers, characters, symbols, etc.
I do not agree on saving password on the internet, even in cloud, it is unsafe. If someone was able to breach its location, he could use the password on sites, apps that exists, it might costs you loss of data and money.
legendary
Activity: 2422
Merit: 2228
Signature space for rent
March 05, 2022, 12:01:23 PM
#16
Great explanation and chart. Most account hacking happens due to the use of typical passwords. This means we usually remember a few passwords which have been used on multiple sites. So in case of leak or hack data from a site, hackers gain access to other account's passwords. This is a very bad habit of humans. Also, remembering different passwords for each account is quite complicated, but we should write all the passwords on hard paper and secure them in a safe place. Otherwise, it's hard to maintain all the passwords.
legendary
Activity: 3472
Merit: 10611
March 05, 2022, 11:41:34 AM
#15
Yep! This graphic sure definitely over-simplified things to the point that we could probably somewhat call it inaccurate, but I guess what's important is that they dumbed it down enough and got the point across for most newbies to easily grasp. Short passwords = bad, long passwords with complexity = good.
Yeah, I just wanted to point some little details out which is good to have in mind when thinking about security. Otherwise from an average Joe's perspective the table is informative.

While i agree with flaws of the chart, how many people know the name of used algorithm (let alone how secure is it)? Using longer password by default is safer option, especially for website which need to consider available CPU resource.
Good point, and I agree that you can never go wrong with a longer password (as long as you can).
I suppose it is the author of such charts responsibility to define the lengths based on the algorithm. I believe these stats are meant for website login passwords which is not for encryption and brute forcing involves computing some key derivation function like PBKDF2 which is super fast by design.
newbie
Activity: 14
Merit: 12
March 05, 2022, 09:07:08 AM
#14
over some years, as complexity is required and addition of password increased, humans have found it difficult to remember there password but makes  it  easier for  computer to generates password. it doesn't mean that complexity rules should be everted, but reconsider what makes it's ( password) complex and also consider it's usefulness.
hero member
Activity: 2156
Merit: 803
Top Crypto Casino
March 05, 2022, 08:44:25 AM
#13
Quote
  • Do not use words or a set of numbers as passwords
  • Do not use automatic password generators, it is better to come up with a complex password yourself, it may be easier to remember it.
  • Do not use a universal password to enter all sites (exchanges, wallets, etc.)
  • Do not store your passwords in the cloud and on Internet sites
  • Do not store your passwords in a text document on your computer desktop

Technically passwords are not human friendly. The more complex password you create the more chance is that you will forget. To create a strong password you need to have numbers, uppercase letters, lowercase letters and special characters in that password.

Do you think it is possible to remember those passwords? Complex passwords cannot be remembered. Therefore you need to have a simple password that can be supported by 2FA.

If anyone still wants a complex password then do keep a written document and always keep it somewhere safe otherwise you will never remember it.

Saving a password on the internet is always safe if you know how to securely use the cloud or the internet.
legendary
Activity: 2310
Merit: 4085
Farewell o_e_l_e_o
March 05, 2022, 08:34:06 AM
#12
Complex password is good but a more important thing is back up your password. Weak, strong or complex password, you always must back it up and store back up safely, secretly and available to use in case you need it.

If you are bad at password brute-force, you will lose your crypto if you lose (forget, broken backup or whatever reasons)

legendary
Activity: 882
Merit: 1873
Crypto Swap Exchange
March 05, 2022, 07:49:52 AM
#11
As years progress, more and more technology is being developed for hackers to improve in cracking down passwords. Better to create something that can be future proof at least!
Future proof is such a relative term.  Quantum computing could become a mainstream thing for what's worth and if such computers can be used for brute forcing, then the chart posted by Ratimov is going to be useless.  For now, the best future proof you can get is avoid having your passwords weakened by better hardware components.  And that probably means using a combination of minimum 15-17 random characters containing upper and lower case letters, symbols and numbers.

-
Regards,
PrivacyG
hero member
Activity: 2282
Merit: 795
March 05, 2022, 07:15:05 AM
#10
This is definitely an interesting post- it puts you into a perspective on how easy it is for hackers to crack complex passwords below 11 characters, even if you mix it with uppercase, lowercase, or special characters. As years progress, more and more technology is being developed for hackers to improve in cracking down passwords. Better to create something that can be future proof at least!

  • Do not use a universal password to enter all sites (exchanges, wallets, etc.)

I am somehow guilty with this. Since I forget easily my passwords, I use something that is universal where I just put some random characters and numbers, but the essence of the password is the same.

mk4
legendary
Activity: 2870
Merit: 3873
📟 t3rminal.xyz
March 05, 2022, 06:42:05 AM
#9
I really hope in this day and age that people know and/or are conscious of
those points above. I hope people have really gotten away from "password" and "qwerty1"
passwords

Fortunately most(if not all) decent sites/platforms now require capital letters, numbers and special characters, and have a minimum number of characters. And along with that, 2FA as well.
legendary
Activity: 882
Merit: 1873
Crypto Swap Exchange
March 05, 2022, 06:03:14 AM
#8
  • Do not use a universal password to enter all sites (exchanges, wallets, etc.)
This is such an undervalued step towards account security.  There is no point in having a strong password that is impossible to brute force if you use the same password on multiple accounts.  Only one of your accounts has to be leaked for all of your 'impossible to brute force' accounts to be compromised.

I think it is safe to say that there should be an universal basic rule of password creation: at least 12 characters containing upper and lower case alphabet + numbers and symbols.  Mine are typically at least 15 characters long, with many of my sensitive accounts having over 20.  Since all my passwords are randomly generated and almost impossible to remember anyway, the only annoying part is having to type a long password out.

'accident' is easier to crack than 'gltrozxu' even though both examples are passwords with only lowercase numbers. I doubt the second example can be instantly bruteforced.
I have always wondered, if this is the case then how about '4accident9@!' versus '4gltrozxu9@!'? Is it still easier to crack the former just because of the brute force English words list?

-
Regards,
PrivacyG
legendary
Activity: 2464
Merit: 1387
March 05, 2022, 05:09:57 AM
#7
^
Its a nice visual chart though and highlights the necessity to have a complex
password structure.


But also remember the simple truths:

  • Do not use words or a set of numbers as passwords
  • Do not use automatic password generators, it is better to come up with a complex password yourself, it may be easier to remember it.
  • Do not use a universal password to enter all sites (exchanges, wallets, etc.)
  • Do not store your passwords in the cloud and on Internet sites
  • Do not store your passwords in a text document on your computer desktop

I really hope in this day and age that people know and/or are conscious of
those points above. I hope people have really gotten away from "password" and "qwerty1"
passwords
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
March 05, 2022, 05:06:53 AM
#6
--snip--

In any case, I'm not trying to say "use small passwords" but the point is that you should also try to take a look at what algorithm you are using. I'd say a 10-char long BIP38 encryption password is a pretty strong one since you'd need a tremendous amount of computing power to break it.

While i agree with flaws of the chart, how many people know the name of used algorithm (let alone how secure is it)? Using longer password by default is safer option, especially for website which need to consider available CPU resource.
mk4
legendary
Activity: 2870
Merit: 3873
📟 t3rminal.xyz
March 05, 2022, 04:19:41 AM
#5
*snip*

Yep! This graphic sure definitely over-simplified things to the point that we could probably somewhat call it inaccurate, but I guess what's important is that they dumbed it down enough and got the point across for most newbies to easily grasp. Short passwords = bad, long passwords with complexity = good.
legendary
Activity: 3472
Merit: 10611
March 05, 2022, 03:47:55 AM
#4
There is a flaw to numbers like this which is they don't mention what encryption algorithm they belong to.

Take BIP38 for example, which is an encryption scheme used for bitcoin private keys. Brute forcing it is extremely slow and even a password with 4 or 5 letters (no number, no symbol) would take hours to crack whereas the picture here suggests "instantly".
In fact someone ran an experiment a couple of years ago and the one with 6 random characters was not cracked in 2 years and finally the owner moved the funds.

On the other hand a simpler/faster encryption algorithm could take far less time to brute force. Or worse,  algorithms that are not designed for security like the "passphrase" used in BIP39 to extend the seed phrase.

In any case, I'm not trying to say "use small passwords" but the point is that you should also try to take a look at what algorithm you are using. I'd say a 10-char long BIP38 encryption password is a pretty strong one since you'd need a tremendous amount of computing power to break it.
member
Activity: 271
Merit: 14
March 05, 2022, 02:55:18 AM
#3
I can relate, I'm running three email accounts on my phone and days back someone tried to log into my email account and the only thing stopping them is different location the hacker tried to log in from and my recovery email account, once location is different Gmail will sent a code to your recovery gmail account, I use words for that Gmail account I guess that's why they get my password easily.
legendary
Activity: 2730
Merit: 7065
March 05, 2022, 02:54:26 AM
#2
This is a good reminder that a strong password doesn't have to be simple to avoid being brute force and cracked. Use complex passwords with different sets of numbers, symbols, uppercase and lowercase letters.
More precisely, it can't be simple because it's instantly hackable judging by the information provided in the table. A password made up of only numbers can be instantly hacked even if it has 11 characters. The same rules apply to anything with lowercase letters of 8 characters or less.

I can't comment on the accuracy of the provided information and whether or not it's that easy. But there surely has to be a difference between using dictionary words and using random characters. 'accident' is easier to crack than 'gltrozxu' even though both examples are passwords with only lowercase numbers. I doubt the second example can be instantly bruteforced. I also think you would be safer with non-English words than English words in a password, if you absolutely have to use them.

I think that the timeframes are a bit too optimistic here.
hero member
Activity: 517
Merit: 11957
March 05, 2022, 02:24:59 AM
#1
Jump to: