ㅤ | Bitcointalksearch.org

Dunamisx

hero member

Activity: 952

Merit: 555

Quote from: Symmetrick on March 05, 2022, 02:24:59 AM

Do not use words or a set of numbers as passwords
Do not use automatic password generators, it is better to come up with a complex password yourself, it may be easier to remember it.
Do not use a universal password to enter all sites (exchanges, wallets, etc.)
Do not store your passwords in the cloud and on Internet sites
Do not store your passwords in a text document on your computer desktop

This is true about the best way to secure your password is by combining both alphabets and numbers not less than 16 characters, I've come across some sites which will show you an indication to how strong your password is, while some site will not even accept only numbers or alphabets only as password, they will insist you correct it by mixing both and atimes if possible with the use of symbols in addition.

Lastly is not how long it is but how fast you can easily remember your password, therefore its good to make use of the combination of what is close to you, precious to you or what you do often as part of your password combination techniques which are things you can easily remember.

sheenshane

legendary

Activity: 2492

Merit: 1232

Quote from: Symmetrick on March 05, 2022, 02:24:59 AM

But also remember the simple truths:

Do not use words or a set of numbers as passwords
Do not use automatic password generators, it is better to come up with a complex password yourself, it may be easier to remember it.
Do not use a universal password to enter all sites (exchanges, wallets, etc.)
Do not store your passwords in the cloud and on Internet sites
Do not store your passwords in a text document on your computer desktop

I tend to agree with this and these are true.
But the graphic might be oversimplified by the author which is not just easy to crack a password. I have been watched on Youtube video tutorial on How Brute-force your online blockchain.info wallet with btcrecover and based on the video not just simply to brute force the password.

We should have extra care in our valuable stuff, especially crypto wallets, and be careful upon storing on our private key and password.

A funny FB post that was I found on Binance group, he was proud that he brought a Ledger wallet but the key was exposed. (Bit off-topic)

Bitcoin_Arena

copper member

Activity: 2114

Merit: 1814

฿itcoin for all, All for ฿itcoin.

Quote from: jerry0 on March 05, 2022, 05:27:26 PM

Can someone explain why it takes seconds to brute force say a 7 digit number? So someone password is say 8090050. You telling me it would go through each number and then find a match? Or it would not only find the match but then log in?

Are you for real?

With the good scripts and automation tools available. A hacker can take only seconds. Brute forcing is more like a trial and error method until the right credentials are got. So by the time they got the credentials, it means they tried logging in.

jerry0

full member

Activity: 1750

Merit: 186

Can someone explain why it takes seconds to brute force say a 7 digit number? So someone password is say 8090050. You telling me it would go through each number and then find a match? Or it would not only find the match but then log in?

dkbit98

legendary

Activity: 2212

Merit: 7064

Having strong password is very important, but it's best not to use same password multiple times on different websites, and you would be surprised how many people are doing that.
I would not try to remember many complex passwords, except maybe one master passwords and all other passwords should be saved in KeePass or some other open source password manager.
I think that passphrases are easier to remember and they can be very strong, considering that random is not always truly random when you are generating password.

Markinzo

member

Activity: 336

Merit: 41

Do not use words or a set of numbers as passwords
Do not use automatic password generators, it is better to come up with a complex password yourself, it may be easier to remember it.
Do not use a universal password to enter all sites (exchanges, wallets, etc.)
Do not store your passwords in the cloud and on Internet sites
Do not store your passwords in a text document on your computer desktop

[/quote]

I strongly disagree with the second statement which says complex password may be easier to remember, cause just as the word "complex" implies, it's obvious that such a password with different characters can be that easy to remember especially one has many other differwnt passwords to other operations.

I remember creating a strong lenthy password of different characters for myself all in the name of strong security, only to end up looking myself out just because I forgot where a certain character comes before the other. KInda funny but it thought me a lesson, that I had to start moderating my passwords.

Eureka_07

sr. member

Activity: 1764

Merit: 260

Binance #SWGT and CERTIK Audited

I'm glad most of my passwords could take 400+ trillion years to decipher

Quote from: pakhitheboss on March 05, 2022, 08:44:25 AM

Do you think it is possible to remember those passwords? Complex passwords cannot be remembered. Therefore you need to have a simple password that can be supported by 2FA.

Saving a password on the internet is always safe if you know how to securely use the cloud or the internet.

Yep it is possible to remember those complex passwords. People have ways on how they can memorize the combination of anything, even that combination of numbers, characters, symbols, etc.
I do not agree on saving password on the internet, even in cloud, it is unsafe. If someone was able to breach its location, he could use the password on sites, apps that exists, it might costs you loss of data and money.

The Cryptovator

legendary

Activity: 2394

Merit: 2223

Signature space for rent

Great explanation and chart. Most account hacking happens due to the use of typical passwords. This means we usually remember a few passwords which have been used on multiple sites. So in case of leak or hack data from a site, hackers gain access to other account's passwords. This is a very bad habit of humans. Also, remembering different passwords for each account is quite complicated, but we should write all the passwords on hard paper and secure them in a safe place. Otherwise, it's hard to maintain all the passwords.

pooya87

legendary

Activity: 3472

Merit: 10611

Quote from: mk4 on March 05, 2022, 04:19:41 AM

Yep! This graphic sure definitely over-simplified things to the point that we could probably somewhat call it inaccurate, but I guess what's important is that they dumbed it down enough and got the point across for most newbies to easily grasp. Short passwords = bad, long passwords with complexity = good.

Yeah, I just wanted to point some little details out which is good to have in mind when thinking about security. Otherwise from an average Joe's perspective the table is informative.

Quote from: ABCbits on March 05, 2022, 05:06:53 AM

While i agree with flaws of the chart, how many people know the name of used algorithm (let alone how secure is it)? Using longer password by default is safer option, especially for website which need to consider available CPU resource.

Good point, and I agree that you can never go wrong with a longer password (as long as you can).
I suppose it is the author of such charts responsibility to define the lengths based on the algorithm. I believe these stats are meant for website login passwords which is not for encryption and brute forcing involves computing some key derivation function like PBKDF2 which is super fast by design.

Rich222

newbie

Activity: 14

Merit: 12

over some years, as complexity is required and addition of password increased, humans have found it difficult to remember there password but makes it easier for computer to generates password. it doesn't mean that complexity rules should be everted, but reconsider what makes it's ( password) complex and also consider it's usefulness.

pakhitheboss

hero member

Activity: 2156

Merit: 803

Top Crypto Casino

Quote

Do not use words or a set of numbers as passwords
Do not use automatic password generators, it is better to come up with a complex password yourself, it may be easier to remember it.
Do not use a universal password to enter all sites (exchanges, wallets, etc.)
Do not store your passwords in the cloud and on Internet sites
Do not store your passwords in a text document on your computer desktop

Technically passwords are not human friendly. The more complex password you create the more chance is that you will forget. To create a strong password you need to have numbers, uppercase letters, lowercase letters and special characters in that password.

Do you think it is possible to remember those passwords? Complex passwords cannot be remembered. Therefore you need to have a simple password that can be supported by 2FA.

If anyone still wants a complex password then do keep a written document and always keep it somewhere safe otherwise you will never remember it.

Saving a password on the internet is always safe if you know how to securely use the cloud or the internet.

tranthidung

legendary

Activity: 2310

Merit: 4085

Farewell o_e_l_e_o

Complex password is good but a more important thing is back up your password. Weak, strong or complex password, you always must back it up and store back up safely, secretly and available to use in case you need it.

If you are bad at password brute-force, you will lose your crypto if you lose (forget, broken backup or whatever reasons)

[GUIDE] How to Create a Strong/Secure Password
Some password managers to use
- Keepass: https://keepass.info/
- Keepass (for Android): https://play.google.com/store/apps/details?hl=en&id=com.android.keepass
- Password safe: https://pwsafe.org/

PrivacyG

hero member

Activity: 882

Merit: 1873

Crypto Swap Exchange

Quote from: qwertyup23 on March 05, 2022, 07:15:05 AM

As years progress, more and more technology is being developed for hackers to improve in cracking down passwords. Better to create something that can be future proof at least!

Future proof is such a relative term. Quantum computing could become a mainstream thing for what's worth and if such computers can be used for brute forcing, then the chart posted by Ratimov is going to be useless. For now, the best future proof you can get is avoid having your passwords weakened by better hardware components. And that probably means using a combination of minimum 15-17 random characters containing upper and lower case letters, symbols and numbers.

-
Regards,
PrivacyG

qwertyup23

hero member

Activity: 2268

Merit: 789

This is definitely an interesting post- it puts you into a perspective on how easy it is for hackers to crack complex passwords below 11 characters, even if you mix it with uppercase, lowercase, or special characters. As years progress, more and more technology is being developed for hackers to improve in cracking down passwords. Better to create something that can be future proof at least!

Quote from: Symmetrick on March 05, 2022, 02:24:59 AM

Do not use a universal password to enter all sites (exchanges, wallets, etc.)

I am somehow guilty with this. Since I forget easily my passwords, I use something that is universal where I just put some random characters and numbers, but the essence of the password is the same.

mk4

legendary

Activity: 2870

Merit: 3873

Paldo.io 🤖

Quote from: aoluain on March 05, 2022, 05:09:57 AM

I really hope in this day and age that people know and/or are conscious of
those points above. I hope people have really gotten away from "password" and "qwerty1"
passwords

Fortunately most(if not all) decent sites/platforms now require capital letters, numbers and special characters, and have a minimum number of characters. And along with that, 2FA as well.

PrivacyG

hero member

Activity: 882

Merit: 1873

Crypto Swap Exchange

Quote from: Symmetrick on March 05, 2022, 02:24:59 AM

Do not use a universal password to enter all sites (exchanges, wallets, etc.)

This is such an undervalued step towards account security. There is no point in having a strong password that is impossible to brute force if you use the same password on multiple accounts. Only one of your accounts has to be leaked for all of your 'impossible to brute force' accounts to be compromised.

I think it is safe to say that there should be an universal basic rule of password creation: at least 12 characters containing upper and lower case alphabet + numbers and symbols. Mine are typically at least 15 characters long, with many of my sensitive accounts having over 20. Since all my passwords are randomly generated and almost impossible to remember anyway, the only annoying part is having to type a long password out.

Quote from: Pmalek on March 05, 2022, 02:54:26 AM

'accident' is easier to crack than 'gltrozxu' even though both examples are passwords with only lowercase numbers. I doubt the second example can be instantly bruteforced.

I have always wondered, if this is the case then how about '4accident9@!' versus '4gltrozxu9@!'? Is it still easier to crack the former just because of the brute force English words list?

-
Regards,
PrivacyG

aoluain

legendary

Activity: 2436

Merit: 1362

^
Its a nice visual chart though and highlights the necessity to have a complex
password structure.

Quote from: Symmetrick on March 05, 2022, 02:24:59 AM

But also remember the simple truths:

Do not use words or a set of numbers as passwords
Do not use automatic password generators, it is better to come up with a complex password yourself, it may be easier to remember it.
Do not use a universal password to enter all sites (exchanges, wallets, etc.)
Do not store your passwords in the cloud and on Internet sites
Do not store your passwords in a text document on your computer desktop

I really hope in this day and age that people know and/or are conscious of
those points above. I hope people have really gotten away from "password" and "qwerty1"
passwords

ABCbits

legendary

Activity: 2870

Merit: 7490

Crypto Swap Exchange

Quote from: pooya87 on March 05, 2022, 03:47:55 AM

--snip--

In any case, I'm not trying to say "use small passwords" but the point is that you should also try to take a look at what algorithm you are using. I'd say a 10-char long BIP38 encryption password is a pretty strong one since you'd need a tremendous amount of computing power to break it.

While i agree with flaws of the chart, how many people know the name of used algorithm (let alone how secure is it)? Using longer password by default is safer option, especially for website which need to consider available CPU resource.

mk4

legendary

Activity: 2870

Merit: 3873

Paldo.io 🤖

Quote from: pooya87 on March 05, 2022, 03:47:55 AM

*snip*

Yep! This graphic sure definitely over-simplified things to the point that we could probably somewhat call it inaccurate, but I guess what's important is that they dumbed it down enough and got the point across for most newbies to easily grasp. Short passwords = bad, long passwords with complexity = good.

pooya87

legendary

Activity: 3472

Merit: 10611

There is a flaw to numbers like this which is they don't mention what encryption algorithm they belong to.

Take BIP38 for example, which is an encryption scheme used for bitcoin private keys. Brute forcing it is extremely slow and even a password with 4 or 5 letters (no number, no symbol) would take hours to crack whereas the picture here suggests "instantly".
In fact someone ran an experiment a couple of years ago and the one with 6 random characters was not cracked in 2 years and finally the owner moved the funds.

On the other hand a simpler/faster encryption algorithm could take far less time to brute force. Or worse, algorithms that are not designed for security like the "passphrase" used in BIP39 to extend the seed phrase.

In any case, I'm not trying to say "use small passwords" but the point is that you should also try to take a look at what algorithm you are using. I'd say a 10-char long BIP38 encryption password is a pretty strong one since you'd need a tremendous amount of computing power to break it.

ANSEL_2.0

member

Activity: 271

Merit: 14

I can relate, I'm running three email accounts on my phone and days back someone tried to log into my email account and the only thing stopping them is different location the hacker tried to log in from and my recovery email account, once location is different Gmail will sent a code to your recovery gmail account, I use words for that Gmail account I guess that's why they get my password easily.

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: Symmetrick on March 05, 2022, 02:24:59 AM

This is a good reminder that a strong password doesn't have to be simple to avoid being brute force and cracked. Use complex passwords with different sets of numbers, symbols, uppercase and lowercase letters.

More precisely, it can't be simple because it's instantly hackable judging by the information provided in the table. A password made up of only numbers can be instantly hacked even if it has 11 characters. The same rules apply to anything with lowercase letters of 8 characters or less.

I can't comment on the accuracy of the provided information and whether or not it's that easy. But there surely has to be a difference between using dictionary words and using random characters. 'accident' is easier to crack than 'gltrozxu' even though both examples are passwords with only lowercase numbers. I doubt the second example can be instantly bruteforced. I also think you would be safer with non-English words than English words in a password, if you absolutely have to use them.

I think that the timeframes are a bit too optimistic here.

Symmetrick

hero member

Activity: 517

Merit: 11957

ㅤ

Topic: ㅤ (Read 221 times)