Passwords only an idiot would use...

Here you can talk about everything that's offtopic.

Moderator: Dust

User avatar
Dust
The Boss
Posts: 9071
Joined: 01 Jan 1970 01:00
Contact:

Passwords only an idiot would use...

Postby Dust » 03 Nov 2012 23:08

http://arstechnica.com/information-tech ... st-common/
Burnett did an analysis of 6 million username and password combinations last year, and found that 91 percent of users had used one of the 1,000 most common passwords—with 99.8 percent using a password from the 10,000 most common.
Here's the ranking of the top ten most popular ones:
1 password
2 123456
3 12345678
4 abc123
5 qwerty
6 monkey
7 letmein
8 dragon
9 111111
10 baseball

Isn't it depressing? :/
I do what I think is right. But I don't think that what I think is right can not be wrong.
shiftnshape
Posts: 552
Joined: 14 Jun 2010 22:56
Location: Earth (normaly)
Contact:

Re: Passwords only an idiot would use...

Postby shiftnshape » 04 Nov 2012 01:25

OMG how did you get all my passwords ? only kiddig and people wonder why they have stuff stolen all ther time.


oppps noticed my n wasnt working.
User avatar
MindyMcfly
Die-Harder
Posts: 4283
Joined: 17 Dec 2007 19:47
Location: Nottingham, Midlands - Go Robin Hood!
Contact:

Re: Passwords only an idiot would use...

Postby MindyMcfly » 05 Nov 2012 10:03

people using the same email / login name & password for everything is bad too. Knew a few people who signed up for stuff using email and the same password for their email account and wonder why they were sending out spam mail.. lol
----------------------------------------

GM of Real-Life™

(\__/)
(='.'=)
(")_(")
User avatar
Tiel
Die-hard
Posts: 2146
Joined: 01 Jan 1970 01:00
Location: Utrecht, Netherlands
Contact:

Re: Passwords only an idiot would use...

Postby Tiel » 06 Nov 2012 10:37

I just don't register for every fricking site that demands a log-in from me. It's annoying how many demand this.
I have a special mail address for bullshit sites and spam that I register everything on, the fact that those passwords match I don't really care so much about. As long as the email pass is different.
I believe that phpbb stores them encrypted with salt, so I'm not too worried that Dust finds out mine :)

My passwords are a bunch of random chars, at least 12 digits. Just memorized it before I started using it. I don't like to rely on password tools like LastPass, but it can be very handy and I recommend it for idiots who use simple passwords.
User avatar
MindyMcfly
Die-Harder
Posts: 4283
Joined: 17 Dec 2007 19:47
Location: Nottingham, Midlands - Go Robin Hood!
Contact:

Re: Passwords only an idiot would use...

Postby MindyMcfly » 06 Nov 2012 11:51

Problem is that more and more things are relying on user name/passwords and server side autentication.

In order to play Max Payne 3 - I needed steam login and rockstar pass to play, same with From Dust, GTA4 etc.. etc..
----------------------------------------

GM of Real-Life™

(\__/)
(='.'=)
(")_(")
User avatar
Dust
The Boss
Posts: 9071
Joined: 01 Jan 1970 01:00
Contact:

Re: Passwords only an idiot would use...

Postby Dust » 06 Nov 2012 19:46

At the moment I use a few highly secure passwords (12 to 16 random characters), but not one per account, there are just too many of those...

I try to tier them into groups: One password for high-value encryption and system login, one password for online banking, one password for forums, one for throwaway stuff. Ideally, I'd use a tool like LastPass, but I can't bring myself to rely on something like that yet...
I do what I think is right. But I don't think that what I think is right can not be wrong.
User avatar
Gyon
Die-hard
Posts: 1780
Joined: 22 Mar 2008 21:38
Contact:

Re: Passwords only an idiot would use...

Postby Gyon » 06 Nov 2012 22:17

I just write them down on a spreadsheet..... email one stays in my head mind. bank ones inpossible to remember or count without having to write it down. that one kept in an even less secured place in case spreadsheet get corrupted.even tho i am organised, i still find myself unable to log on places as dont remember password. I totally hate this pw culture. honestly who can remember 150 pw at any given time?? enough to deal with the day to day ones...
dust. invent something else to replace passwords please :)
Image
User avatar
Tiel
Die-hard
Posts: 2146
Joined: 01 Jan 1970 01:00
Location: Utrecht, Netherlands
Contact:

Re: Passwords only an idiot would use...

Postby Tiel » 07 Nov 2012 09:29

For banking no one has a password in Holland. Authentication is either with SMS or a bank card reader.
User avatar
MindyMcfly
Die-Harder
Posts: 4283
Joined: 17 Dec 2007 19:47
Location: Nottingham, Midlands - Go Robin Hood!
Contact:

Re: Passwords only an idiot would use...

Postby MindyMcfly » 07 Nov 2012 10:56

Some banks use password and pin protection or send a usb card reader.

Biometrics is still being pushed as a replacement for passwords, scary thought that some scabby website could keep info on your thumb print or iris. :?
----------------------------------------

GM of Real-Life™

(\__/)
(='.'=)
(")_(")
User avatar
Dust
The Boss
Posts: 9071
Joined: 01 Jan 1970 01:00
Contact:

Re: Passwords only an idiot would use...

Postby Dust » 07 Nov 2012 16:34

Biometrics and SMS verification are stupid as first factor. For biometrics, how do you possibly prevent copying? What happens if someone leaks your biometrics? (Which happens with passwords with great regularity...)
SMS almost as bad, they are easily sniffable and fakeable.

My bank uses a password and a one-time use code. Others here use RSA Tokens like we use for WoW, or smart cards with query-response code generation. SMS as second factor instead of a one-time-use code exists, but I don't think it's secure. And it certainly can not replace a first factor.
I do what I think is right. But I don't think that what I think is right can not be wrong.
User avatar
Dust
The Boss
Posts: 9071
Joined: 01 Jan 1970 01:00
Contact:

Re: Passwords only an idiot would use...

Postby Dust » 20 Mar 2013 22:33

Seems the password list was put to good use :)

Someone built a gigantic 400k node botnet just from machines with user account admin or root and password admin or root, respective... and scans the internet with it :)

http://internetcensus2012.bitbucket.org/paper.html
http://arstechnica.com/security/2013/03 ... addresses/
I do what I think is right. But I don't think that what I think is right can not be wrong.

Who is online

Users browsing this forum: No registered users and 1 guest