Passwords: The not to use

[mammikoura]

now u guys are forgetting something. Hackers don't just try to gues the password. They use different programs, bruteforcers being quite common.
Doesn't matter if the password is Sparky (say the name of ur dog) or kaotvj the brute forcer doesn't care if it means anything or not.

And UK31337 as far as I know u are right, bruteforcers do usually start with letters, in the alphabetical order. But then again it really doesn't matter that much, if they can try for example 50 differnet passwords in one minute, it means that by starting it with a number instead of a letter would make it take about 1 min longer to crack. But the longer the password the longer it takes. And then there is also the dictionary attack, which is bruteforcing but instead of trying all different combinations it uses different words, so having like nfsuabauyife as the password makes it impossible for dictionary attacks to get through.

 

[Captain Pooka]

And this has been happened on myspace, I hate myspace by the way,
People hack your account and post bullitons advertising stuff... everybody was like, How are they getting my password? So I looked into it and found that alot of the links you click on in Myspace asks you to relog in.
So I made a post, send a message to tom and said, Check the address bar, if you are ever asked to relog in make sure it says login.myspace.com (or whatever) or just re-type in myspace.com.

and tom, being the bastard he is, Made a blog about it and said " I figured it out!" and basically copied everything I sent him and posted it as a blog thats on everyones main page. almost word for word
I hate Tom.

 

[Trivium Nate]

I use the same password for this site and evrey other sit except my myspace password is 6 letters and 3 numbers

 

[jon the noob]

Lol my friends or family would never hack me! I hope....


Yeah i might want to look into my passwords.. i use the same one or two for like everything


EDIT: Is bruteforcer.... legal? Dunno seems too dangerous for the publics hands

 

[xxc00lmanxx]

Hello any of you even know how to get a bruteforcers and work it?? Becuase i have a password that i lost a long time ago on a online game and could never find out what it was, so i just made a brand new account and had to start all over. Reading though this fourm made me rember about that and i would like to get that password so i can get back on XD if any of you know were to get one and how to use it i would be really happy. Thanks

 

[aff1993]

there is a random password generator, you are best off getting a thing it keep passwords

 

[secure_web]

Hi there,

When using the Internet, including Internet Banking, always try to use hard-to-guess passwords.

Remember the four (4) rules of passwords.
- Change passwords regularly
- Do not give out your password to anyone
- Do not choose a password that is easily identified with you
- Do not write your password down even if it is disguised.

Ensure you are the only person that knows your user access and password.

Other resources:

Protect your password file

Use a shadow password. Under a shadow password system, the /etc/passwd file does not have encrypted passwords in the password field. Instead, the encrypted passwords are held in a shadow file that is not world-readable. Consult your system manuals to determine whether or not a shadow password capability is available on your system and to get information on how to set up and manage such a facility.

Use a technology, such as one-time passwords or Kerberos, that does not rely on having passwords in the password file.
Source: cert.org

I hope this helps.

Elisabeth Ritz
Security consultant
Directory of Internet Security software

 

[rakedog]

Erm, realistically, if someone gets a hold of your password hash (computer, database, etc.), it doesn't make a damn difference how many numbers or letters are in there. Since it's all alphanumerical bruteforcing, (especially if they use a rainbow table), most of the posts here, I hate to say, are a false sense of security. And if you know anything about the LM hash on Windows, a longer password is not always better, because of how the algorithm works.

 

[spywarebanisher]

i dont care a thing about hackers. Once they hack my comp they will be met by the strongest army of anti hack material everhahahahaah

 

[lhamil64]

also beware of limewire it gives out passwords sometimes. LOL my friend got hacked because someone searched limewire for YAHOO and up popped his password in a text document LOL.