What's New

If you are interesting in what crackers do? Password Cracking information. (1 Viewer)

Gromett

Gromett

Feb 27, 2011
14,708
75,730
UK
Funster No
15,452
MH
Self Build
Exp
Since 2005
There has been a series of interesting articles on ARS Technica over the last few years. The latest one was one I though worth sharing on here.

http://arstechnica.com/security/201...eling-the-next-frontier-of-password-cracking/

The previous one just over a year ago was the one that made me move to totally random passwords generated by LastPass.
http://arstechnica.com/security/2012/08/passwords-under-assault/

Just to give you some awareness of why I now use a different and random password on each site I go to.
I run a small hosting company and periodically through the year a couple of my clients accounts get exploited. Due to my security setup all the problem I have seen over the last 2 years have been because clients have reused passwords which have been on sites that have been hacked or they have used really weak easily guessed passwords. For example one client had his email account used in an attempt to send of 1 million pharmacy spam emails. I actually had a long chat with this client and he finally clicked that 3 months prior he had been notified that a forum he had been a member of was hacked. He used the same password for all his internet accounts and the same email address.

I recommended that as he has his own domain that he adds an email alias for each account he wants to keep and sets up a new password for each one...

For instance
amazon123@mydomain.com
ebay492@mydomain.com

I have set the domain to mydomain.com to protect his identity.

The three digit numbers are there to prevent a hacker from guessing what his other email addresses for logins are based on the domain he is accessing.

Using a different email address and a unique password for each account means that if another site or forum is hacked the hackers will not automatically have access to the login credentials to any other site.

The other advantage of using multiple email addresses is that if he receives a spam email he can tell who gave his email address away. If he wants to continue to be a member of that site he can setup a new email address changing companyname123@ to companyname324@ and he only needs to update this on one website rather than 10's or 100's.

Anyway, if like the vast majority of people you don't have your own domain then I would strongly recommend using something like LastPass and going through all your accounts especially the important ones and changing the password to something generated by LastPass.

After all if "Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn1" is an easily crackable password that is in the crackers dictionary guess how easy "myRa4d0mPa55wd" is?

Sorry to have rattle on....
 
Gooney

Gooney

Jun 2, 2010
4,924
11,289
Flintshire
Funster No
11,891
MH
Low profile
Exp
since 2010
Gromett said:
There has been a series of interesting articles on ARS Technica over the last few years. The latest one was one I though worth sharing on here.

http://arstechnica.com/security/201...eling-the-next-frontier-of-password-cracking/

The previous one just over a year ago was the one that made me move to totally random passwords generated by LastPass.
http://arstechnica.com/security/2012/08/passwords-under-assault/

Just to give you some awareness of why I now use a different and random password on each site I go to.
I run a small hosting company and periodically through the year a couple of my clients accounts get exploited. Due to my security setup all the problem I have seen over the last 2 years have been because clients have reused passwords which have been on sites that have been hacked or they have used really weak easily guessed passwords. For example one client had his email account used in an attempt to send of 1 million pharmacy spam emails. I actually had a long chat with this client and he finally clicked that 3 months prior he had been notified that a forum he had been a member of was hacked. He used the same password for all his internet accounts and the same email address.

I recommended that as he has his own domain that he adds an email alias for each account he wants to keep and sets up a new password for each one...

For instance
amazon123@mydomain.com
ebay492@mydomain.com

I have set the domain to mydomain.com to protect his identity.

The three digit numbers are there to prevent a hacker from guessing what his other email addresses for logins are based on the domain he is accessing.

Using a different email address and a unique password for each account means that if another site or forum is hacked the hackers will not automatically have access to the login credentials to any other site.

The other advantage of using multiple email addresses is that if he receives a spam email he can tell who gave his email address away. If he wants to continue to be a member of that site he can setup a new email address changing companyname123@ to companyname324@ and he only needs to update this on one website rather than 10's or 100's.

Anyway, if like the vast majority of people you don't have your own domain then I would strongly recommend using something like LastPass and going through all your accounts especially the important ones and changing the password to something generated by LastPass.

After all if "Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn1" is an easily crackable password that is in the crackers dictionary guess how easy "[HI]myRa4d0mPa55wd[/HI]" is?

Sorry to have rattle on....
Click to expand...


Bloody amazing, how on earth did you find my password?:ROFLMAO:

Subscribers  do not see these advertisements

 
Carol

Carol

LIFE MEMBER
Oct 2, 2007
14,048
111,970
North Wales.
Funster No
519
MH
A class
Exp
18 years s Motorhome (33years caravans)
Think its a good reminder to a least change our passwords regularly, thanks Karl.
 
Snowbird

Snowbird

LIFE MEMBER
Apr 24, 2009
11,818
22,345
Liverpool.
Funster No
6,422
MH
Fifth wheel.
Exp
Since 11-05-2000
Agree with you Gromett.

Outlook.com (used to be hotmail) allows 'aliases', these are e-mails you can't log into but which forward to a folder in your primary e-mail. Very useful for this purpose - no extra passwords to remember and they can try to hack them all they want... they don't have a password! I'm sure google and yahoo do something similar.

Everybody except the consumer hates this though so it's usually a right pain to get working. Companies on the internet have to make money and they do that by storing each and every thing you do, hunting down your credentials, selling them and then trying to sell things to you.

Not worth going over the top with changing passwords and generating passwords for every site under the sun! Just have tiers of passwords:
- Your e-mail is your life, use a strong password.
- Your bank is important, use a different strong password.
- Shops that force you to register, use 1 password for all (no, you should never save your credit card and for stores like amazon make sure you remove the saved card from your account after every transaction, if they don't like this just register a bogus card and don't spend on it - that'd be theft)
- Forums, use 1 simple password for all... if somebody wants to post spam under your name good luck to em!

Still, passwordless ssh logins are the way to go when something really matters - my supercomputer access :thumb:.

(Posted by Ste, not Dave)

Subscribers  do not see these advertisements

 

Join us or log in to post a reply.

To join in you must be a member of MotorhomeFun

Join MotorhomeFun

Join us, it quick and easy!

Join us

Log in

Already a member? Log in here.

Latest journal entries

Funsters who are viewing this thread

Total: 2 (members: 0, guests: 2)
Back
Top