If you are interesting in what crackers do? Password Cracking information.

Discussion in 'Computers' started by Gromett, Oct 8, 2013.

  1. Gromett

    Gromett Funster

    Joined:
    Feb 27, 2011
    Messages:
    7,939
    Likes Received:
    13,990
    Location:
    UK
    There has been a series of interesting articles on ARS Technica over the last few years. The latest one was one I though worth sharing on here.

    http://arstechnica.com/security/201...eling-the-next-frontier-of-password-cracking/

    The previous one just over a year ago was the one that made me move to totally random passwords generated by LastPass.
    http://arstechnica.com/security/2012/08/passwords-under-assault/

    Just to give you some awareness of why I now use a different and random password on each site I go to.
    I run a small hosting company and periodically through the year a couple of my clients accounts get exploited. Due to my security setup all the problem I have seen over the last 2 years have been because clients have reused passwords which have been on sites that have been hacked or they have used really weak easily guessed passwords. For example one client had his email account used in an attempt to send of 1 million pharmacy spam emails. I actually had a long chat with this client and he finally clicked that 3 months prior he had been notified that a forum he had been a member of was hacked. He used the same password for all his internet accounts and the same email address.

    I recommended that as he has his own domain that he adds an email alias for each account he wants to keep and sets up a new password for each one...

    For instance
    amazon123@mydomain.com
    ebay492@mydomain.com

    I have set the domain to mydomain.com to protect his identity.

    The three digit numbers are there to prevent a hacker from guessing what his other email addresses for logins are based on the domain he is accessing.

    Using a different email address and a unique password for each account means that if another site or forum is hacked the hackers will not automatically have access to the login credentials to any other site.

    The other advantage of using multiple email addresses is that if he receives a spam email he can tell who gave his email address away. If he wants to continue to be a member of that site he can setup a new email address changing companyname123@ to companyname324@ and he only needs to update this on one website rather than 10's or 100's.

    Anyway, if like the vast majority of people you don't have your own domain then I would strongly recommend using something like LastPass and going through all your accounts especially the important ones and changing the password to something generated by LastPass.

    After all if "Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn1" is an easily crackable password that is in the crackers dictionary guess how easy "myRa4d0mPa55wd" is?

    Sorry to have rattle on....
     
    • Like Like x 2
  2. jhorsf

    jhorsf Read Only Funster

    Joined:
    May 15, 2009
    Messages:
    9,157
    Likes Received:
    8,067
    Location:
    DERBYSHIRE
    WHOOOOOSH​


    that was the sound of something going over my head:Rofl1:
     
    • Like Like x 1
  3. Gooney

    Gooney Funster

    Joined:
    Jun 2, 2010
    Messages:
    4,759
    Likes Received:
    7,772
    Location:
    Flintshire

    Bloody amazing, how on earth did you find my password?:Rofl1:
     
  4. mitzimad

    mitzimad Funster

    Joined:
    Jan 28, 2008
    Messages:
    2,967
    Likes Received:
    3,308
    Location:
    walthamstow east london
    i once downloaded a passwork safe thing but couldnt work out how to use it
     
  5. Carol

    Carol Funster Life Member

    Joined:
    Oct 2, 2007
    Messages:
    10,353
    Likes Received:
    14,783
    Location:
    North Wales.
    Think its a good reminder to a least change our passwords regularly, thanks Karl.
     
  6. Snowbird

    Snowbird Funster Life Member

    Joined:
    Apr 24, 2009
    Messages:
    10,140
    Likes Received:
    16,389
    Location:
    Liverpool.
    Agree with you Gromett.

    Outlook.com (used to be hotmail) allows 'aliases', these are e-mails you can't log into but which forward to a folder in your primary e-mail. Very useful for this purpose - no extra passwords to remember and they can try to hack them all they want... they don't have a password! I'm sure google and yahoo do something similar.

    Everybody except the consumer hates this though so it's usually a right pain to get working. Companies on the internet have to make money and they do that by storing each and every thing you do, hunting down your credentials, selling them and then trying to sell things to you.

    Not worth going over the top with changing passwords and generating passwords for every site under the sun! Just have tiers of passwords:
    - Your e-mail is your life, use a strong password.
    - Your bank is important, use a different strong password.
    - Shops that force you to register, use 1 password for all (no, you should never save your credit card and for stores like amazon make sure you remove the saved card from your account after every transaction, if they don't like this just register a bogus card and don't spend on it - that'd be theft)
    - Forums, use 1 simple password for all... if somebody wants to post spam under your name good luck to em!

    Still, passwordless ssh logins are the way to go when something really matters - my supercomputer access :thumb:.

    (Posted by Ste, not Dave)
     
Loading...

Share This Page