Dumb question time (1 Viewer)

[ShiftZZ]

Most passwords these days are limited to a small number of attempts before you are locked out.
Does that mean that brute force hacking is dead,
If not, how do hackers get in?

My old Facebook page was hacked and Facebook did nothing to help, my password I thought was a good one, so how was it done,

 

[L' Hobo]

I'm told, all computer systems have a back door but what do I know, best ask Horizon?

 

[scotjimland]

No idea Dave.. I thought cyber security was your field of expertise ?

you say old account.. assume it didn't have 2 factor authentication

passwords should be at least 12 characters long and include a mix of upper and lowercase letters, numbers, and symbols..

I also use 2 factor authentication (if available,) pain at times but gives a bit more protection.

and last, change passwords every few months .. especially on buying sites like Amazon..

 

[steve69]

I also use 2 factor authentication (if available,) pain at times but gives a bit more protection.

Fully agree there....Saves you having to change your password more frequently than you care to.

 

[PP Bear]

Have a look through this video and see how easy some passwords are to hack.

The longer the password, especially when mixed with upper case, lower case and special characters, the harder to crack.

^{_{Subscribers  do not see these advertisements}}

 

[steve69]

Have a look through this video and see how easy some passwords are to hack.

The longer the password, especially when mixed with upper case, lower case and special characters, the harder to crack.

View attachment 893100

Bit of a contradiction there.
If Hackers can see your password, then they won't have to take 7 million years to crack it, surely?

 

[PP Bear]

Bit of a contradiction there.
If Hackers can see your password, then they won't have to take 7 million years to crack it, surely?

But that’s the point and illustrated in the video, where the software couldn’t hack on the passwords if it’s complex.

 

[dna]

but as ShiftZZ said, if the target system locks the account after 3 or 4 wrong attempts, how does the hacker / hacking system keep trying different passwords?

 

[eddie]

Apparently 1234567 is most commonly used

I defeated the hackers by reversing this

7654321

It’s worked so far

 

[TheBig1]

The most common way hackers grab passwords these days is via malware that intercepts the password and user name as you send the log in. This is why 2 factor authentication is essential as they will not have access to a second device.

^{_{Subscribers  do not see these advertisements}}

 

[dna]

Apparently 1234567 is most commonly used

I defeated the hackers by reversing this

7654321

It’s worked so far

can you just confirm the email address you use and which banking websites it works on please - I'm feeling (tired) lazy so if you wouldn't mind saving me the effort of having to try a few (purely for research purposes obviously) . Thanks

 

[daventess]

Most passwords these days are limited to a small number of attempts before you are locked out.
Does that mean that brute force hacking is dead,
If not, how do hackers get in?

My old Facebook page was hacked and Facebook did nothing to help, my password I thought was a good one, so how was it done,

More often than not, whole databases of passwords are stolen from less secure and often smaller company servers. The criminals then have all the time and attempts in the world to try and crack them using a multitude of techniques. The logs to my servers show that bombarding sites does still go on, and is probably successful sometimes for very weak passwords.

Re facebook, that's less likely. Often passwords are repeated across sites, so if they stole a password database from xxx ltd, they will try those passwords everywhere they can.

And you'd be amazed at how many impossible to guess phrases from film, tv and literature have been used a thousand times by other people ...

 

[nicholsong]

Most passwords these days are limited to a small number of attempts before you are locked out.
Does that mean that brute force hacking is dead,
If not, how do hackers get in?

My old Facebook page was hacked and Facebook did nothing to help, my password I thought was a good one, so how was it done,

Dave, nice to see a post from you again

I might give you a call soon.

Geoff

 

[Gromett]

Most passwords these days are limited to a small number of attempts before you are locked out.
Does that mean that brute force hacking is dead,
If not, how do hackers get in?

My old Facebook page was hacked and Facebook did nothing to help, my password I thought was a good one, so how was it done,

How hackers do this is pretty straight forward. They use a botnet.
This is a network of separate but linked computers. They are usually always hacked servers but some are based on infected windows computers.

How it works is this. The master controller will send a list of URL's to each server in the bot net alongside a bunch of usernames and passwords.
Each bot in the network will then try 2 times at each url using each username with a password. They will repeat this process periodically.
With a botnet of says 5,000 computers. That is 10,000 attempts per hour with no username/password pair being tried more than twice.

From the servers point of view, they are seeing 2 failed attempts at a login from a single IP address for each username.

 

[Gromett]

PS: One of the checks my software does is look for failed logins from the same IP across multiple accounts. Then I firewall that IP. It stops 1,000s of attempt an hour.
It tends not to affect clients because if they have 2 accounts they have never so far tried to login with bad passwords twice on 2 different accounts.

^{_{Subscribers  do not see these advertisements}}