Your Password or mine?

Dear @Akito, as admin, you should have a secure enough password anyway. :wink:

Hint: akito123 isn’t.

3 Likes

The idea of 2FA might seem ridiculous
But 2FA protects us from being hacked up to some extent .Remember this method can be bypassed and there is nothing is 100 % safe .
It might protect us even if someone gets our password they won’t be able to bypass our accounts and do something mischievous .
Unless you’re a expert hacker you won’t be able to break 2FA systems

I would suggest just using German nouns for a password. They are easy to remember and of course very easy to spell:

Rindfleischetikettierungsüberwachungsaufgabenübertragungsgesetz

3 Likes

How about Wisenheimer!

How about…Donauschiffsffahrtkapitänsmütze

:))

Great choice. But remember to always make your passwords public for extra security, just as you did here.

If you want to be even more secure than that, you should paste it into all possible pastebin services.

1 Like

Your password is crackable better use symbols numbers , uppercase and lowercase characters
Otherwise Im learning how to use bruteforcing tools Ill better crack it

@Ute
Your pass is impossible to remember

No it isn’t!!!
It’s only a noun…nouns are easy to remember and this one is easy to spell!
XD

3 Likes

In at least some security materials (and I consider those that don’t include at least this) there are two big problems w/ short / weak passwords…

  1. Once a cracker gets ANY access to a site, it becomes easier to do any number of privilege escalation attacks to get higher level accesses, so potentially a weak password makes the entire forum less secure…

  2. People that don’t take security seriously by using strong passwords are also very likely to use the same password on multiple sites so if one site gets it’s list of logins swiped it weakens the security on every OTHER site that user is on… (There was a case of this in the military, a pentester cracked a low security site like the commissary, and used that list of logins to get into some high security sites on the same base…) There are even lists of known logins that are available on the Dorkweb to use in ‘dictionary attacks’

I do bad in that I keep a text file of passwords on my machines along w/ using the Firefox storage for them, BUT every site I visit uses a different password. I don’t trust password generators that run on other people’s computers (i.e. the FF generator) and instead I now use APG on my own machine. It has several modes and some have been deprecated, but the mode that uses /dev/urandom is about as secure as it gets… My default command line is:

apg -a1 -m12 -M SNCL -c /dev/urandom`
( <-a1 - random character> <-m12 - min length> <-M SNCL require special symbols,numbers, upper & lower case letters> <-c /dev/urandom - use /dev/urandom for the seed> ) this gives a list of 6 passwords and I pick one of them…

FWIW, every site I’ve used one of these passwords on gives me it’s best "strong’ rating…
The only problem I’ve run into is that some sites have security reducing limits on what they will accept for special characters… I either keep trying different words output by the default line, or edit the command appropriately…

BTW - German nouns are NOT particularly more resistant to dictionary attacks if the cracker is using a German dictionary… length is the only thing that helps when using those, and length is less effective when the set of possible solutions is reduced by needing to be in the dictionary…

ex-Gooserider

2 Likes

I’d say, @Ute wasn’t entirely serious when she mentioned the idea: I guess, it was more of a jokey reference to the length of compound nouns in German.

After all, ideas of full IT-security are nothing but Knabenmorgenblütenträume (phantasmagoric childhood dreams).

1 Like

If the dicitionary has simple German nouns in it, without any modifications and adjustments, it won’t help much in cracking the long ass German words, like the one you read of earlier.

Seems utteraly over-complicated. Why not use pwgen or secpwgen? Seems a lot easier.

That said, everything that is made “public” in the shell has also it’s insecurity implications.

1 Like

Perhaps I need to be more careful how I write things? Mina knew straight away that my suggestion was a “tongue in the cheek” idea and was not meant as a serious solution…but perhaps that is what we would call “weibliche_intution” (which I will now use a password but to make it more safe I will add 1988 at the end :))

I use this scrap of python to generate my passwords, the only bit of python I ever wrote / stole :

#!/usr/bin/env python3
# shamelessly stolen from https://bitbucket.org/delx/scripts/src/0ce6d4464673/passphrasegen

import random
import os

WORDS_FILENAME = os.environ.get("WORDS", "/usr/share/dict/words")
NUM_WORDS = 2
MAX_LEN = 9
MIN_LEN = 4

WORDS = open(WORDS_FILENAME)
WORDS = [word.strip().title() for word in WORDS]
WORDS = [word for word in WORDS if word.isalpha() and MIN_LEN <= len(word) <= MAX_LEN]

def generate():
        random_words = [random.choice(WORDS) for _ in range(NUM_WORDS)]
        random_number = random.randint(10, 100)
        return "-".join(random_words + [str(random_number)])

for i in range(10):
        print(generate())

I have another version where “NUM_WORDS” is “3”, and another with “4”… Note - I don’t understand enough about Python - but - the more words I use, the shorter the words… but it’s always longer than ‘MAX_LEN’ - I simply don’t understand enough about python to figure out how that works…

Just ran into a real PITA with MFA - one outlook web account I need to use for a customer, has 2FA - but I can’t make it use the Microsoft Authenticator, or even just SMS - EVERY SINGLE time I log in, I have to take a phone call! Ridiculous! WTF?

Everything else I have that uses two / multi factor authentication, uses an app - e.g. Microsoft Authenticator, or Symantec VIP… and I’ve used Google’s in the past (e.g. to manage Amazon AWS “cloud” infrastructure).

It’s a shame we have to do MFA and stuff, why can’t well just get along and trust one another? Peace Love and Understanding :smiley: :heart_eyes: :smiling_face_with_three_hearts: :pray: :heart_eyes:

3 Likes

How about mixing languages? I know a few words in Latin, Malagasy, Hawaiian and Mohawk. I wonder how long it would take to brute force that.

The answer is obviously to use the languages you suggested and then insert every second letter a Chinese letter and every 5th a Russian letter
Just to make it 100% safe, after 100 letters do this:

_1988 (your birth year)

:slight_smile:

3 Likes