31 replies to this topic

[okuRaku]

I was gonna mention what actellim posted, to a program that is brute forcing your login, it does not care what the characters are, it will try every possible combination up to a certain length. They don't have little asian people manually typing in common passwords. Length is all that really matters ( )

Also, never download anything or go to untrusted sites on your gaming computer, I have never used an anti virus and have never been hacked because I always use my older computers for torrents etc.

I actually spent some time reading the xkcd forum thread for that comic for more info. The truth is that real password crackers are fairly intelligent and aren't fooled at all by replacements like o=0 t=7 etc. The fact that they don't only look at single characters is why a dictionary attack is so powerful. However, if you use 4+ words, given the number of words available in english, the complexity becomes sufficiently high to guess even with a dictionary. If you go to 5+ words you can even use very common words. Throw some foreign language words or just uncommon ones (from fiction books or sci-fi or whatever that are still easily remembered) and 4 is extremely safe.

[Amoner]

Plus it seems that people are over-complicating things. Your guild wars account or wow account is unlikely to become a target for the brute-force attack. Amount of work that goes into that sort of acquiring someone's password is extremely nonefficient when you compare it to other ways to get the job done.

A majority of people that do lose the control over their accounts are the themselves to be blamed. They do it by either catching a keylogger, which doesnt care how many characters or what kind of characters you are using, by following a link and typing in their information themselves, an extremely easy a dumb way, but you wont believe how many people actually bait for letters from GM's and Blizzard Officials. So in 99% of the times that you will loose your password it is your own fault that a complicated password wouldn't save. In the other 1 percent it is likely to be an actual attack at the host-server that already has all of the information including the password.

So the best way to protect your passwords is to be careful with where you type in your information, who do you share it with and what you download on your computer.

[AetherLemmie]

Question: Do dictionary attacks cover the reverse spelling of the words? and brand names?

[Nyr]

Question: Do dictionary attacks cover the reverse spelling of the words? and brand names?

Easily. It should take twice as long, which is not much, knowing that dictionary attacks are the fastest way to attack a password. And yes, most wordlists contain popular brand names.

[Orz]

Question: Do dictionary attacks cover the reverse spelling of the words? and brand names?

Absolutely. Also stay away from linear keyboard progression passwords as well such as:

cft6vgy7bhu8nji9

I can't believe how many people use these types of passwords... (no that isn't mine!)

[NoobieOne]

I take a word that I know I can remember and change it a few times for my password
For example if I wanted to make a password out of Legacy I might go

13gacy
13gaecwhy
gaecwhy13

and there you go a good random password
gaecwhy13

[Lockon]

updated OP. included Alucard & okuRaku's tip & info.

[Novem]

Was actually about to post this before I noticed it was already up . Orz has it right if you want to make sure nobody gets your password in the next thousand years, but having a longer password (which may or may not be complex) definitely makes for much stronger passwords.

tl.dr Use the following password so that I can go on it and make you dance like a chicken :
Happypandadanceslikechicken

Spoiler

Edit: Do we have [Spoiler] tag capabilities on this forum? maybe with a different code?

[Orz]

Yes you can use spoiler tags. I've edited your post to show you how.

Edit your own post and have fun!

[AetherLemmie]

Just bumping this thread for a question. Encoding your password once you have made it would be mostly safe as well right?

For example if they have a character limit for you password, you can choose one, caesar shift (cipher) it by a certain number, and then add that number to the end so you remember what to shift it by?

Maybe it is too difficult, but dictionary attacks don't cover that right?

[Nyr]

Just bumping this thread for a question. Encoding your password once you have made it would be mostly safe as well right?

For example if they have a character limit for you password, you can choose one, caesar shift (cipher) it by a certain number, and then add that number to the end so you remember what to shift it by?

Maybe it is too difficult, but dictionary attacks don't cover that right?

Correct, dictionary attacks don't cover substitution ciphers (appending a number alone would make it unlikely that your password is vulnerable to a dictionary attack).

[AetherLemmie]

Awesome, thanks Nyr.