fantomas Posted July 2, 2013 Share Posted July 2, 2013 Are you hackable or uncrackable? The weakness of our passwords is an old problem, and especially widely underestimated. Between bad practices and improvement of cracking technics, 2013 may be particularly devastating in terms of intrusion and hacking. An example of a password often used: 4.7% of users have "password" as a password 8.5% of users have "password" or "123456" as a password 9.8% of users have "password", "123456" or "12345678" as a password According to the Deloitte Annual Report (TMT Predictions 2013), in 2013, 90% of passwords will be vulnerable. Given the using duration of a password (often several years), and the growing potential cracking solutions, it be better to choose a secure and sustainable password. To do this, it must be: Long (at least 15 characters) Complex (lowercase, uppercase, numbers, special characters) Unable to find such in a dictionary (French, English, proper names, encyclopedia, logical sequences, etc.). Easy to remember, but only you Difficult deductible by a third secret And you? You still think your password protects access to your account (email, social network, etc.)?To find out, here is an Intel passwords tester (among many others that can be found on the net): Test your password original topic 3 Link to comment Share on other sites More sharing options...
A.I.Ghost Posted July 3, 2013 Share Posted July 3, 2013 A simple guide to strong password protection for those, who do not want to (or for some reason incapable of) remember all the different kinds of passwords. 1. Use password manager that, 1.0 saves password information (login, password, webpage / application) and encrypts this data with master password. 1.1is available on all your devices (e.g. OSX, Windows, iPhone...) 1.2 allows for easy synchronisation over devices, while being still encrypted with master password. 1.3 provides random password generator 2. Choose master password to be long, hard to guess, but easy to remember, for example a whole sentence "th1s IS my m4ster p@ssword sentence, yay!" (use punctuation, numbers, small/large characters, imagination ) 2.1 NEVER, EVER use master password anywhere in the world 3. generate arbitrary long passwords with full set of different characters with your manager software each time new for each new login/registration/website etc. and save them with this manager. You'd ask why? Simple, websites are sometimes compromised and password data is stolen, see the latest news on Ubisoft for example. If you use same password everywhere... you got the idea. 3.1 NEVER, EVER use any online password generator. You don't know who's eavesdropping, even if the website admin is honourable enough not to save those generated passwords. That's why "1.3" Even if such software will cost you $$, it is still worth it. I deliberately am not providing links so this does not look like advertising. There are several option available. A little edit to support password management: CONGRATULATIONS! It would take about 4.427207280849075e+54 years to crack your password. Poor online checker... 3 Link to comment Share on other sites More sharing options...
Alessandro17 Posted July 4, 2013 Share Posted July 4, 2013 My password: CONGRATULATIONS!It would take about 105095 years to crack your password. With a simple (for me) change, it would take 27011549888721190 years to crack it 1 Link to comment Share on other sites More sharing options...
fantomas Posted July 4, 2013 Author Share Posted July 4, 2013 here: CONGRATULATIONS! It would take about 15008230 years to crack your password. 1 Link to comment Share on other sites More sharing options...
Alessandro17 Posted July 4, 2013 Share Posted July 4, 2013 I changed mine, I have the billions years one now (27011549888721190) 1 Link to comment Share on other sites More sharing options...
verdant Posted July 4, 2013 Share Posted July 4, 2013 There are free off-line computer based strong password generators available that employ your web browser Javascript functionality.......for example: http://www.kurtm.net/wpa-pskgen/ 1 Link to comment Share on other sites More sharing options...
Alessandro17 Posted July 4, 2013 Share Posted July 4, 2013 Yes, but I would never remember a random password, while I easily remember a pass phrase which makes sense only to me and to nobody else. 1 Link to comment Share on other sites More sharing options...
WaldMeister Posted July 4, 2013 Share Posted July 4, 2013 Have fun. CONGRATULATIONS! It would take about 2220152504 years to crack your password. I'll give a hint. I have supported this company on technical issues, it has an ! in it, and the phone number of my grandmother in some country. But this was my old password, the new one includes my social security number and what not. 5979516190480 years Link to comment Share on other sites More sharing options...
fantomas Posted July 4, 2013 Author Share Posted July 4, 2013 There are free off-line computer based strong password generators available that employ your web browser Javascript functionality.......for example: http://www.kurtm.net/wpa-pskgen/ I changed mine with Maximum WPA Security (63 Characters) CONGRATULATIONS! It would take about 2.850706367461684e+73 years to crack your password. you can use this password meter to measure your password strength 1 Link to comment Share on other sites More sharing options...
verdant Posted July 4, 2013 Share Posted July 4, 2013 Yes, but I would never remember a random password, while I easily remember a pass phrase which makes sense only to me and to nobody else. I use such a Javascript random password generator in two ways: 1) Use its Maximum WPA Security (63 Characters) setting to generate a WPA2 password for my WiFi modem/routers that I do not need to continually remember..... 2) Use its Custom function to generate memorable groups of random characters that I manually combine in a longer sequence that I will remember...... This is because the memorable pass phrases that I make up all on my own may not be random enough, as I could be drawing on events and/or dates in my life that other people are also fully aware of (even if I think they are not) and/or using character groups that may be close enough to some "word" in some "language" dictionary, e.g. a Klingon word etc. for a stochastic / sequential word search approach to crack....... Link to comment Share on other sites More sharing options...
buoo Posted July 5, 2013 Share Posted July 5, 2013 Learn from me 4 Link to comment Share on other sites More sharing options...
fantomas Posted July 5, 2013 Author Share Posted July 5, 2013 1 Link to comment Share on other sites More sharing options...
cochon Posted July 5, 2013 Share Posted July 5, 2013 Well I used AppleScript to generate my own password [AppleScript]set pwLength to 10 as integerset res to ""repeat pwLength times set res to res & some item of "abcdefghijkmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ0123456789"end repeatset the clipboard to resreturn resdisplay dialog res[AppleScript] Cheers 1 Link to comment Share on other sites More sharing options...
necrophagous Posted July 9, 2013 Share Posted July 9, 2013 one of my password took 3.250770842564056e+55 years oh and i used to be one of the people using the word 'password' as a password Link to comment Share on other sites More sharing options...
fantomas Posted July 9, 2013 Author Share Posted July 9, 2013 with 'TonyMacX86' as a password, I have this: OH NO! It would take about 3 weeks to crack your password. with 'InsaNelyMac', I have this: CONGRATULATIONS! It would take about 12 years to crack your password. we are good!!! we are good!!! 1 Link to comment Share on other sites More sharing options...
Alessandro17 Posted July 10, 2013 Share Posted July 10, 2013 I believed you were joking, but it is true, even if you write it "InsanelyMac". I wonder how this is possible 1 Link to comment Share on other sites More sharing options...
A.I.Ghost Posted July 10, 2013 Share Posted July 10, 2013 That's how. They check it with javascript, calculate entropy (at least how it is called here in the script): From scripts point of view, "entropy" of "InsaNelyMac" is 26^8 * 26^3, whilst "TonyMacX86" is 26^5 * 26^3 * 10^2 = 26^8 * 10^2 Stupid. Edit. Oh snap, forum auto-censorer censored some profanity words in "top passwords" parameter Edit2. I've removed the "top password" list as forum was not reacting to it kindlly. You can see it here. String.prototype.hackability = function() { var toppasswords = /long long long long long list of passwords i have erased/g; var str = this.replace(toppasswords, "a"); function char_count(regex) { var matches = str.match(regex); return matches ? matches.length : 0; } function time_to_words(seconds, translation) { translation = translation || 'en'; var translations = { en : { second : "%d second", minute : "%d minute", hour : "%d hour", day : "%d day", week : "%d week", month : "%d month", year : "%d year", seconds : "%d seconds", minutes : "%d minutes", hours : "%d hours", days : "%d days", weeks : "%d weeks", months : "%d months", years : "%d years" } } var strings = translations[translation]; function sub(unit, number) { console.log(unit, number); if (number == 1) { return strings[unit].replace(/%d/i, number); } else { return strings[unit + 's'].replace(/%d/i, number); } } var minutes = (seconds / 60); var hours = Math.floor(minutes / 60); var days = Math.floor(hours / 24); var weeks = Math.floor(days / 7); var months = Math.floor(days / 30); var years = Math.floor(days / 365); var words = seconds < 60 && sub('second', seconds) || minutes < 60 && sub('minute', minutes) || hours < 24 && sub('hour', hours) || days < 7 && sub('day', days) || days < 30 && sub('week', weeks) || months < 12 && sub('month', months) || sub('year', years); return "about " + words; } // num of lowercase (entropy = 26) var lowercase_chars = char_count(/[a-z]/g); // num of uppercase (entropy = 26) var uppercase_chars = char_count(/[A-Z]/g); // num of digits (entropy = 10) var digit_chars = char_count(/[0-9]/g); // num of everything else (entropy = 32) var special_chars = char_count(/[^a-zA-Z0-9]/g); var lowercase_bits = uppercase_bits = 26; var digit_bits = 10; var special_bits = 32; //potentially var entropy = Math.pow(lowercase_bits,lowercase_chars) * Math.pow(uppercase_bits,uppercase_chars) * Math.pow(digit_bits,digit_chars) * Math.pow(special_bits,special_chars); var entropy = entropy /2; var _std_comp_power = 2 * Math.pow(2, 33); var hours = entropy / _std_comp_power; var result = {}; result.seconds = (Math.floor((hours) * 36000000))/10000; result.time_to_words = time_to_words(result.seconds); result.message = hours > 24*365*1000 ? "Congratulations! It would take " + result.time_to_words + " for a PC to hack your password!" : "Oh no! It would only take " + result.time_to_words + " for a PC to hack your password!" return result; } Link to comment Share on other sites More sharing options...
Jeroen Mathon Posted July 12, 2013 Share Posted July 12, 2013 I mixed up Japanese IME Hiragana + Katakana and Normal Alphabetical letters in my password try cracking that > 2 Link to comment Share on other sites More sharing options...
verdant Posted July 23, 2013 Share Posted July 23, 2013 This is a helpful Javascript password strength checker: http://www.passwordmeter.com/ 1 Link to comment Share on other sites More sharing options...
Alessandro17 Posted July 23, 2013 Share Posted July 23, 2013 Unsurprisingly mine is very strong. It is a complex pass-phrase. As to "InsanelyMac" it is very weak, unless you add a few special characters. Link to comment Share on other sites More sharing options...
Recommended Posts