+ Reply to Thread
Page 1 of 2 1 2 LastLast
Results 1 to 20 of 29

Thread: Computer password security: How the pros hack passwords.

  1. Link to Post #1
    United States Administrator ThePythonicCow's Avatar
    Join Date
    4th January 2011
    Location
    North Texas
    Language
    English
    Age
    76
    Posts
    28,579
    Thanks
    30,499
    Thanked 138,429 times in 21,488 posts

    Default Computer password security: How the pros hack passwords.

    Here is the most informative (and rather technical) article I've seen on how the security pros hack passwords, getting from the encrypted password stored on most web servers (such as Avalon and your bank), to your original password. It shows well what kinds of passwords are more resistant to such attacks.

    To be safer, passwords that are on limited character sets, such as all upper case, or all lower case, or all one case plus numbers, as well as passwords that contain any common words or l33t speak variants of common words, ... all such passwords would need to be longer. One such password, qeadzcwrsfxv1331, with 12 lower case letters plus 4 following numbers, was among those cracked in less than a day by one pro.

    Passwords using purely randomly selected characters, with a mix of upper, lower, numeric and special symbol characters, would be quite resistant to such attacks with as few as perhaps a dozen characters.

    Any hacker with one good programmable graphics card can quickly crack any password, no matter how insanely random and how well mixed the upper and lower cases, numbers and special symbols, if that password is only six characters long.

    Several experts comment in the article on what they personally do to secure passwords. Each expert has their own take on it, and their own favorite way of handling it.

    The three methods I've used in the last few years:
    • Send myself an encrypted email, with a growing list of my passwords. One needs to use strong encryption to get away with this, and to know what one is doing.
    • For several years, I used http://passwordmaker.org/.
    • In the last year, I've switched to using https://lastpass.com/, which has a more refined interface.
    For my important accounts, I don't use the builtin (and likely quite excellent) password generators from passwordmaker or lastpass, but rather I have coded my own password generator that takes several sources for random numbers, both local to my computer and off the Internet, and blends them together, taking their SHA512 sum and converting to a mixed upper/lower case plus numbers Base 64 character set.

    Here is one such password generated by my custom tool:
    Code:
    mRrzM7k2WxzE2wOyi/YGeTWi42OeZdp9ktFIeAiveVV5Z/EzjmPytVbypFluu64MU497GfhfKwmPNG0lJetbJ
    (To be clear, I don't expect any sane person to replicate such a password generator tool, nor need they. I'm just showing off with the above long password example.)

    None of these methods are guaranteed. If the NSA decides I am public enemy number one (or, more likely, illuminati enemy number one), then all my secrets will be compromised, including what is only in my mind and never written down, about 5 seconds after the water boarding begins.

    Here is the first part of the three part article: Anatomy of a hack: How crackers ransack passwords like “qeadzcwrsfxv1331” -- ArsTechnica

    The article begins:
    In March, readers followed along as Nate Anderson, Ars deputy editor and a self-admitted newbie to password cracking, downloaded a list of more than 16,000 cryptographically hashed passcodes. Within a few hours, he deciphered almost half of them. The moral of the story: if a reporter with zero training in the ancient art of password cracking can achieve such results, imagine what more seasoned attackers can do.

    Imagine no more. We asked three cracking experts to attack the same list Anderson targeted and recount the results in all their color and technical detail Iron Chef style. The results, to say the least, were eye opening because they show how quickly even long passwords with letters, numbers, and symbols can be discovered.
    Last edited by ThePythonicCow; 19th July 2013 at 18:49.
    My quite dormant website: pauljackson.us

  2. The Following 44 Users Say Thank You to ThePythonicCow For This Post:

    Agape (20th July 2013), Anchor (21st July 2013), aranuk (19th July 2013), AwakeInADream (19th July 2013), BrianEn (19th July 2013), Calz (19th July 2013), Carmody (20th July 2013), CdnSirian (22nd July 2013), Christine (19th July 2013), cursichella1 (24th July 2013), Eram (19th July 2013), Flash (19th July 2013), Fred Steeves (20th July 2013), Griff (19th July 2013), guayabal (20th July 2013), InCiDeR (19th July 2013), Jake (19th July 2013), Joseph McAree (19th July 2013), kanishk (19th July 2013), KiwiElf (19th July 2013), Kristin (19th July 2013), lakewatcher (20th July 2013), Laura Elina (19th July 2013), Magneticman (19th July 2013), meeradas (19th July 2013), NoNeedForAName (23rd August 2014), northstar (19th July 2013), Operator (19th July 2013), PRAGMAE (19th July 2013), Reinhard (19th July 2013), Richard S. (20th July 2013), risveglio (19th July 2013), Robert J. Niewiadomski (19th July 2013), RunningDeer (20th July 2013), seko (19th July 2013), soleil (19th July 2013), Sophocles (19th July 2013), Star Tsar (19th July 2013), Strat (25th July 2013), Tesla_WTC_Solution (20th July 2013), Tommy (19th July 2013), ulli (19th July 2013), william r sanford72 (19th July 2013), write4change (19th July 2013)

  3. Link to Post #2
    Avalon Member
    Join Date
    13th May 2011
    Location
    Urantia/Poland/Warsaw
    Posts
    1,057
    Thanks
    8,272
    Thanked 3,307 times in 873 posts

    Default Re: Computer password security: How the pros hack passwords.

    But the password hash list needs to be obtained in the first place... Means one needs to find a hole to get in and steal the hash list. And use it immediately before anyone manages to change their password. Right? Cracking passwords is the desert. After main course of getting hash list out. And some meals are tough to chew (or even indigestible) while others are of one bite size

    PA better be of that 1st kind meal
    Best wishes and free energy to all
    Robert

  4. The Following User Says Thank You to Robert J. Niewiadomski For This Post:

    Magneticman (19th July 2013)

  5. Link to Post #3
    United States Administrator ThePythonicCow's Avatar
    Join Date
    4th January 2011
    Location
    North Texas
    Language
    English
    Age
    76
    Posts
    28,579
    Thanks
    30,499
    Thanked 138,429 times in 21,488 posts

    Default Re: Computer password security: How the pros hack passwords.

    Quote Posted by Robert J. Niewiadomski (here)
    But the password hash list needs to be obtained in the first place... Means one needs to find a hole to get in and steal the hash list. And use it immediately before anyone manages to change their password. Right? Cracking passwords is the desert. After main course of getting hash list out. And some meals are tough to chew (or even indigestible) while others are of one bite size

    PA better be of that 1st kind meal
    Project Avalon relies on vBulletin for most of its key server software. vBulletin is a widely used web forum software package, with frequent security updates. But nothing is perfect (and too many users use the same password on multiple sites.)
    My quite dormant website: pauljackson.us

  6. The Following 6 Users Say Thank You to ThePythonicCow For This Post:

    aranuk (19th July 2013), kanishk (19th July 2013), Magneticman (19th July 2013), Robert J. Niewiadomski (19th July 2013), Star Tsar (19th July 2013), william r sanford72 (19th July 2013)

  7. Link to Post #4
    Canada Avalon Member northstar's Avatar
    Join Date
    11th March 2013
    Location
    True North
    Posts
    485
    Thanks
    3,131
    Thanked 3,405 times in 466 posts

    Default Re: Computer password security: How the pros hack passwords.

    My Skype was hacked last year and the hacker tried to use my credit card to make calls. Luckily I had previously cancelled the credit card registered with Skype so there was nothing there for them to steal!
    It made me a bit scared about all the personal information I have stored online in various accounts, especially places in which I purchase things and where they have my credit card stored.
    I changed my password to one which has upper and lower case, numbers and characters.
    Last edited by northstar; 19th July 2013 at 12:42.
    The 'rebellion' of the Mind, having the Mind run the show, is the Luciferian rebellion of wanting to leave Love-Christ-Heart behind and create a universe without the 'pesky feeling of the heart' holding it back
    ~ Tobias Lars

  8. The Following 2 Users Say Thank You to northstar For This Post:

    Magneticman (19th July 2013), william r sanford72 (19th July 2013)

  9. Link to Post #5
    Deactivated
    Join Date
    6th December 2010
    Posts
    600
    Thanks
    1,824
    Thanked 2,108 times in 521 posts

    Default Re: Computer password security: How the pros hack passwords.

    we should look at enabling SSL on Avalon .. making it a little more difficult for sniffers / taps to "read" the information people are sending / receiving when on the forum ..

    if i switch to SSL, and accept the self signed cert .. the whole UI changes and is unusable.
    Last edited by Aurelius; 19th July 2013 at 13:44.

  10. The Following 2 Users Say Thank You to Aurelius For This Post:

    Magneticman (19th July 2013), Robert J. Niewiadomski (19th July 2013)

  11. Link to Post #6
    Unsubscribed
    Join Date
    24th January 2011
    Age
    48
    Posts
    1,109
    Thanks
    2,733
    Thanked 2,430 times in 818 posts

    Default Re: Computer password security: How the pros hack passwords.

    Quote Posted by Paul (here)

    The three methods I've used in the last few years:
    Paul, have you researched Last Pass vs Firefox's built in password manager if you have no need for multiple computers or browsers?
    Quote Posted by Paul (here)

    Here is one such password generated by my custom tool:
    Code:
    mRrzM7k2WxzE2wOyi/YGeTWi42OeZdp9ktFIeAiveVV5Z/EzjmPytVbypFluu64MU497GfhfKwmPNG0lJetbJw
    (To be clear, I don't expect any sane person to replicate such a password generator tool, nor need they. I'm just showing off with the above long password example.)
    So you are saying I should do this. :thinking:

  12. Link to Post #7
    Norway Senior Administrator Tommy's Avatar
    Join Date
    11th April 2010
    Location
    Norway
    Posts
    463
    Thanks
    1,529
    Thanked 2,574 times in 371 posts

    Default Re: Computer password security: How the pros hack passwords.

    Cool post Paul, thanks

    The example password you created reminds me of MD5 hash sequences, similar to how it is stored in the DB.

    One thing I found funny with the MD5 "encryption" is how easy it is to crack once you get the string. As I am sure you know there are multiple generators and decryption tools available online. Never understood this, one could might as well just have the entire password without MD5 in the table as it is so easy.

    Have you ever considered SSL protection? I use it for certain things, but a lot of CMS/boards generate strange issues with it.. Plus it costs some money getting it signed as "trusted".

    Avalonians should be glad the people in charge here knows so much about this stuff

    Cheers

  13. The Following 4 Users Say Thank You to Tommy For This Post:

    Christine (24th July 2013), kanishk (24th July 2013), Magneticman (19th July 2013), ThePythonicCow (19th July 2013)

  14. Link to Post #8
    Avalon Member Carmody's Avatar
    Join Date
    19th August 2010
    Location
    Winning The Galactic Lottery
    Posts
    11,389
    Thanks
    17,597
    Thanked 82,316 times in 10,234 posts

    Default Re: Computer password security: How the pros hack passwords.

    Quote Posted by Robert J. Niewiadomski (here)
    But the password hash list needs to be obtained in the first place... Means one needs to find a hole to get in and steal the hash list. And use it immediately before anyone manages to change their password. Right? Cracking passwords is the desert. After main course of getting hash list out. And some meals are tough to chew (or even indigestible) while others are of one bite size

    PA better be of that 1st kind meal

    The most successful form of (extremely difficult cases) hacking has always (IMO and IME) revolved round hacking the person connected to the keyboard. The weak spot in the equation.

    My best answer to all of this, is that I make sure there is nothing on the other side of the given wall - to steal.
    Last edited by Carmody; 19th July 2013 at 14:14.
    Interdimensional Civil Servant

  15. The Following 3 Users Say Thank You to Carmody For This Post:

    AwakeInADream (19th July 2013), Magneticman (19th July 2013), ThePythonicCow (19th July 2013)

  16. Link to Post #9
    Canada Avalon Member DeDukshyn's Avatar
    Join Date
    22nd January 2011
    Location
    From 100 Mile House ;-)
    Language
    English
    Age
    50
    Posts
    9,394
    Thanks
    29,778
    Thanked 45,445 times in 8,541 posts

    Default Re: Computer password security: How the pros hack passwords.

    Quote Posted by northstar (here)
    My Skype was hacked last year and the hacker tried to use my credit card to make calls. Luckily I had previously cancelled the credit card registered with Skype so there was nothing there for them to steal!
    It made me a bit scared about all the personal information I have stored online in various accounts, especially places in which I purchase things and where they have my credit card stored.
    I changed my password to one which has upper and lower case, numbers and characters.
    Last year Skype was discovered to have a particularly easy way to get into others accounts by only getting their email address, and utilizing a loophole in their password recovery process. They've since fixed this, but it is likely this is how your account was compromised.
    When you are one step ahead of the crowd, you are a genius.
    Two steps ahead, and you are deemed a crackpot.

  17. The Following 2 Users Say Thank You to DeDukshyn For This Post:

    AwakeInADream (19th July 2013), northstar (19th July 2013)

  18. Link to Post #10
    Avalon Member Flash's Avatar
    Join Date
    26th December 2010
    Location
    Montreal
    Posts
    9,637
    Thanks
    38,027
    Thanked 53,692 times in 8,940 posts

    Default Re: Computer password security: How the pros hack passwords.

    I have given a seminar once (on how to handle their demanding internal customers) to the computer security personnel of a bank. What I heard there and what they told me convinced me not do banking on the internet lol Not kidding.

    also:
    have a credit card with a low limit so that not much can be stolen and use this card on the web
    never give your credit card number for promotional stuff, I have been hacked on this
    Gaz stations and bars are particularly sensitive to theft, give low level credit card there
    Never ever use your debit card for payment everywhere, it is a major link to most of your personal history and most of your money.
    Put credit/debit cards with chips (Canada and Europe) in a special small wallet to avoid being picked up by passer by with electronic devices and hacked.




    Quote Posted by northstar (here)
    My Skype was hacked last year and the hacker tried to use my credit card to make calls. Luckily I had previously cancelled the credit card registered with Skype so there was nothing there for them to steal!
    It made me a bit scared about all the personal information I have stored online in various accounts, especially places in which I purchase things and where they have my credit card stored.
    I changed my password to one which has upper and lower case, numbers and characters.

  19. The Following 6 Users Say Thank You to Flash For This Post:

    AwakeInADream (19th July 2013), kanishk (23rd July 2013), lakewatcher (20th July 2013), Laura Elina (19th July 2013), Magneticman (19th July 2013), northstar (19th July 2013)

  20. Link to Post #11
    United States Administrator ThePythonicCow's Avatar
    Join Date
    4th January 2011
    Location
    North Texas
    Language
    English
    Age
    76
    Posts
    28,579
    Thanks
    30,499
    Thanked 138,429 times in 21,488 posts

    Default Re: Computer password security: How the pros hack passwords.

    Quote Posted by seeingterra (here)
    One thing I found funny with the MD5 "encryption" is how easy it is to crack once you get the string. As I am sure you know there are multiple generators and decryption tools available online. Never understood this, one could might as well just have the entire password without MD5 in the table as it is so easy.
    MD5 isn't -that- easy. It is an almost reliable one-way message digest, not a two-way encryption/decryption method. It's main problem when used to store passwords is that it is too fast to compute, enabling brute force attacks if the encrypted material is short (such as a short password.) In other words, if you have a 6 character password, encoded using MD5, then I can generate MD5 encodings for -all- possible 6 character passwords and compare them to your encoded password, to see which one generates your encoding.

    I said "almost" reliable because MD5 is not entirely collision resistant, though the constructed collisions are artificial and not a concern in many uses, such as verifying that one has a byte for byte correct copy, in the case where non-malicious errors (human or machine) are the risk, not a deliberately malicious attack.

    Perhaps the similarity you noticed between my insane example and an example of MD5 you saw was in my use of Base 64 encoding (26 lower case letters, 26 upper case letters, 10 digits and 2 more characters, which are '/' and '+' in the program I'm using.) This encodes 6 bits per character (26 + 26 + 10 + 2 == 64 == 2 to the power of 6.) Hex encoding only encodes 4 bits per character (10 digits + 6 letters ('a' - 'f') == 16 == 2 to the power of 4.)

    The differences between MD5 and the various SHA are in their length, and in their compute cost. ("Digest" below means to a one-way encoding.)
    • An MD5 digest is 128 bits long.
    • A SHA256 digest is 256 bits long.
    • A SHA512 digest is 512 bits long.
    My insane password example is a SHA512 digest, displayed using a Base 64 string of 85 characters (which only displays 6 * 85 == 510 bits, the last 2 bits being dropped to avoid displaying a character that has less than 6 bits of entropy.)

    Quote Posted by seeingterra (here)
    Have you ever considered SSL protection? I use it for certain things, but a lot of CMS/boards generate strange issues with it.. Plus it costs some money getting it signed as "trusted".
    We made a couple of attempts to add SSL (https) to the forum, but did not succeed. SSL protects from the garden variety criminals, which are not much of a problem for us, as we're not a bank or other transactor of money. So far as we know, it doesn't protect against the NSA, who I presume has the resources to crack SSL on the fly, in large quantity. Since it is the NSA and colleagues that are our main "threat", and since 90 per-cent of what people send up the wire to us is posted in public anyway, for Google to scrape usually within 10 or 20 minutes, the benefits that SSL would have for our forum don't appear that great, from what we can see.
    Last edited by ThePythonicCow; 19th July 2013 at 19:16.
    My quite dormant website: pauljackson.us

  21. The Following 3 Users Say Thank You to ThePythonicCow For This Post:

    Aurelius (20th July 2013), AwakeInADream (19th July 2013), Magneticman (19th July 2013)

  22. Link to Post #12
    United States Administrator ThePythonicCow's Avatar
    Join Date
    4th January 2011
    Location
    North Texas
    Language
    English
    Age
    76
    Posts
    28,579
    Thanks
    30,499
    Thanked 138,429 times in 21,488 posts

    Default Re: Computer password security: How the pros hack passwords.

    Quote Posted by risveglio (here)
    Paul, have you researched Last Pass vs Firefox's built in password manager if you have no need for multiple computers or browsers?
    I have not evaluated the security of Firefox's built-in password manager, and I do have multiple computers and browsers (some 15 different browsers, all but Mac Safari, available on my main system, most of which don't support any of these password managers ...)
    My quite dormant website: pauljackson.us

  23. The Following 2 Users Say Thank You to ThePythonicCow For This Post:

    Magneticman (19th July 2013), risveglio (19th July 2013)

  24. Link to Post #13
    Ireland Avalon Member Mulder's Avatar
    Join Date
    20th April 2010
    Location
    Ireland
    Posts
    1,050
    Thanks
    939
    Thanked 2,577 times in 818 posts

    Default Re: Computer password security: How the pros hack passwords.

    An easy way to get into your accounts is to hack your main email and find all your other accounts - e.g. skype, amazon, etc. Then do a "forgot password" and intercept the email link and change the password to a new one and you're hacked!

    So you should delete all old emails and take special care of your main email. I expect email providers to start sending sms codes to your phone and you need to enter the code to log-on. It would be impossible to hack your email without cloning/stealing your mobile (but this is still do-able for a motivated thief).
    “There is no coming to consciousness without pain. People will do anything, no matter how absurd, in order to avoid facing their own soul. One does not become enlightened by imagining figures of light, but by making the darkness conscious.” -- Carl Jung

    "To see the farm is to leave the farm."

  25. The Following 2 Users Say Thank You to Mulder For This Post:

    AwakeInADream (19th July 2013), Magneticman (19th July 2013)

  26. Link to Post #14
    UK Avalon Member AwakeInADream's Avatar
    Join Date
    30th August 2012
    Location
    Source seen from a unique angle
    Posts
    577
    Thanks
    9,474
    Thanked 2,913 times in 540 posts

    Default Re: Computer password security: How the pros hack passwords.

    Great advice Paul! Thanks!

    I don't know much about hacking, but what I've read does frighten me and make me paranoid...I have a few questions:

    You know that type of hacking where people can gain remote access to your computer?

    How does that work? And is there a password that you can change to stop people from doing it?
    (if so how do you change it)

    Also does using a VPN stop this kind of thing?

    P.S. For security, I have always kept an empty bank account that I only put money into when I want to use it for online shopping. They can't steal from an empty bank account.

  27. The Following 3 Users Say Thank You to AwakeInADream For This Post:

    lakewatcher (20th July 2013), Magneticman (19th July 2013), PurpleLama (19th July 2013)

  28. Link to Post #15
    United States Administrator ThePythonicCow's Avatar
    Join Date
    4th January 2011
    Location
    North Texas
    Language
    English
    Age
    76
    Posts
    28,579
    Thanks
    30,499
    Thanked 138,429 times in 21,488 posts

    Default Re: Computer password security: How the pros hack passwords.

    Quote Posted by AwakeInADream (here)
    I don't know much about hacking, but what I've read does frighten me and make me paranoid...I have a few questions:

    You know that type of hacking where people can gain remote access to your computer?

    How does that work? And is there a password that you can change to stop people from doing it?
    (if so how do you change it)
    It's all kind of complex, and there's a variety of ways that various kinds of control can be obtained over various parts of your computer or various online accounts you might have.

    There's no simple password setting to keep it all out. VPN (virtual private networks) have their uses, but are only marginally relevant here.

    Windows users have more of a problem with this than Mac or Linux users. Windows users claim this is because Windows is so popular, so that's where the hackers hack. Linux users claim this is because Windows is inherently insecure and poorly designed. Mac users ignore that controversy and blissfully use their Macs. (I'm joking a bit here, but only somewhat.)

    ... in other words, I don't have any easy answers for you ... sorry.

    I can do a pretty good job of keeping a Linux or Unix box safe ... but that's in part because I have spent over 35 years up to my eyeballs in Linux and Unix systems.
    My quite dormant website: pauljackson.us

  29. The Following 2 Users Say Thank You to ThePythonicCow For This Post:

    AwakeInADream (19th July 2013), Magneticman (19th July 2013)

  30. Link to Post #16
    United States Avalon Member write4change's Avatar
    Join Date
    20th January 2011
    Location
    Los Angeles, California
    Age
    78
    Posts
    729
    Thanks
    5,651
    Thanked 3,632 times in 628 posts

    Default Re: Computer password security: How the pros hack passwords.

    You have no idea how much I needed this and how grateful I am that you posted it. Thanks so very much.
    Beware the axis of sanctimony.

  31. The Following 2 Users Say Thank You to write4change For This Post:

    Carmody (20th July 2013), Magneticman (19th July 2013)

  32. Link to Post #17
    UK Avalon Member AwakeInADream's Avatar
    Join Date
    30th August 2012
    Location
    Source seen from a unique angle
    Posts
    577
    Thanks
    9,474
    Thanked 2,913 times in 540 posts

    Default Re: Computer password security: How the pros hack passwords.

    Thanks Paul!

    Would you say that using Linux is safer for online shopping, banking etc...?(even if I don't really know what I'm doing)

    I have Ubuntu installed on my laptop also, just for curiosity(I haven't used it much), but if it really is safer then I may start using it more. I guess having to type a password every time you make changes to the system makes things way more secure.

    I've heard that it's safer to run Windows from a User account, rather than as Administrator. I guess this is a similar thing.

    I don't have any anti-virus software on Ubuntu though, can you recommend a good free one?
    (I read somewhere once that you don't need anti-virus on Linux, is that true?)

    P.S. I've just made my PA password much more complex.

  33. The Following User Says Thank You to AwakeInADream For This Post:

    Magneticman (19th July 2013)

  34. Link to Post #18
    United States Administrator ThePythonicCow's Avatar
    Join Date
    4th January 2011
    Location
    North Texas
    Language
    English
    Age
    76
    Posts
    28,579
    Thanks
    30,499
    Thanked 138,429 times in 21,488 posts

    Default Re: Computer password security: How the pros hack passwords.

    Quote Posted by AwakeInADream (here)
    Thanks Paul!

    Would you say that using Linux is safer for online shopping, banking etc...?(even if I don't really know what I'm doing)

    I have Ubuntu installed on my laptop also, just for curiosity(I haven't used it much), but if it really is safer then I may start using it more. I guess having to type a password every time you make changes to the system makes things way more secure.

    I've heard that it's safer to run Windows from a User account, rather than as Administrator. I guess this is a similar thing.

    I don't have any anti-virus software on Ubuntu though, can you recommend a good free one?
    (I read somewhere once that you don't need anti-virus on Linux, is that true?)

    P.S. I've just made my PA password much more complex.
    If you are comfortable using Linux, then yes, I'd say it's safer. When I have had relatives who didn't know one end of a computer from the other ask me to set them up so they could send email and browse the web, I usually set them up with Linux.

    I don't know of any anti-virus program for Linux, and don't think that one is needed.

    Yes, from what I recall from the days I dabbled in Windows, running from a user account rather than an admin account is one thing you can do to be safer (but I am no Windows guru.)
    My quite dormant website: pauljackson.us

  35. The Following 2 Users Say Thank You to ThePythonicCow For This Post:

    AwakeInADream (19th July 2013), Magneticman (19th July 2013)

  36. Link to Post #19
    Avalon Member Carmody's Avatar
    Join Date
    19th August 2010
    Location
    Winning The Galactic Lottery
    Posts
    11,389
    Thanks
    17,597
    Thanked 82,316 times in 10,234 posts

    Default Re: Computer password security: How the pros hack passwords.

    Quote Posted by Paul (here)
    Quote Posted by AwakeInADream (here)
    Thanks Paul!

    Would you say that using Linux is safer for online shopping, banking etc...?(even if I don't really know what I'm doing)

    I have Ubuntu installed on my laptop also, just for curiosity(I haven't used it much), but if it really is safer then I may start using it more. I guess having to type a password every time you make changes to the system makes things way more secure.

    I've heard that it's safer to run Windows from a User account, rather than as Administrator. I guess this is a similar thing.

    I don't have any anti-virus software on Ubuntu though, can you recommend a good free one?
    (I read somewhere once that you don't need anti-virus on Linux, is that true?)

    P.S. I've just made my PA password much more complex.
    If you are comfortable using Linux, then yes, I'd say it's safer. When I have had relatives who didn't know one end of a computer from the other ask me to set them up so they could send email and browse the web, I usually set them up with Linux.

    I don't know of any anti-virus program for Linux, and don't think that one is needed.

    Yes, from what I recall from the days I dabbled in Windows, running from a user account rather than an admin account is one thing you can do to be safer (but I am no Windows guru.)
    A general way for the average person to think of Linux vs mac vs windows:

    Linux is a smaller, functional and modular, expandable house -with one door. It is a simple door, and it is easily closed.

    Mac is a much larger house, with many rooms...and with four or five doors and a few windows to look through, some small windows, some big.

    Windows is a gigantic mansion (most of the rooms - you've never even visited), a huge bloated glass house with 1000 windows, most of them size of a door, some of them are already smashed so the wind blows through the house.
    Interdimensional Civil Servant

  37. The Following 3 Users Say Thank You to Carmody For This Post:

    Anchor (21st July 2013), AwakeInADream (20th July 2013), ThePythonicCow (20th July 2013)

  38. Link to Post #20
    Unsubscribed
    Join Date
    20th November 2012
    Location
    gone
    Age
    40
    Posts
    4,873
    Thanks
    15,814
    Thanked 18,722 times in 4,284 posts

    Default Re: Computer password security: How the pros hack passwords.

    I used to go to sites that actually stored and cross referenced hashes.... Like Paul said, random is best ...

    Also disable the browser master password list on your pc.... Lol

    Anyone who manages to log into your desktop can access that list!

+ Reply to Thread
Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts