How secure is your password /g/?
https://howsecureismypassword.net/
>just type your password into this attack list generator
fuck off with your password dictionary honeypot
>>58918077
So "hhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh" is apparently a very strong password. Who knew?
>>58918077
Why would I type my password into some random website when i can just open a calculator and figure it out for myself?
>>58918077
>niggernigger
>It would take a computer about 4 WEEKS to crack your password
>>58918139
It is very strong, though. I can't think of any real life password brute-force technique that would guess "hhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh" early on in the process, unless the attacker had knowledge a priori about how the password looks like (it's a single letter repeated multiple times, etc.)
This website is retarded. It thinks a 9 character password containing mixed case plus numbers and special characters could be cracked in 4 weeks. That is insane. That would require the computer to try 929686719733871652042559344447467821139391968008026201090353930157484706301413248598 passwords per second in order to have a 50% chance of cracking the password within that amount of time.
>>58918077
my password is very secure so long as I don't type it into that password harvesting site
>>58918997
LOOOOOOOL
>>58918943
But if 9 characters-password is so strong, won't the standard recommendation be 9-10 chars instead of the current 20 chars length?
Is password1234567891011121314151617181920 secure?
>>58918943
>https://howsecureismypassword.net/
Where the fuck did you get that figure? Assuming ASCII characters, there are 95 possible values for each character (a-zA-Z0-9!@#$%... etc). 95 to the 9th is 630249409724609375 possible passwords.
Assuming 1 trillion guesses per second (Snowden's figure circa 2013), it would take 630249409724609375 / 10^12 = 630249 seconds to crack a 9-digit password. Or, exactly 7 days. (The exact 7 days figure surprises me. Also, the website is apparently also making the assumption of one trillion guesses per second.)
>>58918943
>This website is retarded. It thinks a 9 character password containing mixed case plus numbers and special characters could be cracked in 4 weeks. That is insane
Its not insane
its making a basic calculation from the average speed of a processor which is equivalent to the number of guesses it can make per second. It then relates that to your password which is basically just how many different combinations can it make before getting it, dividing by 2 because the average between t=0 and t=100% all combinations extinguished, the average time is about 50%. Assuming your password was the very last guess it could make it would take about 8 weeks instead of 4
this is a simple math of "if I have this number, how long will it take at this rate"?
>>58918077
Guys how strong is my password?password
>>58918077
>implying these sites aren't nsa run to match passwords to ips, and therefore identities
>your password isn't \\'\\\'\\'\\\'\\'\\\\'\\'\\\'\\'';';;';;,';;;',;';
>>58919158
Depends. What site so you use it on and what is the accompanying user/email?
>>58919209
Well it's 8 characters long, that should be safe enough
this website mainly shows what combination and length of password does to the time take. it's roughly an estimation
>using only numbers
>using only letters
pretty pleb tier
>numbers and letters
meh tier
>captial and lower case letters with number
good tier
>>captial and lower case letters with number with symbols
great tier
it also looks for common words.and repetitiveness
>tfw your old passwords could be solved instantly
>>58919209
id make the P uppercase
>>58919377
>no unicode escape characters
>no unicode characters
>>58918077
I use 30 character random generated passwords from LastPass for almost everything except banking, Google, and LastPass itself
For those I use pic related style passwords
>>58919423
I use pic related, but I add numbers and symbols.
>>58919409
>no triforce in password
▲
▲▲
>OP is a faggot
>66 million years
Nice, I'm safe.
>>58919423
Password managers are a meme. Encrypt with PGP key and veracrypt, a list of random strings numbered for passwords.
>>58918943
Supercomputers can calculate this shit instantly. You're fucked either way if you're targeted by the gov. If you're attacked by some random hacker then it will either be through social engineering, malware (example, exploiting MS win10's built-in keylogger) or he'll use a botnet of thousands of computers to do these calculations. So saying 4 weeks would take to calculate a 9 char password is way too optimistic.
>>58919423
Lastpass isn't an offline password manager you idiot.
>idiots still go to this website and type in actual passwords (and don't even try to deny it)
>you fucking idiots
>>58919423
Bad call.
https://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/
>As the name implies, a hybrid attack marries a dictionary attack with a brute-force attack, a combination that greatly expands the reach of a well-honed word list while keeping the keyspace to a manageable length. The first round of this stage appended all possible two-characters strings containing digits or symbols to the end of each word in his dictionary. It recovered 585 plains and took 11 minutes and 25 seconds to run. Round two appended all possible three-character strings containing digits or symbols. It cracked 527 hashes and required 58 minutes to complete. The third round, which appended all four-digit number strings, took 25 minutes and recovered 435 plains. Round four appended all possible strings containing three lower-case letters and digits and acquired 451 more passwords.
>The specific type of hybrid attack that cracked that password is known as a combinator attack. It combines each word in a dictionary with every other word in the dictionary. Because these attacks are capable of generating a huge number of guesses—the square of the number of words in the dict—crackers often work with smaller word lists or simply terminate a run in progress once things start slowing down. Other times, they combine words from one big dictionary with words from a smaller one. Steube was able to crack "momof3g8kids" because he had "momof3g" in his 111 million dict and "8kids" in a smaller dict.
>"The combinator attack got it! It's cool," he said. Then referring to the oft-cited xkcd comic, he added: "This is an answer to the batteryhorsestaple thing."
L&\rwG'%o>d*S@/jr}9P&}c4>.sP7EWToj8p+D'58Jmnq'&~QY3yVYnz9xFXLFQL&rwG'%o>d*S@jr}9P&}c4>.sP7EWToj8p+D'58Jmnq'&~QY3yVYnz9xFXLFQL&rwG'%o>d*S@jr}9P&}c4>.sP7EWToj8p+D'58Jmnq'&~QY3yVYnz9xFXLFQ
>>58919672
That's 2013 as well.
>>58919499
>>58919556
>Luddites fear progress
>>58919798
It's only taking forever due to length. Typing nigger over and over again will achieve the same result. Not very good practice.
>>58919966
At least use pass or password safe.
>>58918077
brb switching all of my passwords to "nigger nigger nigger."
How did I do /g/?
>>58918903
Are you fucking kidding me? They check these first.
!#@@$^::::{space}:jewzaaaylmaoAsdfghjkl;'###(¼)\n
Get fucked.
>>58918077
GG
>>58919972
Also there could be a much simpler string that evaluates to the same hash.
not very, apparently
1 quattuorvigintillion years
password123 takes a month
ᤶ (U+1936) takes a yoctosecond
1 takes 300 picoseconds (300,000,000,000,000 times longer than the random unicode one)
Who has time to crack a password for ONE account at a time ?
The real money is in hacking sites and stealing all the login/password combinations from them.
And then the biggest security risk are users re-using the same login/password for multiple sites.
Using a password manager is better then reusing your login/password for multiple sites.
each their own, stay secure out there.
>not using a password manager
inb4 muh brain retards
"Secure" is an interesting choice of words considering that the amount of entropy in a password is irrelevant to security when you're plugging them into 252k of obfuscated Javascript.
>>58918077
Or about 5 seconds of having a solder in your anus.
>>58918139
That's the problem with randomness, you can never be sure.
>>58918077
My email password is statistically impossible to crack. My others though are most likely compromised.
Sure, it would take 23034693496 years to crack your password.
It takes a few minutes for the password to be reset via social engineering.
>>58922419
password123 would take less than an hour in any comprehensive dictionary attack
>>58925069
if anyone on /g/ fell for a phishing scam i'd be very surprised.
>>58925104
You aren't the target; the host is.
>>58925093
Obviously. I was pointing out how off the site seems.
>>58918903
Any program is going to check hhhhhhhhhhhhhhhhhhhhhhhhhh before checking 0p'sAfagg0t
just use 4 easy words like
Bread Funny Love Beer
damn, penisgoblin isn't a safe password. cracked in one day
511[dP]785
>10 years
:(
>>58919423
>using a proprietary password manager
Off-topic probably, but...
I'm about to change passwords from all of my known accounts.
What format of password do you normally use? Combination of words and numbers, "randomly" generated numbers and letters or something else?
>>58926306
Random numbers and letters
>>58926306
password manager idiot
>>58920572 >>58925164
No, they are not. Passwords like that are really uncommon.
>>58920774
>supid fucktard
>"supid"
>>58919209
substitute a letter with a number. Like passw0rd. That should be really safe.
>>58919672
https://www.youtube.com/watch?v=3NjQ9b3pgIg
>>58926451
Wrong.
>>58926306
Complexity is unimportant, what matters is length, e.g.
howdyFaggotThisPasswordIsReallyFuckingLong
is a LOT more secure than Ch3353WheeL!98z\
>>58927160
>what matters is length
To express it in your own words:
Wrong.
Dictionary attacks are a thing. It is not JUST about length.
>>58927170
implying this is a dictionary attack, you retard
even then it's completely defeated by splicing a symbol into the centre
unless someone is trying to break YOUR password specifically, it won't happen. even it wont happen.
>>58919606
>he doesnt just open the console to verify the site makes no http requests
>>58927192
>implying this is a dictionary attack
You always assume the attacker knows the style of your password.
>even then it's completely defeated by splicing a symbol into the centre
Great idea! I am sure no hacker will try this. How about you also substitute one letter with a number? They'd never think about that!
Of course, those make your password stronger, but not necessarily as much as you think.
>>58918077
Well now it's not secure anymore, good job putting it in a NSA wordlist
>>58927213
Simple. Just enter a gorillion other passwords and yours is safe again.
>>58926306
Use a password manager that generates random strong passwords for the majority of your accounts.
Then use a strong Dice Ware password for your master password. (A system to create random pass phrases.)
>>58927233
>A system to create random pass phrases
>A system
aka insecure
ihEARDtHATcURTIS42-=
43 QUINTILLION YEARS
Ayy, dead memes are good passwords.
>click generate
>instantly get a password like: Fu>o%1cr\\*l/,V';?<E
>extension even auto creates an entry in my database when i make the account
ez
>>58927242
>aka insecure
Rolling a bunch of dice is insecure.
>>58919672
What if I use some line from a poem and quite long at that? Around 20 words to remember, how would such mixed attack work?
Everybody should remember their own personal relationship between a number and a random selection of characters.
I.e. 2 = h&J
It takes an hour or so to remember, then top up with flashcards.
After that, the first 3 letters of site corresponded to alphabet position + same with username + random string you memorise = gg.
>>58918077
might as well call that site
>addmypasswordtorockyoudottxt.net
>>58919423
Using dictionary words in concatenated strings isn't all that safe, most cracking tools will accommodate that.
>>58927763
Or, you could just use a password manager which generates strong unique passwords each time.
Then you only need to think of one really strong, but easy to remember password.
>>58927929
And yet, when you account for dictionary attacks, those 4 random words make a stronger password than that other one.
That feel when you realize longer = better and special characters do not fucking matter at all
So just make a password like "opisalwaysandforeverafaggot"
>>58918101
>>58918104
/thread
>>58918077
>80+ char pass
doesnt matter how "secure" your password is against brute force if you have to write it down to remember it.
>>58928314
I can't complain, I made myself a name
And all I really want is five minutes of fame
84 characters(if you don't count new line)
Most of my passwords are relatively secure. Randomly generated 32 character passwords is my default, 16 for shitty sites that won't take my longer ones. Obviously I use a password manager. My master password is just a couple of 16 character passwords I memorized a long time ago combined with an easy to remember but difficult to guess string.
>>58918077
>How secure is your password /g/?
if you go to that site and type your password in then, the answer is not very secure...
>>58928314
>what is a password manager
>not having photographic memory
What if I use emojis in my password?
>>58918077
>https://howsecureismypassword.net/
suck_mY_b3n15_uSJW_fek1n/g/_whore!!!
>>58927208
So... How would you bruteforce a password that constists of 4 words in total that can be found in a standard english dictionary?
>>58918077
My password has always been, and always will be:A'); DROP TABLE passwords; --
>>58919209
Password123 followed by a space would take 63 thousand years to be broken.
add 2 spaces and it'd take 34 billion years.
lel
>>58924855
if it doesn't say 'forever' there, it's weak.
apparently using a password manager can't free you from being a cuck.
>>58918139
so it 1234567777777777
if i add one more 7 it jumps to 10 months , add one more and its 8 years ...
>>58918077
how retarded could you be, typing your password into a rainbowtable. this whole thread shows just how infected /g/ is
>>58931018
Get off the internet, Bobby Tables.
>>58930924
Creating a rule to string up to X words from the dictionary your are using during one of the passes
>>58918077
>tfw default java activity in Android Studio can't be bruteforced
password123456789
>>58918077
my password is
>obscure word from my mother tongue
>waifu's name
>number
>obscure word from my mother tongue
>obscure english word
tfw switched to keepass within the past week and have had no complications
now ruin it for me
>>58934454
pajeet?
>>58934498
keepassx has the known vulnerability of being much worse than keepassx
>>58934893
I had deleted the x in the first one
rip me
>>58934893
damn me and my usage of the inferior windows and android versions
>>58931018
>implying there will ever be an extra table called 'passwords'.
>>58934979
there's keepassdroid for android, btw.
>>58918077
>https://howsecureismypassword.net/
implying it collects passwords and sells them
>>58935011
I'm using Keepass2Android, how do they compare?
>>58935037
It's not like you could just check if that sites makes any http requests when you enter something.
>>58934893
>keepassx
>worse than keepassx
You broke muh strict order.
>>58935041
idk, never used that one you mention.
Keepassdroid is comfy.
can't access the site right now
can you check my password for me pls? it is mickey2003 (dont share it with anyone)
>>58935281
mine is ********, please check it
>>58927507
Read the entire article. If you want a genuinely strong password that won't get raped by these tools you need genuinely random characters off all types, the longer the better but the least no fewer than 12. That's it. That's the trick. No real words, no slang, no shorthand. No patterns. Period.
>>58931018
Why would there be a table called `passwords`?
Wouldn't it be called something like `users`?
Don't store passwords.
Don't backup passwords.
Have a user + Master Password and from there generate passwords based on that and your site.
Don't remember shit other than your name and Master Password.
>>58918077
a shit password I use for social media
Fucking honey pot...
https://password.kaspersky.com/
This is the legit password checker.
>>58937411
>this is the legit one
>>58937433
Not even kidding. It's run by Kaspersky.
>>58922264
i think if you input nonsense characters no system actually allows in a password it breaks the script.
i put in 外航船舶建造融資利子補給臨時措置法 and got the same result
>>58918077
>https://howsecureismypassword.net/
This is stupid, "password" five times and its supposedly an unbeatable password.
>>58938491
>外航船舶建造融資利子補給臨時措置法
is this chinese or japanese
>>58938825
japanese. source claims it's "the law about the promotion in the Japanese shipping industry"
>>58918077
Filename.