Passwords With Random Characters Are Not More Secure, Says Man

are you that stupid?

>>61814708
>ThisIsMyPassword
Will be cracked in nanoseconds by dictionary attack.

File: dictionary_attack.png (38KB, 963x516px) Image search: [Google]

38KB, 963x516px

>>61814748
Except it won't. The dictionary attack will, however, easily crack "!P@$$w0rD&%".

>>61814748

>nanoseconds
No

>>61814748
Even if "ThisIsMyPassword" was literally in the English dictionary your time frame is optimistic.

>>61814777
Femtoseconds? You're not suggesting hashes will be checked sequentially, are you?
>>61814776
Dictionary crackers can chain words. And you have only 4 word-letters as result.

>>61814787
The password consists of words that fit into likely the 5000 most used words, with password being the least used, still being common.
It'd be cracked in not nanoseconds but probably a good 5-10 minutes.

brb changing all my passwords to ThisIsMyPassword

>>61814776
A dictionary attack with 2000 words (this is my password most likely in the 2000 most common words), would take about 2 minutes on a modern computer.
>>61814848
>1000 guesses/sec
That's insanely low.

>>61814848
Same 4 word-letters. At this point I'm assuming they're deliberately spreading false info because other security measures became too strong.

>>61814795
Let's say we have a dictionary of only 100 words, because they are very common. 100^4 = 10^8, that is still 100,000,000 possibilities. Let's say you'd find it after searching only 1/100 of all possibilities, so after 1,000,000 tries.
A nanosecond are 10^-9 seconds, i.e. 0.000000001 seconds. So in order to crack the password in nanoseconds, you'd need to be capable of 10^15 guesses per second. That is 1 quadrillion, or also 1 Peta.

>>61814880
>That's insanely low.
It's not a hash crunch.

>>61814922
Why the fuck not?

>>61814848
>"your password needs to be between 4 and 8 digits"

>>61814708
>Passwords With Random Characters Are Not More Secure, Says Man Who Said They Were More Secure
Can you point me to where he said that?

>>61814795
the number of possible combinations grows exponentially with the number of words you put into the passphrase

>>61814708
>>61814848
OP password is less secure than XKCD one since it's a logical sentence. By choosing random words it's more secure from social hacking. If you somehow find out couple of the words by looking over someone's shoulder, you can assume what the rest of them are and just try a couple of different ones. If they are random you need to know them all unless you want to try all the possible words out there.

Is any of this shit even relevant? Are you people FBI directors who are being targeted for brute force dictionary attacks?

It seems like every password fuckup is either
a. phishing attack on some idiot grandma, orb
b. site / server getting compromised and information being stolen

>>61814925
it's a website password you FUCKING RETARD

>>61814908
>he thinks that's a lot with consumer-grade 10 teraflops cards
Absolutely feasible even with such ridiculous time constraints.
>>61814922
If there's no hash there's no bruteforce.

>>61814976
iCloud used to allow unlimited retries so anyone could use a script to get someone's nudes or blackmail material or whatever

>>61814795
this fucking retard
look at this projective defense
>checking hashes sequentially like a retard
do you have a petahertz system? how the fuck are you going to do anything in a nanosecond?

go fuck yourself faggot stop acting tough on the web

>>61814960
With that phrase you have power of 4. With random letters you have power of 10.

>>61814981
So? Databases get leaked all the time. If you're actually trying to bruteforce your way into a website through its login page, you'll have like 5 guesses and then you're locked out anyway for minutes, in which case 1000 guesses/second is insanely high.

I just use keepass and don't give a shit.

The claim is that X is more secure than Y, but Y's own security has not faltered.

>>61815003
no because you can put "random letters" e.g. asdf wasd qwer into the dictionary as well

>>61814988
You'd still need more than a hundred of those tflops cards. Who do you even think you should worry about cracking your password? Some government organization? Chances are, they will find ways to get the information if they have that much power already.
It won't be cracked in nanoseconds, deal with it.

>>61815008
see >>61814998

it's explained in the comic dipshit

>>61815008
5 guesses per IP.
And most websites now actually make you do captchas on more than a few failed attempts.

Is using a non-alphanumeric character more secure if you are using a string of words that isn't a dictionary phrase?

For example if you are just using a word like "potato" then I see why "pot4t0" would be more secure, but is "PotatoWestLordHoplite" less secure than "PotatoWestLordHoplit3" ?

>>61814708
passwords need to die in favor of some form of public-key based physical security token, preferably with 3+FA (device + PIN + fingerprint or something).

>>61815052
>then I see why "pot4t0" would be more secure
It's not. 'Letter replacements' are insecure since you can use algorithms that just replace o with 0 etc without adding very many additional attempts. It doesn't add much entropy.
Now, if you spell words wrong, that helps. Patato is much more secure than potato.

>>61815024
If sequences of letters in your password can be pre-determined, then it's no longer random. So in a random password, those don't exist.
Though obviously, true random is impossible anyway.
>>61815041
Well fuck, missed the small text. I disagree with the notion that the average user shouldn't worry about databases leaking though. The average user reuses passwords, which makes those more risky than for the advanced user.

>>61815030
Thanks to the cryptocurrencies this is a reality.

>>61815067
It is more secure. It's just not good either. He could have replaced any of the letters with a number (p0tat0, pot4to, po7at0). But replacements like there are incredibly common.

>>61815080
nigger you cant even send commands to the gpu in nanoseconds

>>61815076
We don't need true random, we merely need something that's not in the dictionary.

>>61815067
>>then I see why "pot4t0" would be more secure
>It's not.

>It doesn't add much entropy.
>Implying it does add entropy
You guys should look up what "more" means. A password of 2 letters is more secure than a password of 1 letter, they're both shit and cracked almost instantly, but one's still slightly more secure.

>>61815057
>biometrics
Passwords that cannot be changed are fundamentally insecure.
Security tokens aren't a bad idea though, but you're better off having a password database that you use a security token for that regularly changes. Instead of having a security token for every account, or even worse, having one security token for all accounts, even "Insecure russian dating site.com"

I like that guy from the other thread who said he applies an algorithm to a domain name to produce a password for each site

>>61815104
Wrong, a 2 letter password is exponentially more secure than a 1 letter password.
pot4t0 is linearly more secure than potato.

>>61815124
Sure, doesn't change my point. You can't say pot4t0 isn't more secure than potato, because it definitely is more secure.

>>61815106
>>biometrics
>Passwords that cannot be changed are fundamentally insecure.
wrong. as long as the biometrics device cannot easily be spoofed, knowing "who" the user is adds more security

>>61815104
You should consider the meanings of words, what is security?
A password that takes 5 minutes 10 seconds instead of 5 minutes to crack is not more secure.

It's like saying that getting shot by a 50cal is safer than getting shot by a 51cal. It's not. You've reached the point of maximum insecurity.

>>61814944
pretty much this

just use a password manager and generate long secure passwords
Also don't use the defaults change up the length

>>61815147
And the sun orbits the earth.

>>61815147
>as long as the biometrics device cannot easily be spoofed
You're sending data over the internet. It doesn't matter how particularly secure your device is. If a hacker knows those biometric details, he can fake them.

>>61815106
no, I'm talking about a device that needs a short PIN plus some biometric shit in order to authorize it doing a signature.

so you get cryptographically strong login locked behind having to physically have the key with you, plus the PIN memorized and your fingerprint/iris/whatever.

the accessed system would only care about the crypto key, and the other stuff is just to protect the crypto key in the device.

ideally the physical token would be physically and electronically hardened to hamper key extraction, would wipe itself after enough wrong PIN inputs, etc.

>>61815168
Let's hope that there aren't any biometric databases out there, or that having password entropy components that never expire is a good idea.

https://youtu.be/YNsJBBESeUU

>>61815153
>You've reached the point of maximum insecurity.
I disagree. There are no limits to that. There could definitely be situations in which somebody might only have 5 minutes instead of 5 minutes 10 seconds.

>>61815153
>A password that takes 5 minutes 10 seconds instead of 5 minutes to crack is not more secure.
Except, it is. I know, it is difficult to accept that you are wrong, but don't forget we're all anonymous here. It doesn't matter.

>>61815162
>>61815179
kill yourself shill

>>61815164
the biometrics don't get transmitted, it's only for unlocking the local device/token

>>61815153
Define "security" in the context of passwords then.

>>61814708
>ThisIsMyPassword is more secure than !P@$$w0rD&%
Probably not but "DickCockSuckCuntPussyHorse" is probably more secure.

>>61815168
Hackers are smarter than you are. They're smarter than I am. They will get parts of your password, and if these parts can't be changed your security is permanently fucked. You cannot undo having your biometrics stolen.
Just imagine a fake login page that takes your biometrics. People can easily be tricked into giving their biometrics alone. Or their pin alone. You cannot assume that your system is secure just because you throw a whole load of security functions together.

>>61815195
So you're saying something either is or isn't secure? Where do you draw the threshold?

>>61815216
that's not how it works at all lmao

you need to unlock the physical device and it can have anti-spoofing methods like reading your heart beat and not just your fingerprint. it's not just a fingerprint reader that's hooked up to the internet jesus christ...

Burr is a wise idiot.
https://youtu.be/3PWyB2rBiyo

>>61815233
No, I'm just asking you a simple question.

>>61815252
Nah man, you're wrong and just too ashamed to admit it.
Security is being free from danger or threat. How secure you are is a question of how big the threat/danger is you are free from. A password that takes 5 minutes to crack is not free from the threat of being subject to 5 minutes of cracking attempts. A password that takes 5 minutes 10 seconds however, is. Which can even be a valid situation if a database with millions of user data was stolen and the hackers are just going after the very weakest accounts.

>>61815186
Security is qualitative, anon. You need to be more pragmatic- is 10 seconds a meaningful difference? It clearly isn't.
I'm sure that added 10 seconds of security will hold your hand at night when you lose all your data.
Now it does depend on context- for example temporary tokens in which a computer system only needs for 10 seconds, that ten second difference is meaningful. (this is why credential expiry is important). For credentials that never expire, 10 seconds is as worthless as any other increment, although at that level you have people that expire, so that is your maximum context level of meaningfulness. This stuff is hard to understand but basically it's a factor of how long you want your data to be secure for.
But say, for a password that lasts years, 10 seconds is meaningless. Ergo a meaningless security improvement is essentially a zero security improvement. You want to improve your security to make a meaningful difference, and it's this 'meaning' that is unavailable to single digit IQ morons.

>>61815286
problem with this line of thinking is (5 minutes 10 seconds) is resistent to (5 minutes) of cracking time is that computers will get faster

I dont have a problem with saying 10^26 minutes beats 5 minutes 10 seconds

>>61815286
>How secure you are is a question of how big the threat/danger is you are free from. A password that takes 5 minutes to crack is not free from the threat of being subject to 5 minutes of cracking attempts. A password that takes 5 minutes 10 seconds however, is.
Okay, so a password that takes longer to crack is more secure. As I said, and you (?, >>61815153) denied. So the password taking 5 minutes 10 seconds is more secure than a password that takes 5 minutes to crack.

>>61815293
Let me put it like this. 1 password can be just as secure as another, less secure or more secure. And it is definitely not less or just as secure. So it is more secure.

>>61815293
Ergo; if your password being secure for 5 minutes ten seconds and not 5 minutes is important to you, then yes, your password is more secure.
I am working under the assumption (sue me) that this is not your usage scenario. If this is not your usage scenario, security is objectively not increased.

>>61815321
No, you got it wrong. I am saying that p4ssword is more secure than password. There are multiple anons arguing here, so it can get a little messed up.
Of course I know that p4ssowrd is still a shitty password.

>>61815168
>>61815179
what don't you guys get?

nothing about this scheme is tied to a particular physical token.

hell, you could have 5 different ones stored in various bank safes if you wanted.

the multi-factor stuff is just used to secure any given token, and account keys on remote systems could be updated at will if needed.

>>61815328
Security breaches are all or nothing affairs, so yes, security is binary.
Either your password is secure or it isn't, there's no grey area there. At the end of the day, there's only one metric that counts and that is; has someone compromised your security.

>>61815343
>You're increasing security
>But you're not increasing security
Ok.

>>61815348
Don't answer questions that aren't targeted to you then please.

>>61815328
It cannot be more secure if it results in your security being broken.

>>61815358
Absolutely not. If you're still secure, you're still in danger of potentionally being cracked. If you have a non-secure password you're more likely to be cracked, but you can still be safe. It's definitely not binary, that would imply it doesn't matter as long as it's not cracked.

>Lastpass
>Random 20+ character password

Best of both worlds. Long AND random.

>>61815359
You're increasing security in a usage scenario that probably doesn't exist.

"Ah yes son, I have a degree from Philibuster university"
"What do you mean this university doesn't exist? It exists more than Giveadogshit University"

>>61815371
Security being broken is not only a question of password strength. If you are using a shitty web service that stores your password in plain text, no password will save you. No matter how secure you deem it to be.

So really, what are you trying to get at here?

>>61815362
Nah, thanks. I'm good.

>>61815359
You're increasing security in a marginal way that doesn't do anything you want or improve your situation in any way.

Furthermore, when someone is repeatedly guessing your password you have probability involves and often your 5'10 second thing will fall under 5'

>>61815393
>Nah, thanks. I'm good.
Well, if you want to be a dick and just disrupt conversations for no reasons, sure. I assumed you weren't a shitposter though.

>>61815351
there are hedge fund kikes who are trying really hard to short the share of the leading smartphone fingerprint sensor company called Fingerprint Cards AB and they spread fake news and shill on social media. probably to try and keep the share price down so they can place a bid on the company and buy it for cheap

>>61815405
Except for you, I don't think anyone was confused. This is not a private chat. This is a public discussion platform.

>>61815377
>that would imply it doesn't matter as long as it's not cracked.
Welcome to security, anon.
Security is context.

>>61815382
But the html scrappers and CSRFers!

>>61815398
>You're increasing security
So I am increasing security. Which was the point. Thanks for your input.

>>61815411
>Except for you, I don't think anyone was confused.
I disagree, considering >>61815286
>Nah man, you're wrong and just too ashamed to admit it.
And >>61815233
>So you're saying something either is or isn't secure? Where do you draw the threshold?
It seems you were completely confused who I was as well.
Besides, not everybody posts.
>>61815411
>This is not a private chat. This is a public discussion platform.
Doesn't make it somehow right to jump into conversations to answer questions that aren't targeted towards you, that are specifically targeted to somebody, without indicating that you're somebody else.

>>61815119
so if you have a few of his passwords you can calculate the algorithm and get everything else he has?

>>61815426
you missed the rest of what I said
>in a marginal way that doesn't do anything you want or improve your situation in any way.

its like how you can hold your breath to make your dick .00001 inch bigger but you still have a 1 inch dick overall

someone post the comic where the guy gets beat down until he tells what's his password

>>61815454
Moving the goalposts, I see.

File: security.png (26KB, 448x274px) Image search: [Google]

26KB, 448x274px

>>61815455

>>61815461
in a marginal way that doesn't do anything you want or improve your situation in any way

>>61815444
Depending on how advanced the algorithm is, yes. I did something similar before I started using a password manager.
I just considered it from the angle that I'm most likely not important enough to get preferential treatment. At most I'm going to be the victim of a database leak or something, which would result in them knowing one password. I considered the chance of them putting multiple passwords of me next to each other to be 0% in practice.
And if I was the target of some sophisticated attack, there are probably better ways of getting my password than to just try and decipher it like that. Like a baseball bat to the face.

>>61815482
I'd advise you to take a look at the post that started this all. >>61815052 It's not about it being a good password, it's about it theoretically being a stronger password. As a simple comparison for a more complicated case.

>>61814708
>He's not using made up 10 letter word, not known to any language with semi-random symbols.
It's like you're brainlet or something.

>he's not using a password manager for individually over-secured passwords and then applying whatever stupid rules to the unlocking password

>>61815541
>He doesn't make up a new language, translates the first sentence of the service's site to it, and uses that as a password, every time he signs up for something
Get on my level.

>>61815539
Is 1.001 more than 1.00 when you have a measurement error of +/- .1?

>>61814708
Gee, I never knew Bill Burr was a techie.

File: 1490114291068.gif (1MB, 499x499px) Image search: [Google]

1MB, 499x499px

>>61815558
That's pretty gud.
But why overcomplicate?

Here, a free password to get you started:

Faggot

Yes goyim, complicated passwords are not secure.

>>61815577
Not him, but yes. 1.001±0.1 > 1.00±0.1. You need to look at the median for that.

1 could be an infinitely secure password if everyone is expecting password length being greater than 2. Can't out logic that.

>>61815630
>median
I'm saying you got 2 samples and the instrument error is .1
You have no idea what the actual values are (because you don't know what order the algorithm is gonna guess passwords in), so its possible the "5 minute" password is guessed after the "5 minute 10 second" password. Eg the gain in entropy by allowing number substitutions does not offset the randomness involved in guessing the password

>>61815662
so could any password length given they don't expect it

>>61815667
But nobody is talking about that. We're talking about the gain in entropy existing in the first place. Not how much it is and it having a significant effect or not.

>>61815667
>>median
>I'm saying you got 2 samples and the instrument error is .1
Yes, and I'm saying you look at 1.001 and 1.00. That's what I meant with median.

>>61815667
>because you don't know what order the algorithm is gonna guess passwords in
You can make a really safe bet in that it will start with the easiest, and goes to progressively harder ones. They're designed to get the most amount of passwords in the least amount of time.

>>61815703
You aren't listening.

The argument I am making is: substition of '0' for 'o' does not have a measurable positive impact in guess time because the gain in entropy is eclipsed by the variability in guess time.

Therefore, a password with numeric substitution is not provably more secure than a password without numeric substitution

Is 1.000 ... 0001 > 1?

File: 1502132450044.gif (439KB, 640x360px) Image search: [Google]

439KB, 640x360px

>>61814708
Great bait. Look at all these (You)s :^)

>>61815756

Thank you.

>write hash algorithm
>Run password through hash, hash is now your password
>Just need to remember unhashed password
Any reason that wouldn't work?

HTTPS is not more secure than HTTP

>>61815746
>Is 1.000 ... 0001 > 1?
Are you really asking this? 1 by definition is 1 with only zeroes after the decimal point. So yes, that's true. Just answering your stupid question.

>>61815831
its nice that you are indignant but unfortunately
1.000 ... 001 == 1.000 ... 000
(because 1/inf is 0)

>>61815844
>(because 1/inf is 0)
What? Ellipses does not indicate "infinite". There's no reason to assume it's a theoretical number instead of a real finite number.

>>61815873
Elipses indicates a repeated infinite string of the characters proceeding it, this is like 7th grade shit.

The first term is 1 + (1/inf)

>>61815892
No it's not, source it. No mention of that sort of function on wikipedia for example.

>>61815933
https://en.wikipedia.org/wiki/0.999...

1 - .999 repeating : .000 ... 001

1 + 1 - .999 repeating = 1.000 ... 001

0.999... means an infinite number of 9s
0.999...8 means a finite, unknown number of 9s

>>61816010
No it's not, source it. No mention of that sort of function on wikipedia for example.

Is there a reason I shouldn't use the full ASCII set in my passwords?
I use a password manager anyway, why not Zõ£ª,O Oãp«jÌbhæî÷g¬?

>>61815967
That only explains ellipses at the end mate.
>>61816010
Exactly.
>>61816022
https://en.wikipedia.org/wiki/0.999...#p-adic_numbers

>>61815967
1 - 0.999... = 0
1 + 1 - 0.999... = 1

>>61816047
You are actually agreeing with me:

That section asserts 0.000…1 == 0, which is what I am saying. Not a problem with the notation.

>>61816022
http://www.mathnstuff.com/math/spoken/here/1words/e/e7.htm
Continues until told to stop, saying 001 means it's stopping, not continuing forever.

>>61816073
Yes,
and therefore

1.000 ... 001 == 1

Not >, =

>>61816097
That is shorthand for enumerating a set, not describing a number

>>61816092
>Whether or not that makes sense
> Among other reasons, this idea fails because there is no "final 9" in 0.999…
Learn to read.

You still haven't provided a good source that explains that you can use ellipsis the way you used them. A page implying it might not make sense isn't good.
>>61816117
Basically. Though if used at the end, it's an infinite set.

>>61814708
> ThisIsMyPassword is more secure than !P@$$w0rD&%
Lies

>>61815199
Not necessarily. It's still 6 words all of which should be in just about every wordlist, and any method searching for 6+ concatenated words would eventually try these.

Vs a 8 character dictionary word with about 6 random substitutions and 3 random characters added, probably reached only if a lot of the most often used words with most character substituted are tried with 3 random characters in any prefix / suffix position.

My guess is that !P@$$w0rD&% would be harder to find.

>>61816137
you quote:
>Whether or not that makes sense
wikipedia continues:
>the intuitive goal is clear

are you really so fucking obtuse you cant understand the meaning of the notation? This is how the concept of epsilon 0 was presented to me in calculus lecture.

Also, you can enumerate an infinite set, you just have to stop at some point.

>>61814708
>ThisIsMyPassword
>!P@$$w0rD&%

Added to the brute force table, thanks.

head -n 1024 /dev/urandom | sha256sum

And then store that in your system credentials manager

>a comedian doesn't know what he's talking about
really makes you think

>>61816375
>are you really so fucking obtuse you cant understand the meaning of the notation?
That's not what I said.

>>61816541
Lets imagine for a second ... between digits means "an unknown number of digits".
Why would ... after digits mean an infinite number of digits and not an unknown number of digits?
Don't give me the shitty set enumeration answer.

>>61814708
Just cracked that with a word list I've compiled throughout my 20+ years of pentesting. Took almost a second.

While I agree passphrases are better, there is a need to add symbols, a numeric combinations.

tH1$I$+mY%p4s5w0rD#&Nigger_fAg

While this password is much better, and certainly harder to crack. It has dictionary words, which a hybrid attack will pickup.

As a security professional for years, I recommend using keys instead of passwords. But, if you can't, consider a passphrase with a combination of characters.

>>61816568
>Why would ... after digits mean an infinite number of digits and not an unknown number of digits?
Because one indicates there's an end, the other doesn't.

>Don't give me the shitty set enumeration answer.
It's not specific to that.

Arguing about this is fucking stupid though, it would be way easier if you'd just provide the source I asked for. Without that it's just arguing about shit that anyone could make up.

>>61816605
>being this proud you can't into math

>>61816590
give me the list please

>>61815746
>You aren't listening.
You are missing the point. You've made up your own situation in which you are right, but it was not the original situation.

Are you also saying that increasing the password length doesn't make it more secure because when comparing a 2 digit to a 1 digit password, both will be cracked almost instantly?

>>61816634
I'm saying that if you are trying to win the battle by using alphanumeric substitution you have already lost. There is no situation where someone would have a hash of your passwords and they could guess it if you weren't using alphanumeric subsitution but not if you were.

>>61814708
are you people retarded, or gov shills? this is just a sad NSA attempt to mislead everyone who already is using a more secure password to downgrade to long phrases of words. you could write your own script to iterate through all dictionary words and concatenate each. NSA has the capability if trying trillions if passwords a second.

lmfao WOOPS, as
>>61816590
said

anyways, use this lmao ill have more bots and accounts now

>inb4 some retard says NIST isnt NSA
they aren't, but I've worked on security for some years too, and NSA and gov entities use NIST standards and often collaborate

/g/ does it again lmfao

just use a password manager lmao

File: 1500425384495.jpg (19KB, 495x362px) Image search: [Google]

19KB, 495x362px

>Bill Burr was not a security expert when he wrote the guidelines for password security for the US National Institute of Standards and Technology in 2003.

>The man responsible for setting the guidelines for complex passwords says he regrets writing the advice, and acknowledged that it "drives people bananas".

the worst offender that i've seen is outlook.com/microsoft, they disallow ALL your previous passwords so you end up setting a new password that you can't remember and then you have to set yet another one ad infinitum or you settle with an easy to remember shared password for all your accounts

>>61816688
Nobody was advocating using passwords like that, though. And any layer of possibilities helps. Even if you only widen the search space by a factor of 2. It can be the difference between 50 years or 100 years.

>>61816829
It is definitely more entropy to have more variety of characters in a pass phrase. If you are auto generating a key you'd be better off using all characters available in the set.

My point was that numeric substituted dictionary based passwords are only marginally more secure than dictionary based passwords in comparison to using a long randomly generated string of every character available.

>>61816829
50 - 100 years is too short.

Computers get faster exponentially, in 5 years it will only take 1 year, etc. You should be targeting things that take 10^20 years at least

http://howsecureismypassword.net/

Just feed your passwords into this to check, don't listen to some hack.

>>61816951
i wish i was the one who came up with that honeypot

>>61814708
Because it's obvious to anyone that a password of "chan4nigger" is infinitely more secure than a password of "w1$D9PQ" that must be changed monthly (and therefore written down) and can't have more than 4 characters in common with a previous password and can't contain any part of your name or profile.

File: 1437510642574.jpg (114KB, 640x628px) Image search: [Google]

114KB, 640x628px

>>61814708
Passwords are fucking shit and gay, why are public private key pairs not standard everywhere yet?

>>61816988
Although you're right, your tripfaggotry in order to get recognition is cringe worthy. Hope a bus runs over you.


Added a new filter :^)

>>61814708
If you want a secure password, literally use a 5 - 6 words phrase. It's that easy.

>>61817216
wow aren't you a rude one.

>>61816590
How would one use a key on something like Facebook or Google?

>>61817247
or a password manager

>>61817391
Name one good that password manager that is cross platform.

One.

>>61817423
keepass

>>61817434
NAME ANOTHER ONE

>>61815057
>device + PIN + fingerprint or something
Cancer

PINs are shitty passwords. Spying shit like fingerprints is cancer. PK is fine but using a device for it should be optional.

>>61817434
I said one good cross platform password manager.

>>61817491
>my subjective opinion means it objectively does not count