Thread replies: 39
Thread images: 5
Thread images: 5
File: 84226da5a53aaa4de29c38b2dd9b01b5[1].jpg (127KB, 400x400px) Image search:
[Google]
![84226da5a53aaa4de29c38b2dd9b01b5[1].jpg](https://i.imgur.com/9xwlvea.jpg "84226da5a53aaa4de29c38b2dd9b01b5[1]")
127KB, 400x400px
Is it safer to type passwords every time or make the browser remember them (I don't want to use a password manager)?
Are (really) long passwords unnecessary since brute-forcing or dictionary attacks require decent hardware and time (most hackers probably use phishing)?
I use passwords always under 20 characters in length and over 9 with decent complexity like numbers, letters uppercase+lowercase and symbols.
I also should change them every now and then but aint nobody got time fo dat and I'm too lazy.
I'm thinking it shouldn't be a big problem though since I only register to really big websites like Google and Facebook that have (I believe decent security) and it's unlikely
that my info will get leaked in a database somewhere.
Can somebody educate me further about password security?
Isn't keeping your email address secret important too? To avoid phishing?
Also where should I look too see if my info got leaked like password and email.
>>
Make your password as long as you can and use lots of symbols. Try to avoid complete words and do not start your password with an uppercase letter. Try not to use numbers or lowrecase letters as the last two characters.
And stop using Facebook & Google
>>
>>62298149
>do not start your password with an uppercase letter. Try not to use numbers or lowrecase letters as the last two characters.
I can understand the first part but can you explain this?
>>
>>62298149
Why should I even use a very large password?
> https://howsecureismypassword.net/
Even a short one but over 10 is enough if someone uses numbers, upper+lowercase letters and symbols.
>>
>>62298168
>Coconut37
>Joey1995
Can't really explain better than this
>>
>>62298204
Well complexity is to prevent bruteforce. Length is to prevent human brain. (:
>>
>(I don't want to use a password manager)
Stopped reading right there.
>>
>>62298204
but don't most systems only allow a few attempts to log into an account?
I don't understand how a hacker can brute force a facebook account password?
>>
>>62298256
ok fine... give me reasons why should i use one
>>
>>62298098
Firstly: you really should try to use a password manager, once you get used to it, life is great. I use Keepass (Free) hosted on Dropbox (free). Its on my phone, my desktop, my work PC. Bl00dy brilliant
>>62298149
I disagree with this, if we get into a slugging match I'll try and find a citation. You should go for passwords which are easy for humans to remember, but hard for computers to crack.
Combinations of 5 or 6 uncommon words, mixed with special characters and numbers you can remember. The best example I ever heard was from Edward Snowden actually
>MargretThatcherIs100%Sexy!!!
Its not perfect, plenty of problems in there... but it gets the idea across
>>
File: 1493003732817.gif (22KB, 128x128px) Image search:
[Google]
22KB, 128x128px
>>62298243
I may have inverted those two
>>
>>62298268
usually a hacker would have to obtain the hashed password so he could brute-force offline
i dont know how he would get it though from big companies like google and facebook
maybe if they got leaked?
>>
>>62298288
right, that makes sense then
thanks
>>
>>62298297
nobody really uses brute-force or dictionary attacks though except on some occasions
phishing is a lot easier with a spoofed email address
>>
>>62298282
>>62298149 here, I can agree with this and you're right but maybe I'm too paranoiac to use a password easy to remember
>>
>>62298297
Also check this
> https://www.youtube.com/watch?v=7U-RbOKanYs
>>
>>62298098
Nobody brute forces passwords in 2017. Its all rainbow table generation and cross referencing compromised databases.
Just dont re-use passwords and dont use common ones like "pizza" or "password123"
>>
If your password is over 16 characters long with uppercase / lowercase letters, numbers and at least one symbol such as _ then it's already impenetrable.
An example : hyPothetic4l_709F
>>
File: facebook_phishing_scam-resized-600.png (103KB, 499x347px) Image search:
[Google]
103KB, 499x347px
>>62298313
since gmail already looks through private emails to gain user data
they should look for common elements in emails
>logos
>phrases / keywords
and compare them to templates they have from the official platforms
if the common elements match the templates from the official email addresses,
but are from random email addresses, notify user that the email is a scam
for example, in pic related
why couldn't the email service recognise the highlighted elements?
and figure out that it doesn't match?
why is this not a thing?
>>
passwords for any at-rest-encrypted-data needs to be 50 characters minimum.
words and spaces are OK.
>>
>>62298426
Facebook changes template slightly, nothing works
or
scammers just copy template better.
>>
Check this out. https://howsecureismypassword.net/
It's not very accurate but it gives you an educated guess about your passwords
>>
>>62298470
I'll clarify what I mean
I'm not saying emails would be marked as spam if the template didn't match
If the template matched, but the email address was unknown
then it would be marked as spam
>>
>>62298426
You don't even have to use a random email address. You can spoof sender address address to anything you want like [email protected].
>>
>>62298518
well then couldn't they compare the ip address of the sender to the usual ip of the official email?
eg: if an american user gets an email from somewhere in somalia
>>
>>62298559
they probably do and your email gets marked as spam
so thats why they send with a different email address? to not get marked as spam?
>>
bump
oh nah dont let this thread die on me i still need some answers
>>
>>62298269
http://haveibeenpwned.com
Here's one big reason
>>
>>62298991
Answered on this earlier, will try again
>Get a reputable password manager
>Make your password for that stupidly complex, but easy to remember
>Use the generator to spew out "unique & random" 20-30 digit passwords for each new account
>>
>>62299858
You don't need 20-30 digit passwords. Those are overkill.
Try this and see what I'm talking about
https://howsecureismypassword.net/
>>
File: 1503700987300.gif (240KB, 320x320px) Image search:
[Google]
240KB, 320x320px
It's useless if everyone's security is shit.
>Have secure passwords
>Website gets hacked
>Database gets dumped
>Despite them saying their stuff is all encrypted and salted, it's actually not
You're only ever warned about a data breach months or years after it occurred and that is ASSUMING the person who breached it goes out of THEIR way to provide journalists with the information to get them to post it because no website/company will fucking do it as it hurts their revenue. There's probably been thousands of breaches we don't know about and companies never say anything about it.
>>
>>62300014
Where are databases dumped usually and how can I see them?
>>
Make the browser remember them also click show password safest stay safe
>>
>>62299969
>overkill
Not if you're using the aforementioned pass manager
It does the work of remembering that shit for you if you're that daft
>>
>>62300127
Always on an onion site via tor theyll have torrent links
>>
>>62300144
I'm saying that it's stupid to use a 20-30 digit password. It's ridiculous.
Even a complex 12 takes forever to crack.
>>
>>62300146
What is the most popular website that hosts these (most used)?
>>
File: 1492305859240.jpg (77KB, 480x360px) Image search:
[Google]
77KB, 480x360px
>>62299156
>>62299969
I've been pwned...
>>
Here 5 free safe passwords that contains at least 78 entropy bits:
<K!`iC{kKE;{
H=_<:9(r&{?,
784036639224390949669712
h80b8ifhhpduqfh2
ht75t2v49qp8hjk4
Thread posts: 39
Thread images: 5
Thread images: 5