If you have an email ending in @hotmail.com, @live.com or @outlook.com (or any other Microsoft-related domain), please consider changing it to another email provider; Microsoft decided to instantly block the server's IP, so emails can't be sent to these addresses.
If you use an @yahoo.com email or any related Yahoo services, they have blocked us also due to "user complaints"
-UE
Comments
aI'vE gOt CaBiN fEvEr!
I hope you people aren't actually putting your strongest passwords into this site. :P
* shittyshittybangbang: 225684805745 years, 11 months
* lahdeedah: 31 minutes, 52 seconds
* chandeli-ho: 282 years, 11 months
* chandeli-ho!: 16412 years, 4 months
* jinx: < 1s
* jynx: < 1s
* charizard: 31 minutes, 52 seconds
It's just evaluating this depending on string length. A huge chain of a's this long ●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●● can be forceable in 3.139*10^100 years.
Though it also seems to account for capitalization. 22ef22efgh8 is forceable in 1 year 5 months. So is 22EF22EFGH8. However, 22EF22efGH8 takes 589 years and 3 months.
The entire alphabet, in lowercase, takes 69717596898410406000 years to force.
> posting passwords
> within a small userbase
> okay, so they're probably sockpuppet passwords and therefore harmless to reveal
> but still
LOL IMMA HACKING
this is, of course, assuming that most hackers are going to be using brute-force attacks
^Indeed; isn't phishing more common?
>1 year, 29 days
Good enough for me.
16 minutes, 33 seconds
Er... I'm sure I'll be fine. >.>
The problem with those calculators is that they automatically assume that the hacker in question is unfamiliar with the person who owns the password.
^ Well, if I understand correctly, the idea is that it calculates how long it would take to brute-force the password. If you're just trying to guess based on what you know about a person then yeah, that will be quicker.
Knowing me wouldn't help figure out my password at all.
Yeah, after I posted that I realized I should have said "could be quicker."
I can think of one person who might have the faintest inkling.
CentralAvenue,
Well, if I understand correctly, the idea is that it calculates how long it would take to brute-force the password.
You mean like beating up an account until it tells you its password? Sorry, that was a pretty lame joke.
Anyway, I do think it can be kind of weird when people use really weak passwords, but I am not sure it really makes much sense to tell people what passwords you use anyway unless it is one of those expiring password deals that has already expired. I guess that is kind of stating the obvious though.
On a somewhat related note, does anyone else ever have trouble coming up with answers to those security questions (the ones like "who was your first grade teacher" or "what is your favorite meal/book/movie/etc.")?
Yes.
Sometimes I put in blatantly false but memorable answers. Such as saying that my favorite historical figure is JFK. (I am mostly unfamiliar with JFK other than notable facts.)
^ Hi there DK.
I like the ones that let you choose your own question. "What do you get when you multiply six by nine?" "A suffusion of yellow."
624797446372215 years for my longest password. Just over six years for my most common one. 13 months for the one for this site. Satisfactory.
Relevant:
Numbers and special characters only make a password harder to guess if the algorithm for some reason decides to give them lower priority than letters, which I suppose makes some amount of sense, but the point of the comic is that adding more characters increases the password strength far more than using different ones, so long as your whole password isn't a dictionary word. So using multiple dictionary words strung together is a great idea, so long as the site allows passwords without funky characters or numbers and has a high maximum length.
I posted that exact same image on the previous page >=/
Might as well make your 15-character password some combination of four three letter words.
Such as "bit sod alf git". Alternatively, two seven-letter words, or three four-letter words. "tarmacs plunder" or "ping isnt taps"
Going by that site and using a password similar in structure to the ones I use, it would take several months for my less-important "I use this on sites I don't do anything important with" password to get brute forced, and...considerably longer for my real one. Neither are actual words, contain actual words, or are in any way shorthand for actual words. Good enough for me.
As for security questions, I can never remember silly things, like how/if I capitalized it, or if I used a period in the salutation (I wound up stonewalling myself out of something several years ago because I forgot I didn't put a period in "Dr"). Furthermore, they almost always ask things that are either on public record or are easily attainable through relatively trivial digging, so they're almost worthless anyway and more often than not serve as a backdoor you wouldn't have risked otherwise.
I much prefer security questions you can enter yourself -- you can make it a good deal more obscure that way. For example, my old laptop's login security question was "ZFBC". It holds personal significance to me and I'd remember the "answer" in about one second, but for someone else to figure it out they'd need to be familiar with a particular piece of godawful fanfiction I wrote ages ago on a computer that no longer works and never left said computer -- and it was pretty painfully long and those initials didn't even appear anywhere in it. So yeah >_>
Icalasari,
I just use an out there answer (eg "Who was your mother?" "Banana Cream Pie")
(That video is pretty silly/dumb, so feel free to not watch it, but what glenn said about DK reminded me of it.)
glennmagusharvey,
Sometimes I put in blatantly false but memorable answers. Such as saying that my favorite historical figure is JFK. (I am mostly unfamiliar with JFK other than notable facts.)
I guess that is one strategy, but I feel like even telling little lies like that can be harmful in a way. It kind of reminds me of how when some people answer the phone for someone else they will say that the other person is gone even when he/she is just unavailable or does not want to talk. I suppose that is a discussion for another day though.
Bee,
I agree with you security questions you can enter yourself, since they seem to be easier to remember and harder to guess. I wonder why those seem to be less common though.
Well, the thing with "lying" like this is that, very often, such questions might ask me very personal questions, such as "what's the name of your first crush?". And I don't want to give truthful answers to these, for my own privacy. So I'll just have a stock answer or blatantly false answer prepared for that, such as "Mary" or "Fate Testarossa".