We'd like to remind Forumites to please avoid political debate on the Forum. This is to keep it a safe and useful space for MoneySaving discussions. Threads that are - or become - political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
'How to have lots of passwords without struggling to remember them' blog discussion
Comments
-
Even encryption is being succesfully 'decrypted' nowadays, using the power of the cloud itself. It's only the inconvienience of the time it takes, but the potential reward might just outweigh that.
At least if you use stronger individual passwords, those that have the weaker ones will ultimately be victims first before you or better still instead of you!0 -
I'm noticing that a lot more sites are making rules for passwords along the lines of
"Password is case sensitive, it must be at least 8 characters including two letters 2 numbers and 2 punctuation characters"
The last requirement can cause problems if you are trying to use "the cloud" from a "foreign" keyboard.0 -
How did the hackers crack sony and facebooks user passwords? Did they guess them randomly or have a program which did it for them? the reason for asking is that no matter how complex your password, if a program is used it will crack them no matter what? Im not techy so feel free to correct me if i am wrong!:):):):):):j:):):):):):)0
-
safetygirl wrote: »How did the hackers crack sony and facebooks user passwords? Did they guess them randomly or have a program which did it for them? the reason for asking is that no matter how complex your password, if a program is used it will crack them no matter what? Im not techy so feel free to correct me if i am wrong!
That's a good 'million dollar question', & it seems the likes of Sony & facebook are still trying to work that out somehow. It wouldn't be 'one' responsible individual in my guess. The sheer power of multiple computing (cloud botnet style), & simple passwords (lets start with abc123 etc) make it a bit easier. The likes of an SQL injection attack & beyond start to get a bit more complex.
It is now possible on accounts like gmail and facebook to enable a feature called "login approval", which effectively locks out a hack attempt by positively identifying yourself using a unique security code if any attempt is made to login to your account from a different computer.
http://m.readwriteweb.com/archives/facebook_launches_login_approvals_new_secure_two_factor_authentication.php
:T0 -
safetygirl wrote: »How did the hackers crack sony and facebooks user passwords? Did they guess them randomly or have a program which did it for them? the reason for asking is that no matter how complex your password, if a program is used it will crack them no matter what? Im not techy so feel free to correct me if i am wrong!
Most facebook passwords are of the weak dictionary types. Passwords are the weak link in any system so martin's advice of using dictionary words is pretty lousy.It is now possible on accounts like gmail and facebook to enable a feature called "login approval",
Yes and no - Gmail and google accounts use two-factor authentication (if you turn it on) - you put in your password and then you are required to put in a random number generated from an app - this is good.
Facebook's "login approval" is as much use as a chocolate fireguard, it allows you to log in from a strange machine and then simply sends you an email saying you've done it - relying on the user seeing the email before the account is changed and they are logged out. the system described in your link does not seem to be currently available to UK customers. A waste of time in it's current form.0 -
Even encryption is being succesfully 'decrypted' nowadays, using the power of the cloud itself. It's only the inconvienience of the time it takes, but the potential reward might just outweigh that.
At least if you use stronger individual passwords, those that have the weaker ones will ultimately be victims first before you or better still instead of you!
Which is why two-factor is the way to go - I use lastpass with a strong password and also a Yubikey. Unless they manage to steal the actual yubikey off me they are straight out of luck.0 -
safetygirl wrote: »How did the hackers crack sony and facebooks user passwords? Did they guess them randomly or have a program which did it for them?
I don't buy that old chestnut for a minute.
The theory of these attacks being brute force dictionary-based attacks is a very tall fairytale.
This is a myth put out by company insiders and stooges who would rather cast aspersions on the victims than admit liability for their own security failings.
Think about the scale of the task of performing a successful brute force attack over the internet. It would be vast, and there are time constraints involved, too.
Remember you've got to submit the correct username and password combination before the authentication server locks you out. That typically happens after n incorrect password tries on the same account.
The OED has 100,000 commonly-used words, and there are maybe another 10,000 more words that are popular proper nouns. 110,000 words to choose from, two cases for every letter, and five goes to get it right. No chance!
Much more likely is that the security breaches occur in the authentication systems of the companies themselves. That often includes data theft by disgruntled former employees who leave with inside knowledge and then sell that data to criminals.
Alternatively, passwords can be stolen on-the-wire, using packet sniffing tools. Until recently, facebook did not offer encrypted HTTP sessions during login. At any point along the network path from the user to Facebook's authentication server, login passwords could be sniffed using off-the-shelf tools like wireshark.
Or malicious code can be installed remotely onto the PC of a victim. That code typically includes its own deep network packet inspection capabilities, and keystroke logging.
The next time the victim logs into his Facebook or Sony account, his password is automatically picked up by the malicious code that is running on his machine. The malicious code secretly forwards his password to a listening socket that has been set up by the hacker on another machine that he has also hacked (so as to obfuscate the audit trail).
We are not talking script-kiddies here. We are into the realms of serious organised crime. When you think about the vast sums stolen in the numerous internet-based attacks on the banking system, this is a multi-billion dollar black industry.0 -
I use one of those password database programs (can I mention the one I use personally?) that saves the data in its own format, and can save it as a CSV file that can be loaded into a spreadsheet (handy for keeping a copy on the old pen drive).0
-
MothballsWallet wrote: »I use one of those password database programs (can I mention the one I use personally?) that saves the data in its own format, and can save it as a CSV file that can be loaded into a spreadsheet (handy for keeping a copy on the old pen drive).Eco Miser
Saving money for well over half a century0 -
MothballsWallet wrote: »I use one of those password database programs (can I mention the one I use personally?) that saves the data in its own format, and can save it as a CSV file that can be loaded into a spreadsheet (handy for keeping a copy on the old pen drive).Stompa0
This discussion has been closed.
Categories
- All Categories
- 347.1K Banking & Borrowing
- 251.6K Reduce Debt & Boost Income
- 451.7K Spending & Discounts
- 239.4K Work, Benefits & Business
- 615.2K Mortgages, Homes & Bills
- 175K Life & Family
- 252.7K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 15.1K Coronavirus Support Boards