Report, edit, etc...Posted by RexyRex on 2006-08-05 at 17:07:48
Given the seriousness of recent events, most of you may find this useful:
https://www.grc.com/passwords.htm
It even has a tip for safer passwords:
https://www.grc.com/passwords.htm
It even has a tip for safer passwords:
QUOTE
You may safely take these strings as they are, or use chunks from several to build your own if you prefer, or do whatever you want with them. Each set displayed are totally, uniquely yours.
Report, edit, etc...Posted by RexyRex_Deleteme on 2006-08-05 at 17:13:02
Just kidding. Don't change your password to anything over 32 characters because you won't be able to login again otherwise. Changing your password to anything over 32 characters makes your account unusable. So, um, any administrator willing to help me out...that'd be great. 
Report, edit, etc...Posted by Voyager7456(MM) on 2006-08-05 at 17:14:11
I think Moose did that to the Admin CP password. 
Report, edit, etc...Posted by RedNara on 2006-08-05 at 18:50:59
How are you suppose to remember that? it would take atleast a min to type in your pass. :\
Report, edit, etc...Posted by Merrell on 2006-08-05 at 19:31:23
Copy and paste from a hidden notepad document.
Report, edit, etc...Posted by Killer_Kow(MM) on 2006-08-05 at 19:35:38
I find that the best passwords are stupidly obvious things, like "bathtub" or "hamburgerbun". No one would even think of either of those being passwords. Oops, just gave away my secret...
Report, edit, etc...Posted by LegacyWeapon on 2006-08-05 at 19:41:17
Bruteforcers generally have a list of common dictionary words.
Report, edit, etc...Posted by Killer_Kow(MM) on 2006-08-05 at 19:42:12
Thats why you put words together, or mispell them 
Report, edit, etc...Posted by Corbo(MM) on 2006-08-05 at 20:14:36
QUOTE(Killer_Kow(MM) @ Aug 5 2006, 05:41 PM)
Thats why you put words together, or mispell them
[right][snapback]540464[/snapback][/right]
[right][snapback]540464[/snapback][/right]
and add numbers and caps like..
oMg22pass34WORD76
Report, edit, etc...Posted by RexyRex_Deleteme on 2006-08-05 at 20:38:55
Or you could just use the link I gave you.
ADDITION:
ADDITION:
QUOTE
The use of these maximum-entropy passwords minimizes (essentially zeroes) the likelihood of successful "dictionary attacks" since these passwords won't appear in any dictionary. So you should always try to use passwords like these.
Report, edit, etc...Posted by Chef on 2006-08-05 at 20:40:51
ROFL ur smrt 
It's not really a good idea security wise, but I just chose a SENer's name and made it my password. I like to live dangerously.
It's not really a good idea security wise, but I just chose a SENer's name and made it my password. I like to live dangerously.
Report, edit, etc...Posted by n2o-SiMpSoNs on 2006-08-05 at 21:15:20
or you can go h4mU[G3r](bunZZ**)
ADDITION:
now everyone is going to try their name. lol and if you picked people who dont come here for any reason then i will try theirs
ADDITION:
QUOTE(SexyPinkPrincess @ Aug 5 2006, 07:40 PM)
ROFL ur smrt
It's not really a good idea security wise, but I just chose a SENer's name and made it my password. I like to live dangerously.
[right][snapback]540487[/snapback][/right]
It's not really a good idea security wise, but I just chose a SENer's name and made it my password. I like to live dangerously.
[right][snapback]540487[/snapback][/right]
now everyone is going to try their name. lol and if you picked people who dont come here for any reason then i will try theirs
Report, edit, etc...Posted by Chef on 2006-08-05 at 21:21:05
First one to guess my password wins my debt and my non-existent reputation. Not to mention suspicions of a owning a double account.
I don't value my account a terribly large amount, so go ahead and try.
I don't value my account a terribly large amount, so go ahead and try.
Report, edit, etc...Posted by yeow on 2006-08-05 at 21:53:54
Putting words in general, misspelled or not is not a good idea. And simply adding caps and numbers does not greatly improve your password. Your best bet would be to put Alt Codes into your pass along with spaces.
Of course, if you get trojaned, your screwed either way.
Of course, if you get trojaned, your screwed either way.
Report, edit, etc...Posted by RedNara on 2006-08-05 at 21:56:30
so does that guy know all of our pass? he doesnt right? he just knew the admins, or something of that sort and could mess around with our account but dont know our pass though right?
Report, edit, etc...Posted by Desperado on 2006-08-05 at 22:00:59
I used a combination of letters, numbers, other characters, and various symbols that are not on any keyboard.
Report, edit, etc...Posted by n2o-SiMpSoNs on 2006-08-05 at 22:06:46
or you can make it so your password can't be typed in unless you modify the HTML for the password box.
Report, edit, etc...Posted by yeow on 2006-08-05 at 22:06:55
Depends. It would be safe (and highly recomended) to change your password to something brand new.
Report, edit, etc...Posted by PCFredZ on 2006-08-05 at 22:23:22
If the passwords are actually stored anywhere on the server in plaintext form, we might as well paint ourselves with blood and go diving with some sharks.
We should just implement a limit to the number of trials per period of time so that regular brute forcing even a single digit could take, say, 2 days (5 tries / 24 hrs).
We should just implement a limit to the number of trials per period of time so that regular brute forcing even a single digit could take, say, 2 days (5 tries / 24 hrs).
Report, edit, etc...Posted by Mini Moose 2707 on 2006-08-06 at 01:19:59
Yeah, there's definitely going to be a time delay on failures in v5. The problem is, this was probably just a security hole in the *cough*wonderful*cough* v4 Invision Board. My old password was just definitely not bruteforcable on any timeframe short of a week.
Report, edit, etc...Posted by DT_Battlekruser on 2006-08-06 at 02:43:18
He had weeks.
Report, edit, etc...Posted by SuperToast on 2006-08-06 at 02:59:46
Are you certain he bruteforced it? I mean, if you are using the trial invision v2.0 like is listed at that bottom; there are quite a few possible exploits if I remember correctly (not pretending to be an expert, but I have dabbled in various cracking/hacking methods).
Report, edit, etc...Posted by ImPoSs-JeEp2 on 2006-08-06 at 06:36:56
My pass has a company name and numbers, its pretty random so if you try to guess my pass, its a shot in the dark.
Report, edit, etc...Posted by JaFF on 2006-08-06 at 07:57:56
Quite useful. I added a piece of that code to my existing password.
Report, edit, etc...Posted by Gigins on 2006-08-06 at 08:01:31
Doesn't look like password change helped Moose, he was hacked again. 