OT How strong need my password be?

Page 2 of 2  
On 4/14/2016 5:49 PM, FrozenNorth wrote:

IME, most breaches are because data can be queried *from* an information system.
Instead of: get user's stored password compare to what he has typed in allow access iff they agree it should always be: user X claims his password to be Y; is this correct? i.e., the information system only tells the entity making the query whether Y is correct for X (at this time). If not, the querant only knows "it is not Y; one down, NNN left to try!"
Then, you can monitor traffic to decide when someone is trying to brute force attack with repeated attempts. And, disallow those attempts (make them more expensive or block them entirely)
Any system that allows an adversary to defeat this monitoring is ripe for hacking. E.g., XP/Vista passwords can usually be cracked in minutes -- USING THE CPU POWER OF THE VICTIM'S PC! Once you have physical access to the PC, you can subvert that monitoring: don't let it boot it's *normal* OS, but, instead, boot something that does YOUR bidding using IT'S horsepower!
[This is why security conscious houses disallow USB/CD/DVD/floppy/PXE boots; it ensures that the machine will ALWAYS be under the control of the security team operating the machines (uness you physically break INTO the machine)]
All passwords should be well chosen. A common exploit is to gain access to one "service" through a poorly chosen password. Then, use this to leverage some OTHER service with a more secure password.
For example, using a crappy password on your email account. But, your BANK account has that email account listed as the mechanism by which you can request your BANK password be reset. Adversary pwns your email account; then uses that to convince your bank (your bank's computer!) to let you change the bank password!
I have particularly long, "random" passwords (i.e., no pet names, no birthdates, etc. Passwords that are more like NON VANITY license plates issued by a DMV -- only longer: "What does LKY3F444 mean?" "<shrug> No doubt the next one in the pile after LKY3F443!"
(but, this requires you to be able to commit odd sequences to memory)
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Thu, 14 Apr 2016 17:49:38 -0700, FrozenNorth

But then how does my userid and password help him? If I can't find it on the website, and he can only find by bypassing the website (so that the password won't do him any good), he can already do that, with or without my password.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Thu, 14 Apr 2016 17:26:08 -0400, Micky

So, what did you use for your password. We all want to know!
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Thu, 14 Apr 2016 21:10:12 -0400, snipped-for-privacy@unlisted.moo wrote:

ABCD
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Thu, 14 Apr 2016 22:38:20 -0400, Micky

You're right. I just logged into your account !!! Now I can change your wallpaper to a really ugly naked woman... HERE GOES !!!
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Thu, 14 Apr 2016 22:42:35 -0400, snipped-for-privacy@unlisted.moo wrote:

Ooooo. I have no idea how to change wallpaper. What will it take for you to change it back?
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Fri, 15 Apr 2016 00:02:49 -0400, Micky

Not too much, just a million dollars, and you buy the wallpaper paste!!! ....... :)
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 4/15/2016 12:02 AM, Micky wrote:

I'll admit, I never thought I'd see ransomware exercised on alt home repair.
--
.
Christopher A. Young
learn more about Jesus
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 15/04/2016 14:25, Stormin Mormon wrote:

I can see you through your webcam, please put some clothes on, you're frightening the cat.
--
Bod

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 04/15/2016 08:25 AM, Stormin Mormon wrote:

*** ATTENTION: VIRUS ****
The following virus requires your cooperation:
Please forward this to everyone you know, then delete all your personal data (don't forget backups).
Failure to follow these instructions may have severe consequences.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 04/14/2016 10:02 PM, Micky wrote:

We had a tech support guy who was clueless. His co-workers took delight in changing his wallpaper to ferrets. I don't think he ever figured out how to change it or secure his machine.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
rbowman posted for all of us...

WE had kids that would do a screen capture and use that as wallpaper. Clicking would lead to frustration... Took care of that.
--
Tekkie

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 4/14/2016 10:42 PM, snipped-for-privacy@unlisted.moo wrote:

Or, you can delete all his Harbor Freight ads, and watch him go bonkers and withdrawl.
--
.
Christopher A. Young
learn more about Jesus
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Cancel your service, maybe?
[...]

Not now, perhaps. What about in the future? Anyway, even if there's nothing to be embarrassed about, it's still nobody else's business.
And it does have marketing value.

Because that's about #3 or #4 on the list of things that someone would use, trying to guess your password.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Related Threads

    HomeOwnersHub.com is a website for homeowners and building and maintenance pros. It is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.