• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

My l33t typing speed wins me a free lunch

kranky

kranky

Elite Member
We were finishing up a meeting discussing security yesterday, when one of our newer hires said if he wanted to he could get tons of passwords just by watching people type them in.

On a side note, one of the more interesting topics of the meeting was that passwords don't have to be obscure to be very effective - using longer passwords is actually more effective against brute-force cracking than a shorter, but more obscure one. In other words, grandma'spaisleyshawl is more effective against cracking attempts than 4_z#h0JxOP. It also keeps people from wanting to write them down and completely negate security.

Anyway, I told him he could watch me type my password 10 times and he wouldn't get it. To up the ante, I said I would bet him lunch that not only wouldn't he be able to figure out my password after watching me type it 10 times, he couldn't even tell how many characters it was. He took the bet, and today I enjoyed a free lunch.

Today, it was burst typing FTW.
 
I would have changed it to something like: igotafreelunchonyouhahahahaha just to spite him.
 
Wow, and cookies for dessert! 🙂

The longer-but-plainer vs. shorter-but-obscure password research actually convinced our IT group to change the rules on passwords, making many people very happy. No longer are special characters mandatory if your password is longer than 10 characters.
 
Originally posted by: kranky
Wow, and cookies for dessert! 🙂

The longer-but-plainer vs. shorter-but-obscure password research actually convinced our IT group to change the rules on passwords, making many people very happy. No longer are special characters mandatory if your password is longer than 10 characters.
Click to expand...

What about upper/lower case?
 
The worst part about those really long phrase like passwords is when Franky Four Thumbs botches it 4 times in a row and thus locks himself out. Daily.
 
Originally posted by: KillyKillall
Originally posted by: kranky
Wow, and cookies for dessert! 🙂

The longer-but-plainer vs. shorter-but-obscure password research actually convinced our IT group to change the rules on passwords, making many people very happy. No longer are special characters mandatory if your password is longer than 10 characters.
Click to expand...

What about upper/lower case?
Click to expand...

Still have to use both.
 
That's a great way to give out passwords to a new hire. I can see the new hire now...."Oh yeah I can't see your pwd.". All the while he's got your pass and you don't realize it.
 
Originally posted by: Goosemaster
me thinks the guy is faking it and jsut wanted to buy you lunch...

*thinks about why someone would willingly do that*


:Q
Click to expand...

Nah, he was disappointed he couldn't figure it out. To win all he had to do is figure out how many characters it was, anyway. And since it wasn't being echoed to the screen, he had no way of knowing if I was typing the same thing every time or not. 😛

Originally posted by: randomlinh
and tomorrow you'll post "FVCK, my account is screwed" I wouldn't own up to knowing your password. heh
Click to expand...

Originally posted by: five40
That's a great way to give out passwords to a new hire. I can see the new hire now...."Oh yeah I can't see your pwd.". All the while he's got your pass and you don't realize it.
Click to expand...

Really, if he WAS able to figure it out, you'd think somewhere out there would be some type of high-paying career for anyone who can identify what is being typed at more than 5 chars/second.
 
Originally posted by: BlinderBomber
I don't understand how your second password is possibly more effective than the first against a brute-forcer.
Click to expand...

No, I'm saying the longer (but plainer) one is more effective, simply due to its length.
 
Originally posted by: Goosemaster
me thinks the guy is faking it and jsut wanted to buy you lunch...

*thinks about why someone would willingly do that*


:Q
Click to expand...

Hey, I'll bet you dinner that Dustin Hoffman was in Star Wars.
 
I disagree with the statement it is harder to crack.

When doing a brute force attack there is generally a dictionary. Instead of a dictionary consisting of all the letters and special characters, use a dictionary full of words.

grandma'spaisleyshawl is really only three words, thus ineffective against a BF attack if the dictionary is meant to attack passphrases and not passwords.

Furthermore, for most users they will use a very limited set of words for their passphrase. Generally speaking people have a small vocabulary and a smaller dictionary can be used.
 
Who needs to memorize passwords these days when you can just boot to a CD and reset them to whatever you want? 😉
 
Originally posted by: Mutilator
Who needs to memorize passwords these days when you can just boot to a CD and reset them to whatever you want? 😉
Click to expand...
Now, now... let's not be naughty 😀
*Looks at torrent of 6GB hash table*
 
Originally posted by: pinion9
I disagree with the statement it is harder to crack.

When doing a brute force attack there is generally a dictionary. Instead of a dictionary consisting of all the letters and special characters, use a dictionary full of words.

grandma'spaisleyshawl is really only three words, thus ineffective against a BF attack if the dictionary is meant to attack passphrases and not passwords.

Furthermore, for most users they will use a very limited set of words for their passphrase. Generally speaking people have a small vocabulary and a smaller dictionary can be used.
Click to expand...

Computers are fast enough today that they can try each combo of characters in very little time. We were just reading about it the other day. It doesn't take much to crack a 5-7 character password.

Read this: http://www.lockdown.co.uk/?pg=combi&s=articles
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top