Get on my level

Facebook login: [email protected]
Password: H0tc0ckl0v3r69

wouldnt it be more secure to use the words full out as the password?

:-)

>logging off of tumblr.gif

hard to remember, easier to pick >5 words from a >10^5 dictionary.

>trillions
lol eat shit, OP

>pick a sentence from your favorite book
>1 up each letter on the alphabetical chart
>change vowels to symbols
>type your numerical birthday in symbols
>location of birth - first 2 letters in caps
>close pw with actual number

do it in that exact order

Is 'social engineering' the relatively fastest way of getting someone's password?

>mu5k.rat
Also, that's a terrible insecure password

Or use diceware and pick 5-6 words.
Pass I used:
rene dang m&m poi safe rivet

youtube.com/watch?v=3NjQ9b3pgIg

Yes, if they're not savvy.

no. that is ridiculously easy to dictionary. do not.

four to five random words all lowercase with a punctuation randomly but not between words or replacing a letter.

orientalobliga.tionparenthesisgoal

That's not exactly difficult.

Yeah, but 4 words is too few. I use this to generate passwords:
rumkin.com/tools/password/diceware.php

ilovethic.kfutashortstac.kswithhorsedicks

Pleebs not even using emojis in your passwords

dadada

Dictionary attack

>lewd sentance that makes gramatical sense
okay. have fun getting your bank info stolen

Sorry, it really needs to be longer if we're talking about a brute force attack, try mu5k.rat|www.web5ite.com

I just meant that the concept isn't that hard to figure, extend to haw many words you like. The only thing I'd worry about is a dictionary attack, but that's really it.

IdJustLikeToInterject4AMoment
Use it for everything, never had a breach.

>using a bank
it's like you enjoy just giving all your money away to the jews

yeah but with a pass that short and all lowercase you can brute it easily.

t. howsecureismypassword.net and i used the pass youre replying to

I like it

>meme for a passsword

i thought Sup Forums was supposed to be the tech savvy board.

Well it's in my dictionary now, thanks.

I think my password manager generates good enough passwords.

>not
I'd just like to interject 4 a moment.

Don't most online services limit the number of login attempts? I don't see why time matters when the number of attempts is the bottleneck

Not everywhere allows for spaces

And if their password database gets downloaded...

>not having scp-173 documentation as your password

>the passwords are in plain text

...your password would be available no matter how complex it is? I don't see your point

"good seller would buy again A+++++"

The most secure password.

>expose your password to a fleshlight

>repeated pattern

enjoy getting hacking dickface

The fuck does that mean desu

>>>/anywhere but Sup Forums/

You don't need to, if you use enough words. Assuming you're using a 10^5 dictionary. With 6 words, that's a search space of 10^30. No one could crack that.

quantum computer will crack anything.

Is this a joke? You can't be this retarded.

nice try, NSA

then use spaces where it's allowed, and don't where it is not. durr.

Before I used a password manager.

>a computer can't easily guess 7 random letters from an alphabet of 52
>a computer CAN easily guess 7 random words from a dictionary of thousands
lmfao

>Not utilizing Keepass

everybody learns sometime

The correct way to verify a password doesn't involve storing the password itself, but a one-way hash of the password.
When the user attempts to log-in, the password they enter is hashed and compared to the stored hash.

There's nothing wrong with not knowing something, it's when you act like a smug asshole while boasting your ignorance that you become a fucking faggot.

My password is 41 characters long

>My password is "41 characters long"

whatislovebabydonthurtmenomore12

Does calling others retarded help you avoid answering the question?

Same as above. You must be pretty fucking insecure to pretend you know more than other people on an anonymous forum

>The correct way to verify a password doesn't involve storing the password itself, but a one-way hash of the password.
>When the user attempts to log-in, the password they enter is hashed and compared to the stored hash.
That still has nothing to do with what I said

Kill yourself

>maybe you should add 2+2 for me instead of calling me dumb

If they have the hash, then they can run a bruteforce against it as fast as their computer can hash the guesses.

Are you done being a dumb asshole now?

Holy fuck you're all morons. The *correct* way to store passwords is has + salt. If you can crack the fucking hash the password is weak then you're doing something wrong.

Also, the premise was NEVER about attacks having obtained the hashed passwords. Earlier in this fucking thread terms like brute force and dictionary attacks were being thrown around. Stop making shit up and moving the goalpost.

That's nice, but I have a really good method.

Go to your favorite music player. Choose random play.
Your password is the first song that comes up with the first letter capitalized, followed by the amount of time the song lasts.

For example:

the first song that came up was So He Won't Break by The Black Keys. It lasts 4:14

So, my password is now

Sohewontbreak414

Pic related, it's how secure that is.

Simple and easy to remember.

All salting does is stop lookup tables. You can still bruteforce it or use dictionary attacks.

Thanks for making my dictionary bigger.

Good luck with that mate, I'm pretty sure you'll be successful in adding every single song ever written

Just will take a look at you last.fm account or liked bands on your facebook page. It's not hard.

Yeah I'm happy with this.
H4n$#otF1rst
is what I use as a primary key for the slave APK/JAR hosted at masterpasswordapp com

The long passwords that fucker generates run between 50 quintillion and a dozen sextillion.

How is that easy to remember if you use a different one for each pass?

I don't have either of those, but hey, if you find someone stupid enough to have all that and you think that maybe they just happened to have the same idea as me then go ahead go to town :)

I got super paranoid a few months ago and changed all my passwords. The methodology I followed was this, and I'd like to hear your opinions about it:

- No matter how strong the password is if the weakest website gets hacked you are done for if you use the same password for everything.

- I made up a phrase that included obscure words from a few languages and a number.

- I scrambled them in an order that is dependent on the website according to a very simple rule I made up.

- I prayed.

I'm not sure if there's anything better can be done without using a password manager. And I don't want to use one.

I dunno, it's easier for me to remember a song name with the amount of time it lasts (which by the way the time varies sometimes depending on the source) than something like
>H4n$#otF1rst

It would also be a huge longshot for someone like this wannabe "hacker"
to guess that's what I'm doing, and an even longer shot for me to use a song from my last.fm account when there are so many music services

No thanks, I'd rather not enter my password into a site that's potentially vulnerable to XSS and getting my session cookies stolen, resulting in someone knows both my username and password, and all the accounts to use them in.

That is why I don't have an issue with password security in the first place.

>last.fm
>not torrenting all your music and storing it locally

>not ripping your music from 120kbps yt videos, converting them, compressing them and storing them on your phone in a mess of badly tagged folders and files

Wait, people are putting their real passwords in there?

I'm putting in a similar password with different numbers and characters to get a similar estimate of security.

I seriously doubt anyone was dumb enough to enter their REAL passwords into a relatively unknown website lol

right, Sup Forums?

hehehehehehehehehHAHAHAAHHAAHAHAH

>I seriously doubt anyone was dumb enough to enter their REAL passwords into a relatively unknown website lol
I can guarantee you almost everyone ITT did.

>The quick brown fox jumps over the lazy dog.
>2 vigintillion years
good enough for me

That's really not bad, but you should really just use a password manager.

>OP is such a huge fucking faggot holy shit

The problem is that not all programs, hardware or websites will let you use special characters, heck, not even spaces.

I use
>aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
as my generic password then I just replace one a with a b so if I replace the 20th character I just need to memorize 20b as my password.

With this password

ifyouleavemenowillbuyanewblackdog

you got 39 OCTILLION YEARS

>reddit

Fuck

This my password bois

- use words that are rare and unlikely to be found in a cracking dictionary
- modify the word in a way that is not just "lel I substituted e for a 3", but change it in a meaningless way, add hyphens/separators at weird places "thegovernmentdidnineleven" -> thegomernvent_didnin_eltevten"

I use very long randomly generated passwords (sometimes maximum length if I feel like it, 200+ character passwords are wonderful), so no, you need to get on my level faggot.

When I need a password that I can remember, I have a simple one with upper, lower, a number, and a symbol that I pad a few times with a simple to type pattern(such as asdf, 1234, qwer, etc)

What do you do when you're out and need to log on a website from another PC?
I mean how do you manage these 200 character long passwords?

>entering your password on someone else's computer
>ever
shiggy diggy

I expected this response. Why is that so dangerous though? I can imagine other people having spyware and that stuff but is there anything else?
Also what if you definitely need to log in on another computer? I rarely ever have to myself but you never know

>Have reasonably long password.
>Double it. (ie passwordpassword)

Yes, it would be. Especially if they are not a valid sentence.

I type the same character just 12 times and it puts a ridiculous number of charters in the text box. Well at least it didn't crash like half the systems I put this simple password into.

In my real password version each of those characters are a different type, as such repetition severely weaknesses the password like the dummy one I used in the pic. As I not letting them add the real version to their dictionary.