How secure is your password Sup Forums?

my password is very secure so long as I don't type it into that password harvesting site

LOOOOOOOL

But if 9 characters-password is so strong, won't the standard recommendation be 9-10 chars instead of the current 20 chars length?

Is password1234567891011121314151617181920 secure?

>howsecureismypassword.net/
Where the fuck did you get that figure? Assuming ASCII characters, there are 95 possible values for each character (a-zA-Z0-9!@#$%... etc). 95 to the 9th is 630249409724609375 possible passwords.

Assuming 1 trillion guesses per second (Snowden's figure circa 2013), it would take 630249409724609375 / 10^12 = 630249 seconds to crack a 9-digit password. Or, exactly 7 days. (The exact 7 days figure surprises me. Also, the website is apparently also making the assumption of one trillion guesses per second.)

>This website is retarded. It thinks a 9 character password containing mixed case plus numbers and special characters could be cracked in 4 weeks. That is insane
Its not insane

its making a basic calculation from the average speed of a processor which is equivalent to the number of guesses it can make per second. It then relates that to your password which is basically just how many different combinations can it make before getting it, dividing by 2 because the average between t=0 and t=100% all combinations extinguished, the average time is about 50%. Assuming your password was the very last guess it could make it would take about 8 weeks instead of 4

this is a simple math of "if I have this number, how long will it take at this rate"?

Guys how strong is my password?

password

>implying these sites aren't nsa run to match passwords to ips, and therefore identities

...

>your password isn't \\'\\\'\\'\\\'\\'\\\\'\\'\\\'\\'';';;';;,';;;',;';

Depends. What site so you use it on and what is the accompanying user/email?

Well it's 8 characters long, that should be safe enough

this website mainly shows what combination and length of password does to the time take. it's roughly an estimation

>using only numbers
>using only letters
pretty pleb tier

>numbers and letters
meh tier

>captial and lower case letters with number
good tier

>>captial and lower case letters with number with symbols
great tier

it also looks for common words.and repetitiveness

>tfw your old passwords could be solved instantly

id make the P uppercase

>no unicode escape characters
>no unicode characters

I use 30 character random generated passwords from LastPass for almost everything except banking, Google, and LastPass itself

For those I use pic related style passwords

I use pic related, but I add numbers and symbols.

>no triforce in password

▲
▲▲

>OP is a faggot
>66 million years
Nice, I'm safe.

Password managers are a meme. Encrypt with PGP key and veracrypt, a list of random strings numbered for passwords.

Supercomputers can calculate this shit instantly. You're fucked either way if you're targeted by the gov. If you're attacked by some random hacker then it will either be through social engineering, malware (example, exploiting MS win10's built-in keylogger) or he'll use a botnet of thousands of computers to do these calculations. So saying 4 weeks would take to calculate a 9 char password is way too optimistic.

Lastpass isn't an offline password manager you idiot.

>idiots still go to this website and type in actual passwords (and don't even try to deny it)
>you fucking idiots

Bad call.

arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/

>As the name implies, a hybrid attack marries a dictionary attack with a brute-force attack, a combination that greatly expands the reach of a well-honed word list while keeping the keyspace to a manageable length. The first round of this stage appended all possible two-characters strings containing digits or symbols to the end of each word in his dictionary. It recovered 585 plains and took 11 minutes and 25 seconds to run. Round two appended all possible three-character strings containing digits or symbols. It cracked 527 hashes and required 58 minutes to complete. The third round, which appended all four-digit number strings, took 25 minutes and recovered 435 plains. Round four appended all possible strings containing three lower-case letters and digits and acquired 451 more passwords.

>The specific type of hybrid attack that cracked that password is known as a combinator attack. It combines each word in a dictionary with every other word in the dictionary. Because these attacks are capable of generating a huge number of guesses—the square of the number of words in the dict—crackers often work with smaller word lists or simply terminate a run in progress once things start slowing down. Other times, they combine words from one big dictionary with words from a smaller one. Steube was able to crack "momof3g8kids" because he had "momof3g" in his 111 million dict and "8kids" in a smaller dict.

>"The combinator attack got it! It's cool," he said. Then referring to the oft-cited xkcd comic, he added: "This is an answer to the batteryhorsestaple thing."

L&\rwG'%o>d*S@/jr}9P&}c4>.sP7EWToj8p+D'58Jmnq'&~QY3yVYnz9xFXLFQL&rwG'%o>d*S@jr}9P&}c4>.sP7EWToj8p+D'58Jmnq'&~QY3yVYnz9xFXLFQL&rwG'%o>d*S@jr}9P&}c4>.sP7EWToj8p+D'58Jmnq'&~QY3yVYnz9xFXLFQ

That's 2013 as well.

>Luddites fear progress

It's only taking forever due to length. Typing nigger over and over again will achieve the same result. Not very good practice.

At least use pass or password safe.

brb switching all of my passwords to "nigger nigger nigger."

How did I do Sup Forums?

Are you fucking kidding me? They check these first.

!#@@$^::::{space}:jewzaaaylmaoAsdfghjkl;'###(¼)\n
Get fucked.

...

GG

Also there could be a much simpler string that evaluates to the same hash.

not very, apparently

1 quattuorvigintillion years

password123 takes a month
ᤶ (U+1936) takes a yoctosecond
1 takes 300 picoseconds (300,000,000,000,000 times longer than the random unicode one)

Who has time to crack a password for ONE account at a time ?

The real money is in hacking sites and stealing all the login/password combinations from them.

And then the biggest security risk are users re-using the same login/password for multiple sites.

Using a password manager is better then reusing your login/password for multiple sites.

each their own, stay secure out there.

...

>not using a password manager

inb4 muh brain retards

"Secure" is an interesting choice of words considering that the amount of entropy in a password is irrelevant to security when you're plugging them into 252k of obfuscated Javascript.

Or about 5 seconds of having a solder in your anus.

That's the problem with randomness, you can never be sure.

My email password is statistically impossible to crack. My others though are most likely compromised.

Sure, it would take 23034693496 years to crack your password.

It takes a few minutes for the password to be reset via social engineering.

password123 would take less than an hour in any comprehensive dictionary attack

if anyone on Sup Forums fell for a phishing scam i'd be very surprised.

You aren't the target; the host is.

Obviously. I was pointing out how off the site seems.

Any program is going to check hhhhhhhhhhhhhhhhhhhhhhhhhh before checking 0p'sAfagg0t

just use 4 easy words like
Bread Funny Love Beer

damn, penisgoblin isn't a safe password. cracked in one day

511[dP]785
>10 years
:(

>using a proprietary password manager

Off-topic probably, but...
I'm about to change passwords from all of my known accounts.
What format of password do you normally use? Combination of words and numbers, "randomly" generated numbers and letters or something else?

Random numbers and letters

password manager idiot

No, they are not. Passwords like that are really uncommon.

>supid fucktard
>"supid"

substitute a letter with a number. Like passw0rd. That should be really safe.

youtube.com/watch?v=3NjQ9b3pgIg

Wrong.

Complexity is unimportant, what matters is length, e.g.

howdyFaggotThisPasswordIsReallyFuckingLong

is a LOT more secure than Ch3353WheeL!98z\

>what matters is length
To express it in your own words:
Wrong.

Dictionary attacks are a thing. It is not JUST about length.

implying this is a dictionary attack, you retard

even then it's completely defeated by splicing a symbol into the centre

unless someone is trying to break YOUR password specifically, it won't happen. even it wont happen.

>he doesnt just open the console to verify the site makes no http requests

>implying this is a dictionary attack
You always assume the attacker knows the style of your password.

>even then it's completely defeated by splicing a symbol into the centre
Great idea! I am sure no hacker will try this. How about you also substitute one letter with a number? They'd never think about that!
Of course, those make your password stronger, but not necessarily as much as you think.

Well now it's not secure anymore, good job putting it in a NSA wordlist

Simple. Just enter a gorillion other passwords and yours is safe again.

...

Use a password manager that generates random strong passwords for the majority of your accounts.
Then use a strong Dice Ware password for your master password. (A system to create random pass phrases.)

>A system to create random pass phrases
>A system
aka insecure

ihEARDtHATcURTIS42-=

43 QUINTILLION YEARS

Ayy, dead memes are good passwords.

>click generate
>instantly get a password like: Fu>o%1cr\\*l/,V';?extension even auto creates an entry in my database when i make the account

ez

>aka insecure
Rolling a bunch of dice is insecure.

What if I use some line from a poem and quite long at that? Around 20 words to remember, how would such mixed attack work?

Everybody should remember their own personal relationship between a number and a random selection of characters.

I.e. 2 = h&J

It takes an hour or so to remember, then top up with flashcards.

After that, the first 3 letters of site corresponded to alphabet position + same with username + random string you memorise = gg.

might as well call that site
>addmypasswordtorockyoudottxt.net

Using dictionary words in concatenated strings isn't all that safe, most cracking tools will accommodate that.

Or, you could just use a password manager which generates strong unique passwords each time.
Then you only need to think of one really strong, but easy to remember password.

And yet, when you account for dictionary attacks, those 4 random words make a stronger password than that other one.

That feel when you realize longer = better and special characters do not fucking matter at all

So just make a password like "opisalwaysandforeverafaggot"

/thread

>80+ char pass

doesnt matter how "secure" your password is against brute force if you have to write it down to remember it.

I can't complain, I made myself a name
And all I really want is five minutes of fame
84 characters(if you don't count new line)

Most of my passwords are relatively secure. Randomly generated 32 character passwords is my default, 16 for shitty sites that won't take my longer ones. Obviously I use a password manager. My master password is just a couple of 16 character passwords I memorized a long time ago combined with an easy to remember but difficult to guess string.

>How secure is your password Sup Forums?
if you go to that site and type your password in then, the answer is not very secure...

>what is a password manager
>not having photographic memory

What if I use emojis in my password?

>howsecureismypassword.net/
suck_mY_b3n15_uSJW_fek1n/g/_whore!!!