Results 1 to 17 of 17
Thread: Prosiebensat security breach
25-02-2013, 08:00 PM #1
Prosiebensat security breach
So, yeah take the usual/necessary precautions and all that.
28-02-2013, 10:00 AM #2
MOTHERFUCKINGMOTHERFUCKER WETOPWIGOWMRIOHEMRHiqwmeroimoism ergoEPMTOIMEpMoiMGWEOIMIMWOIEG
How can they not learn to allow passwords longer than 20 characters.
28-02-2013, 10:24 AM #3
28-02-2013, 10:33 AM #4
- Join Date
- Nov 2012
Long passwords means shit when someone manages to access the database with mail/passwords since well... they have your password or the hash used for password verification. (storing peoples passwords and/or creditcard info in clear text should be a capital offense). The most important bit here is to never ever use the same password as you use for your email account that way they cannot use this info to get access to pretty much everything else you have by password resets etc.
Overly complicated passwords has zero, zilch effect on security, rather the opposite as people write them down to remember them, and when they are forced to change they just add a number at the end.
28-02-2013, 10:53 AM #5
Best thing to do, choose a memorable word and add "flavour". For example (I don't use this and neither should anyone else now) "R0(kP4p3rSh0tGun%!", although like you say if theyve hacked a server and decrypted your password this creates zero difference
28-02-2013, 11:20 AM #6
28-02-2013, 12:00 PM #7
My personal favourite is sentence acronyms. Nice long ones. Look random to the unknowing eye, hard to memorise in a few seconds from a casual glance, but easy to recall so long as you know the sentence itself. betrslayktsi.Itsbastiat, Dawngate
Bastiat, Planetside 2, Miller NC
Therin Khatta, FFXIV, Cerberus
28-02-2013, 12:05 PM #8
I do write down my passwords on paper. That's right, you heard me! PAPER!Hear from the spirit-world this mystery:
Creation is summed up, O man, in thee;
Angel and demon, man and beast art thou,
Yea, thou art all thou dost appear to be!
28-02-2013, 12:07 PM #9
My personal favourite is http://keepass.info/ and use it to generate and store a random password for each and every login I use. You can instruct it to generate a password of X length using some Y set of characters.
I synchronize the keepass file across devices with Dropbox, and that's secure because it itself is encrypted with a master password. So you have one huge ass password you have to remember that unlocks all your other passwords.
28-02-2013, 12:09 PM #10
- Join Date
- Jan 2013
28-02-2013, 12:31 PM #11
- Join Date
- Feb 2013
I also use the XKCD method, quite usefull and easy to remember. Also not easy for any hash bashed method to unlock.
also note that many mail applications/providers support the firstname.lastname@example.org This means that you can fill in your emailadress in forms followed by a + and then a string. The mail will be send to your adress, but sendto has the string attached. This way you can see where the spam is originating from, or what company is selling your mail adress. Quite usefull.
28-02-2013, 12:44 PM #12
Concern with the XKCD method is that there isn't actually a lot of entropy there.
There's high entropy in a 4-word password if you brute force all character possibilities, but a smart attacker will get a dictionary and start combining those words, dramatically reducing the search space. Your 4-word dictionary password will be about as good as a 7 character random one (in the same order of magnitude).
If you really want to be secure, replace some characters in those dictionary words. That'll dramatically shoot up the entropy. So instead of correct horse battery staple, how about c0rrect horse battery stapl&.
This is all pretty academic. Most password breaches are from password reuse and weak passwords. If you care enough to use a correct-horse-type password, you're pretty safe anyway.
Last edited by Boris; 28-02-2013 at 12:55 PM.
28-02-2013, 12:51 PM #13
- Join Date
- Feb 2013
For now, it works though.
28-02-2013, 01:01 PM #14
Yeah. I'm glad it's not a really well known trick at the moment because that's the only thing keeping spammers from circumventing it.
28-02-2013, 01:09 PM #15
To expand on the XKCD one, you can use more than four words and more than one language.
Five random words in five languages. Still easy for humans to remember but makes it more difficult to crack.
I find the best solution is to just use throw away email accounts.
28-02-2013, 02:01 PM #16
I second keepass.
As well as on my desktop and notebook, I have a tiny USB keyring that I keep my keepass database on, along with portable versions (windows and linux) which means I can use it on pretty much any computer I end up using.Originally Posted by CROCONOUGHTKEY
28-02-2013, 04:50 PM #17
I was more annoyed by them because I have a system I use for all my passwords, and it usually is longer than 20 characters and still easy to remember.