Some of the people around me have been killing me not being able to remember passwords and having to always reset them. Are use completely different ones for banking and Work and email and social media....


My Amazon and ish password from like 2001 Is steal my password on everything except now you have to add numbers or whatever is required. It

i generally use the same password plus numbers and special characters but if i have to switch it up its all a variant of different names from the early 00's eagles defense.

theyre generally all the same pattern just one word is different depending on the context/website

i generally use the same password plus numbers and special characters but if i have to switch it up its all a variant of different names from the early 00's eagles defense.

You a birds fan? Or is that just some random shit?

Exactly the same password for everything. Only exception is when they require a special character, or those school passwords that force you to change them every few months. But I have regular systems for how I handle both cases. So there will never be a time when I can't remember a password, ever.

You a birds fan? Or is that just some random shit?


i used to be. my sunday mood back then was dictated by whether they won or lost.

now when i watch football all i care about is my fantasy team lol

broadcasting to the world: brute force me, my PW is 5 letters for everything and it's a word.

Yea, I have different PWs. Not different ones for everything, but I've maybe had... ?? 7 or 8 over the years. The one thing I gotta respek is people who make 32 letter passwords even if it's just like a sentence. It's harder to crack, but I prefer to make shorter, stranger ones. If AI ever develops to where it can brute force sentences, I'll be winning.

I actually got a pw stolen in a breach (one of my good ones!), so I had to make more recently. It's kind of fun.

Also: variants are good.

-Smak

Not every single website is different for me, but the vast majority are. ISH is by far the most simplistic, because it's only associated with a non existent e-mail(every account I've had is associated with a throwaway) and quite frankly I don't care if someone compromises this account. There's nothing to gain.

broadcasting to the world: brute force me, my PW is 5 letters for everything and it's a word.

Yea, I have different PWs. Not different ones for everything, but I've maybe had... ?? 7 or 8 over the years. The one thing I gotta respek is people who make 32 letter passwords even if it's just like a sentence. It's harder to crack, but I prefer to make shorter, stranger ones. If AI ever develops to where it can brute force sentences, I'll be winning.

I actually got a pw stolen in a breach (one of my good ones!), so I had to make more recently. It's kind of fun.

Also: variants are good.

-Smak

There are probably 10,000 or less 5 letter words... wouldn't need to brute force... just someone that's bored and can type fast...

Not every single website is different for me, but the vast majority are. ISH is by far the most simplistic, because it's only associated with a non existent e-mail(every account I've had is associated with a throwaway) and quite frankly I don't care if someone compromises this account. There's nothing to gain.

Wait, you mean people actually link this forum to their email and whenever a post is made it notifies them and they come back on here and reply? :lol :facepalm

I don't even remember my email account when I signed up for this.

There are probably 10,000 or less 5 letter words... wouldn't need to brute force... just someone that's bored and can type fast...

let's split it 50/50. Wait til you guys see what kblaze is posting tomorrow. haha.

-Smak

I don’t believe it’s an actual word. It was a phrase on the bottom of a painting I had in the room my computer was in at the time. Probably a proper noun but I don’t remember what it was the name of. It was just the first thing I saw when I had to make a password on a computer for the first time. After all these years it’s usually the word plus numbers and random caps.

[QUOTE=Kblaze8855]My Amazon password has never changed. It

I have so many login credentials needed at work alone that I have an excel spreadsheet with over 20 different ones depending on what access is needed. I only list the last 3 numbers/letters because the beginning of the password is always the same. I have completely different passwords for ebay, personal email, paypal, bank, amazon, etc. No issues remembering them so for those I didn't put them in an excel/word doc.

That site said it would take a computer 400 years to crack a few passwords that I tried. Add two dashes at the end and it jumps to 3 million years.

[QUOTE=Kblaze8855]I don

Check how secure that password is.

https://howsecureismypassword.net/

I have variants of the same letter, number, symbol password based on the website or service I'm using.

I use a password manager..

So I inserted my master password in that site.. My result:

It would take a computer about
19 SEPTILLION YEARS
to crack your password

I have no idea how big of a number that is, but I know it is MUUUUUUUUCH longer than the age of the universe :oldlol:

300 microseconds for my original from 2000 and 4 weeks on my usual now.

Nah, but I was just pointing it out. Probably shows more about how my cynical mind works than anything else. But I would be careful. PW strength is important in this day n age, of course it doesn't matter when someone lets their whole database be lifted haha like what happened to me.


You're not being cynical. You're actually right...

Almost no website or service of note stores your password without some form of encryption and hashing and salting. When those databases are lifted, hackers still have quite a bit of work to do in figuring out what passwords stored after they've been hashed with an algorithm correspond to regular plain text passwords. However, the simpler your password, the easier and more likely it will be for hackers to happen upon the password for your account using brute force attacks, lookup tables, reverse lookup tables, and rainbow tables.

It's always in your best interest to create a convention unique to you, but not easily identifiable to you. You're a Celtics fan... Something like BC#lts2008-InHoops is going to take awhile for a hacker to get even if the database is compromised.

^ Yea it wasn't a site that did much to protect unfort. Doesn't matter anyway. I blame myself for using one of my quality pws.

Ya live ya learn. I take mistakes super hard; even if it's due to someone else's incompetence I put it out there. Just warning Kblaze posting about how you only have two simple pws on a forum that gets traffic is a bad look. To me, who is paranoid.

-Smak

phishing is the bigger threat, especially if you use the same PW everywhere. All the major websites has good protection against brute forcing and you can setup two way factor authentication with your phone #. Even a crappy website like ish has some kind of protection.

phishing is the bigger threat, especially if you use the same PW everywhere. All the major websites has good protection against brute forcing and you can setup two way factor authentication with your phone #. Even a crappy website like ish has some kind of protection.

Shit it's be 34001 years before I ever got phished. We were doing that stuff on AOL when we were 15.

-Smak

Shit it's be 34001 years before I ever got phished. We were doing that stuff on AOL when we were 15.

-Smak
It's still the most simple trick to get a pw, make a website that looks like the real one.

That's how the icloud celeb leaks happened.

"What Collins did to gain access to at least 50 iCloud accounts and 72 Gmail accounts between November 2012 and September 2014 was rather simple. He sent his victims emails that looked like they originated from Apple or Google, fooling them into handing their credentials over."

Apple started two factor authentication after that.

It's still the most simple trick to get a pw, make a website that looks like the real one.

That's how the icloud celeb leaks happened.

"What Collins did to gain access to at least 50 iCloud accounts and 72 Gmail accounts between November 2012 and September 2014 was rather simple. He sent his victims emails that looked like they originated from Apple or Google, fooling them into handing their credentials over."

Apple started two factor authentication after that.
yup


it's how everyone still gets their accts wacked on DNM's and entire cyrpto balance washed

yup


it's how everyone still gets their accts wacked on DNM's and entire cyrpto balance washed

Only dumbasses keep their crypto on an exchange or a third party site.

Get a hardware wallet. Your operating system can be absolutely packed to the brim with viruses, so long as you validate the address you're sending to, there's nothing that a hacker can do to steal your crypto from a hardware wallet. The only exception to this would be if they're actively controlling your mouse and keyboard remotely, which is unlikely... and you would see it.

Only dumbasses keep their crypto on an exchange or a third party site.

Get a hardware wallet. Your operating system can be absolutely packed to the brim with viruses, so long as you validate the receiving address you're sending to, there's nothing that a hacker can do to steal your crypto from a hardware wallet.


Vendors that trade on there, no they all keep lump sums on there specifically due to transanction fees and dozens of orders/trading daily is counter productive with ripping it back and forth between wallets

Vendors that trade on there, no they all keep lump sums on there specifically due to transanction fees and dozens of orders/trading daily is counter productive with ripping it back and forth between wallets

I hear what you're saying, but... not your keys, not your Bitcoin. Pretty simple.

Also, some of the hardware wallet manufacturers/developers are working on bringing the lighting network to those hardware wallets somehow... which will essentially mean there's really no longer an excuse to not keep hold of your own coin.

I hear what you're saying, but... not your keys, not your Bitcoin. Pretty simple.

That's the risk you play gambling on the dark web, anyone that holds weight can get touched

It's still the most simple trick to get a pw, make a website that looks like the real one.

That's how the icloud celeb leaks happened.

"What Collins did to gain access to at least 50 iCloud accounts and 72 Gmail accounts between November 2012 and September 2014 was rather simple. He sent his victims emails that looked like they originated from Apple or Google, fooling them into handing their credentials over."

Apple started two factor authentication after that.

No I feel ya. It just is something we dudes who grew up in the net age should be immune to. If people are getting phished, that's on them. That's why I didn't feel that bad for Podesta haha.

You don't have to be a cpu genius to be wary of stuff like that. If it's suspect, you can google it. If it's suspect and you can't find anything about it online, then you can call the company directly and ask them.

People just don't pay attention. Or they are senile.

-Smak

It's still the most simple trick to get a pw, make a website that looks like the real one.

That's how the icloud celeb leaks happened.

"What Collins did to gain access to at least 50 iCloud accounts and 72 Gmail accounts between November 2012 and September 2014 was rather simple. He sent his victims emails that looked like they originated from Apple or Google, fooling them into handing their credentials over."

Apple started two factor authentication after that.

Yup... phishing and other attacks via fraudulent e-mail links are responsible for many of the compromises we see now. People have to be very wary of which what they click on.

No I feel ya. It just is something we dudes who grew up in the net age should be immune to. If people are getting phished, that's on them. That's why I didn't feel that bad for Podesta haha.

You don't have to be a cpu genius to be wary of stuff like that. If it's suspect, you can google it. If it's suspect and you can't find anything about it online, then you can call the company directly and ask them.

People just don't pay attention. Or they are senile.

-Smak

I have sympathy for people who get fooled in phishing attacks.

You have a google account and you access your e-mail via one of many apps on your phone. You receive an e-mail that is purportedly from Google noting that there has been suspicious activity on your account from someone outside of the country. The e-mail gives you the option of clicking on two links... one noting that the activity was indeed you, and the other noting that it was not you.

When you click on the link indicating that the activity was not you, the link takes you to what looks like a google page that gives you the option of changing your password to make sure your account remains secure, first putting in your old password. You "change" your password and whoever is behind the ruse now has your username and password. That is something a significant number of people will fall for... especially older individuals who are not technologically savvy or read up on the techniques often used to hack accounts.

Does OP as a moderator know our passwords?

If so, his question is legit concerning.

Does OP as a moderator know our passwords?

If so, his question is legit concerning.

No.

He doesn’t even have your IP... only the admin(s) does(do)... and even they don’t have your password.

This board is old but the software isn’t storing unencrypted passwords lol.

Here's another password strength analyzer, along with a better description of what makes a strong password.

https://www.grc.com/haystack.htm

My password strategy is pretty simple. For most websites, I use the same password. It's a non-dictionary word and a single digit. It wouldn't be that difficult for someone to hack, but I don't care because I only use it on websites where I don't care if my account is compromised. I need to create an account on a website in order to download a mod for a game I'm playing. I need to create an account on a recipe website to save that pesto recipe for later retrieval. If those accounts are hacked, I don't care.

The accounts I do care about, where I have stored banking information or other stuff I don't want compromised, are more complicated. I use song lyrics, padded with a number generated by certain characteristics of the password itself. I keep a text file with hints for each password that trigger an "Oh yeah, I remember now" from me, but wouldn't mean anything to anyone else.

Example: For Amazon.com my password hint might be "current raisins". Could mean anything to other people, but to me it reminds me immediately of the Electric Prunes, a psychedelic rock band from the 60's. That leads me to their biggest hit "Too Much to Dream", and a certain lyric from that song that I particularly like... "You were gone, gone, gone." There's my password: "YouwereGone,Gone,Gone4". The 4 is the number of capital letters in the password, which just an example, not the number generator I actually use.

The trick is that the password hint leads my mind down a very specific path that other people won't get.

Hint: Asimov. (Famous writer. So my password is related to one of his books? Nope!)

My mind goes like this:

As a mauve

Mauve is a shade of purple

Purple = Prince

Little Red Corvette

"BabyYou'reMuchtooFast4"

Here's another password strength analyzer, along with a better description of what makes a strong password.

https://www.grc.com/haystack.htm

My password strategy is pretty simple. For most websites, I use the same password. It's a non-dictionary word and a single digit. It wouldn't be that difficult for someone to hack, but I don't care because I only use it on websites where I don't care if my account is compromised. I need to create an account on a website in order to download a mod for a game I'm playing. I need to create an account on a recipe website to save that pesto recipe for later retrieval. If those accounts are hacked, I don't care.

The accounts I do care about, where I have stored banking information or other stuff I don't want compromised, are more complicated. I use song lyrics, padded with a number generated by certain characteristics of the password itself. I keep a text file with hints for each password that trigger an "Oh yeah, I remember now" from me, but wouldn't mean anything to anyone else.

Example: For Amazon.com my password hint might be "current raisins". Could mean anything to other people, but to me it reminds me immediately of the Electric Prunes, a psychedelic rock band from the 60's. That leads me to their biggest hit "Too Much to Dream", and a certain lyric from that song that I particularly like... "You were gone, gone, gone." There's my password: "YouwereGone,Gone,Gone4". The 4 is the number of capital letters in the password, which just an example, not the number generator I actually use.

The trick is that the password hint leads my mind down a very specific path that other people won't get.

Hint: Asimov. (Famous writer. So my password is related to one of his books? Nope!)

My mind goes like this:

As a mauve

Mauve is a shade of purple

Purple = Prince

Little Red Corvette

"BabyYou'reMuchtooFast4"

That

[QUOTE=Shogon]That