you realize that we are all way beyond fine. Nobody is going to guess poopdragonmeister3000 as being someones password. (not saying THAT is my password, for anything, but you get the point.)
did you even know that 21 quintillion sexagintillion years is even a thing? passwords as long as chuck norris's ______
A quote that only I would know. So in a sense, referring to the xkcd link, that's pretty much what I do for most of my passwords.
Did anyone stop to think entering your password into that thing cache's it and logs the sites you visit, then sends the data back to whoever created the site, thereby giving them your password and totally nullifying the whole idea of a password in the first place? Yeh, I'm too paranoid to enter anything into some random site that I don't fully trust. Also, my passwords for different sites vary, and consist of numbers and letters of the lower and upper case variety, so it would be near impossible to guess my password.
My laptop has a fingerprint scanner, so my laptop password is a 300 character long string that I don't remember, so it can only be accessed with my finger print
There's nothing like talking about your passwords on a forum where people can get your IP from your post... As for my pass i don't have specific passwords i have a bunch of random predefined seemingly random sequences involving numbers/letters/caps/etc(^:"@}) that I've memorized over time and depending on my trust of the site and why i trust them depends on what parts of the different sequences and in which order i mix them.
@Richard I probably wouldn't trust that site. I typed in the whole alphabet and it told me 48 quintillion years. abcdefghijklmnopqrstuvwxyz = the worst password ever. EDIT: I typed in some random spam and I got this: Spoiler
"this site i've entered my password in tells me it will never be guessed" - what if they store the passwords you type into it? anyway, having made a password hard cracker before I would've thought that having one number or capital letter would significantly increase your possible combinations. i.e. there are 10 different combinations of one character (a letter, number, symbol, empty string ("")) between 0 and 9 (including 0 and 9) (0,1,2,3,4,5,6,7,8,9) if you add in the alphabet, 36 combinations (26+10) if you add in the capitals (caps sensitive) alphabet, 62 combinations (26+26+10) So the number of possible combinations for one character that's alphanumeric is 62. If you have two characters, that's 62 * 62 combinations. You've also got to account for the fact that passwords can vary in length (your password could be P0 or c2 or just 3), so you add "" (an empty character) to your possible characters list (so 63 per character). That's 63*63 combinations. If you have three characters, 63*63*63. So the possible combinations for a password that's case sensitive, varied in length, and includes numbers (but nothing else) is 63[sup]number of characters[/sup]. You have to account for the fact that any character could have a capital or number in it, so it increases the length. (they have to keep running their program until they get every character right, it's not like they lock in place like a jigsaw puzzle). It's not like it differs per password in anything but length though because even if your password is all caps or all lowercase, they still have to account for the fact that it COULD have capitals. all in all, it depends on the order in which their hard crack works. I imagine a smarter system would work better to guess passwords (i.e. with dictionary, autocorrect, etc). The reason a shorter password tends to be easier to guess is if the first character in the 'hacker' s list of characters is an empty string "". Same for lowercase, a-z tends to be first. But if this were true, then you'd just need to make sure you got the last character in their list and spam it to make it take longer. this was phrased really badly but anyway, that password guesser thing doesnt work, there's no way it can tell if you're using a-z or 0-9, A-Z or a-Z AND 0-9
How long does it realistic take to guess passwords, just a rough ball park figure for any situation? I'm curious because I always thought it was a non issue of people actually guessing your pass though trail and error because it would take to long and people only lost there pass because of keyloggers/giving it away into random sites that pretend to evaluate the pass strength/etc.
@WWWilliam People sometimes put in the stupidest passwords. Like their address. Humans can hack stupid peoples' online accounts too So yes, if you're stupid, people guessing your pass can be an issue.
People actually run bot nets trying to access emails through brute force. I can bet you that gaben@valvesoftware.com has been attacked for years. Computers can try millions upon billions of passwords every second, hell even How Secure Is My Password? has a default value at 4 BILLION "attempts" per second.
So, guys, I looked through that website and found this image http://xato.net/wp-content/xup/diff.png why are so many of the top passwords either things like 232323 or 696969? EDIT: I am now officially changing my username to IamtheeggmantheyaretheeggmenIamthe and my password to walrus.
I know machines can do more attempts then 1 per 30seconds like a human but still at 10000000000 billion a second according to "how secure is my password" would take 134 years to crack a 15 letter password Idk how it works exactly but if you could lessen the password length and maybe the average attempts a second is less in reality but it will still average at about, longer then one human can live. So i was asking is it really a issue that people actually do and succed at? Since takes longer then a human to live to crack a password this way and all you have to do is change your pass every 50years or have a 15+ long password and it will pretty much never be cracked specially if people have preventive measures like "If 1 billion password attemps come from this IP ban it" or if comes from multiple ips whatever something that helps prevent it and reset the attempts to take anther longer then a human can live to retry. Wouldn't people just invest in other hacking methods?
Yeah, it's like like bloo said. A site with one of those "you entered your password incorrectly 5 times, please wait 5 minutes" may sound dumb but that reduces the speed of the crack MASSIVELY (reduced to 5 combinations/5 minutes) other good things are those on screen keyboard password enters (also stops keylogging or at least makes it less practical) But I was making a short 4 or 5 character password cracker (brute force, as i described before), took a minute or two to crack. There's also midput effects on the crack While a computer can run combinations very quickly, there are many other things to account for
I made a Brute Force hack one, (I don't know if it would technically be one) but what it did was after I entered a string of numbers and words that I knew this guy had used for passwords before, and let it run all possible permutations with capitals. I got it in about 3 hours. Given that his password was like 7 characters long, this didn't surprise me, but it was a good way to spend a weekend.