1. Post #41
    Gold Member
    Tinter's Avatar
    March 2008
    7,435 Posts
    At work to use a checkout we need a till number and password. But you've got to change the password every couple of weeks. I recently discovered that you can make the password a single digit, my password currently is "1"
    Changing your password every few weeks is stupid. It's the same as changing the lock on your front door.
    Reply With Quote Edit / Delete Reply Windows 7 Denmark Show Events Agree Agree x 7 (list)

  2. Post #42
    Gold Member
    Dennab
    February 2007
    13,269 Posts
    I've still never understood the logic behind that, it seems to assume the attacker knows the length and makeup of the password, but is just guessing the characters.
    No, it's assuming the attacker is a bot designed to test every possible symbol in your password. The bot won't know that you're using 4 words (possibly more possibly less), a human will have every word imaginable to choose for all 4 words, and the 4 words are to a computer with the ability to guess words like a 4 digit password where every value is equal to the number of words in a dictionary (where it will probably be limited to one language, and won't involve slang words).
    Reply With Quote Edit / Delete Reply Windows 7 Sweden Show Events Agree Agree x 2 (list)

  3. Post #43
    Gold Member
    cheesedelux's Avatar
    February 2007
    7,656 Posts
    A while ago when some group (Anonymous maybe?) published a massive list of stolen personal information, mostly emails and passwords, showing just the first three letters, I went through the list looking for "abc", "pas" and "qwe". Tried a couple, they all worked. Stayed out of their shit. Sent them all emails about it and why they should use proper passwords.
    As I was typing it, Wordpress sent out their own "Oh dear all our accounts got hacked" email.
    I suppose it's a bit more pressing when some of those warning emails came from their own account.

  4. Post #44
    Ask me about my Guardians of the Galaxy fetish.
    Katatonic717's Avatar
    September 2010
    9,293 Posts
    I remember in elementary school I used the password "guy111".
    Years later my steam account was hacked because someone guessed it.
    God I was retarded.
    Reply With Quote Edit / Delete Reply Windows 7 United States Show Events Funny Funny x 13Agree Agree x 1 (list)

  5. Post #45
    DeanWinchester's Avatar
    May 2010
    3,679 Posts
    I remember in elementary school I used the password "guy111".
    Years later my steam account was hacked because someone guessed it.
    God I was retarded.
    Would you like to sign up for a free Steam game? offer ends in 60 minutes answer fast thanks :)
    Reply With Quote Edit / Delete Reply Windows 7 United States Show Events Optimistic Optimistic x 1 (list)

  6. Post #46
    I take a normal saying and take the first letters and add numbers.

    The apple doesn't fall far from the tree = 7tadffftt64 (Mind you, I use Norwegian sayings)

    I do use something more secure on my really sensitive stuff though. One code I won't reveal here

  7. Post #47
    Peng Weed Erryday
    Doozle's Avatar
    August 2005
    5,117 Posts
    Changing your password every few weeks is stupid. It's the same as changing the lock on your front door.
    It's just to stop other people using your till number, because that can be quite serious.

    Coincidently a few months ago I buggered something up on the till and somehow the person wasn't charged for their goods. They walked out without paying, because of my error and my checkout was 500 down.

  8. Post #48
    Glod Menber
    Maximum Mod's Avatar
    June 2008
    4,511 Posts
    I remember that I used the password "tortoises are fucking great" somewhere, and according to this it would take about 54 octillion years for a desktop pc to hack it
    Reply With Quote Edit / Delete Reply Windows 7 Sweden Show Events Funny Funny x 4 (list)

  9. Post #49
    Gold Member
    cheesedelux's Avatar
    February 2007
    7,656 Posts
    That's a single computer doing it on a letter-by-letter possibility thing though isn't it?

  10. Post #50
    Gold Member
    borisvdb's Avatar
    July 2007
    2,337 Posts
    What a bunch of morons. They should really use this- http://www.safe-password-generator.com/.
    It also helps to remember the keystrokes your do when typing in your password.

  11. Post #51
    Gold Member
    CommanderPT's Avatar
    July 2006
    8,140 Posts
    Using your phone number is the best password there is. Trust me.
    Reply With Quote Edit / Delete Reply Windows 7 Sweden Show Events Funny Funny x 1 (list)

  12. Post #52
    ultimate poster
    Itachi_Crow's Avatar
    November 2007
    13,562 Posts
    my steam pass is imgay4anime dont tell no one
    Reply With Quote Edit / Delete Reply United States Show Events Winner Winner x 3 (list)

  13. Post #53
    Glod Menber
    Maximum Mod's Avatar
    June 2008
    4,511 Posts
    That's a single computer doing it on a letter-by-letter possibility thing though isn't it?
    desktop pc

  14. Post #54
    into things like this - if you know what
    Dennab
    December 2011
    4,031 Posts
    I remember having my 15 mb/sec internet and gained 4 mb/sec with it.
    Now I switched to 50 mb/sec and it only downloads in 250kb/sec




    thanks Tele2
    Reply With Quote Edit / Delete Reply Windows Vista Sweden Show Events Informative Informative x 3 (list)

  15. Post #55
    One of these days, I'm going to cut you into little pieces.
    AJisAwesome15's Avatar
    May 2011
    5,915 Posts
    Reminds me of the people on facebook who said if you posted your password on your wall it would show up as ******* and people actually did it
    Reply With Quote Edit / Delete Reply United States Show Events Funny Funny x 11 (list)

  16. Post #56
    into things like this - if you know what
    Dennab
    December 2011
    4,031 Posts
    and my pass is gulia96, since it's my first dog's name.

    Don't tell anyone

  17. Post #57
    dragonkilla's Avatar
    June 2008
    597 Posts
    Pfft, my school can't possibly get hacked than the password is "Password!"

  18. Post #58
    If the mods approve of this title they hereby admit that they are all massive faggots
    koeniginator's Avatar
    October 2009
    9,655 Posts
    one one one, uh.... one!
    Reply With Quote Edit / Delete Reply Windows 7 United States Show Events Winner Winner x 1 (list)

  19. Post #59
    Gold Member
    Zezibesh's Avatar
    May 2008
    18,981 Posts
    I hate services that have an arbitrary limit on passworld length. I can't use my normal pass (34 characters) on Paypal because the limit is 20. Then they ask me to change my pass every month when it's not as secure as I'd like it to be in the first place.
    Reply With Quote Edit / Delete Reply Windows 7 Finland Show Events Agree Agree x 2 (list)

  20. Post #60
    In Elementary school we used computer software for our homework where we all had users, and I guessed my teachers password and I was right on the second attempt. (It was his surname )

    So with his admin privileges I deleted every account for each student in the entire school and made a new one single new one called 'school sucks!' (remember I was like 10)
    Sadly one guy told the teacher it was me and I got in a shit ton of trouble.
    Reply With Quote Edit / Delete Reply Windows 7 Denmark Show Events Funny Funny x 7Dumb Dumb x 2 (list)

  21. Post #61
    my pw is ******** xD they'll never gueess it
    Reply With Quote Edit / Delete Reply Windows 7 United States Show Events Useful Useful x 1 (list)

  22. Post #62
    Gold Member
    trotskygrad's Avatar
    June 2011
    8,517 Posts
    My passwords since I was a kid have always been like the last panel.

    ApplePieWar
    Hat hat tophat
    Musicfafafafa

    the list goes on
    yup, passphrases are much much better, my passwords are usually 20 characters +

    fuck you password character limits!

    Edited:

    In Elementary school we used computer software for our homework where we all had users, and I guessed my teachers password and I was right on the second attempt. (It was his surname )

    So with his admin privileges I deleted every account for each student in the entire school and made a new one single new one called 'school sucks!' (remember I was like 10)
    Sadly one guy told the teacher it was me and I got in a shit ton of trouble.
    I discovered that you could change the password on mac systems through terminal using the unix command passwd while in elementary school.

    Needless to say when I found out the password for the teacher account (it was student) I logged in and changed it

  23. Post #63
    YouWithTheFace.'s Avatar
    April 2011
    916 Posts
    Dictionary attack exist you know. Using only words isnt super safe as xkcd would like to believe
    Reply With Quote Edit / Delete Reply Puerto Rico Show Events Disagree Disagree x 1 (list)

  24. Post #64
    Cheesy and delicious.
    Snickerdoodle's Avatar
    August 2010
    6,167 Posts
    but then they only have to guess 4 words and they're in?
    In password finding, even just 4 words mean hell. Even if there were only 20,000 words in the dictionary, then it would still take 1,333,733,370,001 guesses to test all possible combinations. The calculator I was using would crash when I tried to input any number larger.

  25. Post #65
    Terminutter's Avatar
    June 2010
    6,205 Posts
    Dictionary attack exist you know. Using only words isnt super safe as xkcd would like to believe
    Not super safe, but you can start inserting in less common slang words and words from other languages that you know, and then a four or more word password is actually pretty decent, and still memorable. Most dictionary attacks are limited to the dictionary used, with a few common slang words added, (from my understanding) so you should have reasonable security, though not the best.
    I like to use a memorable sentance or two, made up on the spot, for places that allow them, but most places have bullshit limits, or don't allow non-"standard" characters. (hang on, isn't a non-standard password a kind of benefit )

    Also, there are so many words in even one language that it'd be amazing to guess some of the less used ones, or archaeic words.

  26. Post #66
    kill yourself
    Protocol7's Avatar
    June 2006
    25,930 Posts
    Dictionary attack exist you know. Using only words isnt super safe as xkcd would like to believe
    Given a password of 28 characters, it could be one uncommon word like "antidisestablishmentarianism" or several common words like "thecatjumpedoverasilverspoon" which is 7 words.

    So even if the computer knew character length, it would have a fun time filling it with the proper amount of words and then finding the correct ones.

  27. Post #67
    Thoughtless's Avatar
    September 2011
    689 Posts
    At work to use a checkout we need a till number and password. But you've got to change the password every couple of weeks. I recently discovered that you can make the password a single digit, my password currently is "1"
    The first time I did that, I forgot to save the password I generated for my e-mail account, took me an age to get it back.

  28. Post #68
    100% Homemade
    ZestyLemons's Avatar
    September 2007
    8,353 Posts
    Use passwords that make the hacker type in things that he finds morally wrong.

    No more hackers!
    Reply With Quote Edit / Delete Reply Windows Vista Canada Show Events Dumb Dumb x 1Funny Funny x 1 (list)

  29. Post #69
    Please waste more of your money changing this title again.
    Gmod4ever's Avatar
    August 2005
    6,785 Posts
    Given a password of 28 characters, it could be one uncommon word like "antidisestablishmentarianism" or several common words like "thecatjumpedoverasilverspoon" which is 7 words.

    So even if the computer knew character length, it would have a fun time filling it with the proper amount of words and then finding the correct ones.
    Especially if you put numbers in between each word, which is what I do. I generally pick an easy-to-remember phrase with at least 3 words, put them together, and string them together with a 3- or 6- character numpad pattern. For example, off the top of my head, I will take a Starcraft cheat code and generate a password from it:

    There456456is852852no951951cow753753level.

    Fuck you, dictionary crackers.
    Reply With Quote Edit / Delete Reply Windows 7 United States Show Events Dumb Dumb x 2 (list)

  30. Post #70

    April 2011
    4,518 Posts
    If it's 30 letters, only containing a-z, 26[SUP]30[/SUP] if i am correct.

    Edited:

    +- 2.8x10[SUP]42[/SUP]
    Assuming 1000 passwords/second like in xkcd, it will take 1.87475309 10[sup]43[/sup] years to break that.

    Edited:

    I've still never understood the logic behind that, it seems to assume the attacker knows the length and makeup of the password, but is just guessing the characters.
    It appears to be assuming that the attacker is going through every possible combination of letters for a given length of password before adding one character to it and repeating the process.

  31. Post #71
    kill yourself
    Protocol7's Avatar
    June 2006
    25,930 Posts
    Especially if you put numbers in between each word, which is what I do. I generally pick an easy-to-remember phrase with at least 3 words, put them together, and string them together with a 3- or 6- character numpad pattern. For example, off the top of my head, I will take a Starcraft cheat code and generate a password from it:

    There456456is852852no951951cow753753level.

    Fuck you, dictionary crackers.
    "It would take a desktop PC about 3 octodecillion years to hack your password"

    Good work.

  32. Post #72
    Gold Member
    TheDecryptor's Avatar
    September 2006
    4,212 Posts
    ...
    It appears to be assuming that the attacker is going through every possible combination of letters for a given length of password before adding one character to it and repeating the process.
    That's just brute forcing though, the comic seems to assume the attacker knows the exact length and makeup of the password.

    According to the comic, adding a single uppercase character doubles the search area, but it doesn't. The only way it could just double it was if you knew the exact password, but not the case (and you'd have to know that there was exactly one uppercase character) Otherwise you'd have to test a-z A-Z for every letter up to the length (assuming 10 characters, that's 10^52, or 10 sextillion combinations)

    And that's assuming there's no punctuation, etc.

  33. Post #73
    Gold Member
    Hmn30's Avatar
    December 2008
    5,887 Posts
    I still fail to understand how this can be true

  34. Post #74
    CakeMaster7's Avatar
    October 2010
    11,811 Posts
    I still fail to understand how this can be true
    It was explained like twice before in this thread

  35. Post #75
    Alvaldi's Avatar
    August 2009
    1,514 Posts
    I like to take the sentence approach, and then use plenty of slang and profanity.
    was a bit awkward when i called in for customer service one time and give my password though

  36. Post #76
    Gold Member
    Upgrade123's Avatar
    January 2008
    5,478 Posts
    Easily guessable or entirely blank passwords were the most common vulnerability Trustwave's SpiderLabs unit found in its penetration tests last year on clients' systems.
    heh

  37. Post #77
    I remember that I used the password "tortoises are fucking great" somewhere, and according to this it would take about 54 octillion years for a desktop pc to hack it
    "It would take a desktop PC
    About 13 sextillion years
    to hack your password"

    Huh.

  38. Post #78
    Mr. Scorpio's Avatar
    May 2010
    11,143 Posts
    I like combining words to make passwords.

    Smoothmoosecriminal

    Dancedrugreligion

    Freshappleprince

    Hankyswankygorillapanky

  39. Post #79
    SoaringScout's Avatar
    February 2010
    6,747 Posts
    sandpaperontitties apparently takes 3 billion years

  40. Post #80
    Athlias's Avatar
    July 2009
    567 Posts
    My passwords change from website to website, but they're mostly the same. Let's say my password is password1 for example. On FP it might be fp_password1 and on Steam sm_password1. That way, it's easy to remember, the passwords are different and it is decently lengthy too.