Advertise on Bikeforums.net



User Tag List

Page 1 of 2 12 LastLast
Results 1 to 25 of 30
  1. #1
    Senior Member mechBgon's Avatar
    Join Date
    Jul 2002
    Posts
    6,957
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Are you reusing passwords on multiple websites?

    This is a good article on password cracking: http://arstechnica.com/security/2012...under-assault/

    Points to take away:

    1. don't re-use the same password at multiple sites. If/when one site gets compromised, you want the damage to stop there.

    2. don't rely on "mangling" a word (e.g. g0lfba11 in place of golfball) or simply tack on numerals or symbols (kittens!!!1). They're wise to your tricks

    3. If possible, avoid any dictionary basis for your passwords at all. To make this easier, consider using a password-manger software like LastPass, or a fingerprint scanner & software (I use an Authentec Eikon Solo for this), so you can use truly strong, lengthy passwords that are unique for each site, without having to remember them all.

    4. my tip: if you can get away with it, add at least one "special" character that wouldn't be found on a normal keyboard. For example, hold ALT and type 1098 on the keypad, and when you let go, you get a (in Windows, anyway). This is a game-changer for a ******* since they're almost certainly going to crack for the standard keyboard characters only. I realize this isn't feasible for everyone (laptops, phones). Some sites will not allow special characters, either.


    The article isn't just another article on how to pick a strong password. They show how crackers get their hands on literally millions of passwords at a shot, brute-force them on specially-constructed systems armed with multiple GPUs, and learn from the results so they can refine their strategies and algorithms. They also keep accumulating more and more "hashes" (basically digital fingerprints) of the top tens of millons of passwords that people actually pick in real life.

  2. #2
    Senior Member Wolfvegas's Avatar
    Join Date
    Feb 2012
    Location
    Nova Scotia, CANADA
    My Bikes
    CCM 21 speed big box special.....
    Posts
    238
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yup, almost as easy as cracking photobucket accounts I must say all you need is the proper fuscker tool

  3. #3
    Banned. ModoVincere's Avatar
    Join Date
    Aug 2006
    Posts
    1,626
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    meh....when you have an online persona like mine, no one wants to crack your account.

  4. #4
    Pedaled too far. Artkansas's Avatar
    Join Date
    Oct 2005
    Location
    La Petite Roche
    Posts
    12,215
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    And you probably want different levels of security. Does your bikeforums password need to be as secure as your bank password?
    "He who serves all, best serves himself" Jack London

    Quote Originally Posted by Bjforrestal View Post
    I don't care if you are on a unicycle, as long as you're not using a motor to get places you get props from me. We're here to support each other. Share ideas, and motivate one another to actually keep doing it.

  5. #5
    Still spinnin'..... Stealthammer's Avatar
    Join Date
    May 2009
    Location
    Whitestown, IN
    My Bikes
    Fisher Opie freeride/urban assault MTB, Redline Monocog 29er MTB, Serrota T-Max Commuter, Klein Rascal SS, Salsa Campion Road bike, Pake Rum Runner FG/SS Road bike, Cannondale Synapse Road bike, Santana Arriva Road Tandem, and others....
    Posts
    1,195
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by mechBgon View Post
    .....For example, hold ALT and type 1098 on the keypad, and when you let go, you get a (in Windows, anyway).......
    Yep, ASCII keyboard codes are a bit of a "hidden" secret that just about foolproofs your passwords that generally even most programmers overlook, but be sure to use the numeric pad on the right side of yout keyboard and not the numeric keys above the lettered keys.

    ASCII Keyboard Codes
    Just your average 'high-functioning' lunatic, capable of passing as 'normal' for short periods of time.....

    The difference between genius and stupidity is; genius has its limits. - Albert Einstein

    We all know that light travels faster than sound. That's why certain people appear bright until you hear them speak. - Albert Einstein

  6. #6
    Senior Member
    Join Date
    May 2008
    Location
    Calgary, Alberta
    Posts
    679
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think the article went for the more sensational sort of 'be very afraid' information. Any site with important information doesn't let you try a billion passwords a second. After 5 failed attempts you have to wait 5 or 15 minutes. At that rate it would take at least a billion years to crack mine.
    mainlytext.com/bike.html Bicycling in winter, the entertainment version

  7. #7
    Senior Member mechBgon's Avatar
    Join Date
    Jul 2002
    Posts
    6,957
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Closed Office View Post
    I think the article went for the more sensational sort of 'be very afraid' information. Any site with important information doesn't let you try a billion passwords a second. After 5 failed attempts you have to wait 5 or 15 minutes. At that rate it would take at least a billion years to crack mine.
    Good point. But let's say I use the same password at BF and at my primary email account. If BF gets hacked, now they own my email account and can send password-reset requests to it from my bank, PayPal, eBay, and so forth. And then they own them too. A chain's as strong as... yeah.

    Another article on the subject: Own the email, own the person It refers to the recent incident where writer Mat Honan ended up so thoroughly pwned that the attackers were able to remote-wipe his iPad and iPhone.

    Bottom line, there are some habits that can be unlearned and avoided to help limit the damage potential.

  8. #8
    You Know!? For Kids! jsharr's Avatar
    Join Date
    Apr 2005
    Location
    Just NW of Richardson Bike Mart
    My Bikes
    '05 Trek 1200 / '90 Trek 8000 / '? Falcon Europa
    Posts
    6,082
    Mentioned
    11 Post(s)
    Tagged
    3 Thread(s)
    No one will ever guess my pa55w0rd.
    Are you a registered member? Why not? Click here to register. It's free and only takes 27 seconds! Help out the forums, abide by our community guidelines.
    Quote Originally Posted by colorider View Post
    Phobias are for irrational fears. Fear of junk ripping badgers is perfectly rational. Those things are nasty.

  9. #9
    Fax Transport Specialist black_box's Avatar
    Join Date
    May 2008
    Location
    chicago burbs
    My Bikes
    '07 fuji cross pro, '10 gary fisher x-caliber
    Posts
    784
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    are passwords for sites such as BF commonly stored in plain text? I thought they were one-way hashed. Or is that reversible?

  10. #10
    Senior Member
    Join Date
    May 2008
    Location
    Calgary, Alberta
    Posts
    679
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by black_box View Post
    are passwords for sites such as BF commonly stored in plain text? I thought they were one-way hashed. Or is that reversible?
    Passwords to forums are not stored as plain text. Even free forums like Simple Machines store them encrypted in a database. The forum admin themselves cannot see your passwords.
    mainlytext.com/bike.html Bicycling in winter, the entertainment version

  11. #11
    Senior Member
    Join Date
    Jun 2008
    Location
    Portland, OR
    My Bikes
    Surly LHT set up for commuting
    Posts
    642
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The obligatory XKCD post: http://xkcd.com/936/

    Good article in Wired r.e. how easy it is to compromise Apple and Amazon security: http://www.wired.com/gadgetlab/2012/...honan-hacking/

  12. #12
    Senior Member
    Join Date
    Jun 2008
    Location
    Portland, OR
    My Bikes
    Surly LHT set up for commuting
    Posts
    642
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by black_box View Post
    are passwords for sites such as BF commonly stored in plain text? I thought they were one-way hashed. Or is that reversible?
    It only takes a few hours to brute force most passwords. The ARS article details how it's done.

  13. #13
    You Know!? For Kids! jsharr's Avatar
    Join Date
    Apr 2005
    Location
    Just NW of Richardson Bike Mart
    My Bikes
    '05 Trek 1200 / '90 Trek 8000 / '? Falcon Europa
    Posts
    6,082
    Mentioned
    11 Post(s)
    Tagged
    3 Thread(s)
    When I was a mod here, we had access to the big basket of passwords. They were not encrypted or anything. We just kept them in a big 55 gallon barrel by the storeroom door. I think I kept my key to the storeroom. Want me to go get a handful of passwords for ya'll?
    Are you a registered member? Why not? Click here to register. It's free and only takes 27 seconds! Help out the forums, abide by our community guidelines.
    Quote Originally Posted by colorider View Post
    Phobias are for irrational fears. Fear of junk ripping badgers is perfectly rational. Those things are nasty.

  14. #14
    Banned. ModoVincere's Avatar
    Join Date
    Aug 2006
    Posts
    1,626
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by jsharr View Post
    When I was a mod here, we had access to the big basket of passwords. They were not encrypted or anything. We just kept them in a big 55 gallon barrel by the storeroom door. I think I kept my key to the storeroom. Want me to go get a handful of passwords for ya'll?
    No thanks...but I'll take access to teh womenz forum.

  15. #15
    genec genec's Avatar
    Join Date
    Sep 2004
    Location
    san diego
    My Bikes
    custom built, sannino, beachbike, giant trance x2
    Posts
    22,562
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by mechBgon View Post
    This is a good article on password cracking: http://arstechnica.com/security/2012...under-assault/

    Points to take away:

    1. don't re-use the same password at multiple sites. If/when one site gets compromised, you want the damage to stop there.

    2. don't rely on "mangling" a word (e.g. g0lfba11 in place of golfball) or simply tack on numerals or symbols (kittens!!!1). They're wise to your tricks

    3. If possible, avoid any dictionary basis for your passwords at all. To make this easier, consider using a password-manger software like LastPass, or a fingerprint scanner & software (I use an Authentec Eikon Solo for this), so you can use truly strong, lengthy passwords that are unique for each site, without having to remember them all.

    4. my tip: if you can get away with it, add at least one "special" character that wouldn't be found on a normal keyboard. For example, hold ALT and type 1098 on the keypad, and when you let go, you get a (in Windows, anyway). This is a game-changer for a ******* since they're almost certainly going to crack for the standard keyboard characters only. I realize this isn't feasible for everyone (laptops, phones). Some sites will not allow special characters, either.


    The article isn't just another article on how to pick a strong password. They show how crackers get their hands on literally millions of passwords at a shot, brute-force them on specially-constructed systems armed with multiple GPUs, and learn from the results so they can refine their strategies and algorithms. They also keep accumulating more and more "hashes" (basically digital fingerprints) of the top tens of millons of passwords that people actually pick in real life.
    99 percent of sites don't need real passwords... For instance how much security do you need for BF? Are you buying or selling anything here, is your bank account exposed, or is it just to maintain your unique identity?

    Do I need a secure password to access the local newspaper site to read the news? How about My Yahoo? The list goes on... unless your money or precious data is involved... you can use cheap passwords for most of the sites that require passwords.

  16. #16
    derailleurs are overrated bigbenaugust's Avatar
    Join Date
    Feb 2005
    Location
    KIGX
    My Bikes
    2009 Motobecane Fantom CX, 2012 Motobecane Fantom Cross Uno SSCX
    Posts
    1,718
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    I gave my BF password to the Official BikeForums Tech Support Team in Nigeria.
    --Ben
    Carrboro Bike Coalition - putting the "bike" in "CARrboro" :)
    2011 Motobecane Fantom Cross Uno, 2009 Motobecane Fantom CX
    Previously: 2000 Trek 4500 (2000-2003), 2003 Novara Randonee (2003-2006), 2003 Giant Rainier (2003-2008), 2005 Xootr Swift (2005-2007), 2007 Nashbar 1x9 (2007-2011), 2011 Windsor Shetland (2011-2014)
    Current Linux Usage (by machine): Arch: I Debian: I openSUSE: II

  17. #17
    Me and the cat... Pamestique's Avatar
    Join Date
    Jun 2006
    Location
    Tustin, CA
    My Bikes
    2002 Lemond Zurich, 2006 Santa Cruz Superlight, 2010 Landshark, 2012 Santa Cruz Juliana, 2014 Juliana Premiero Origin 29er and last but not least, the "Frankenweenie"!
    Posts
    4,410
    Mentioned
    7 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by ModoVincere View Post
    No thanks...but I'll take access to teh womenz forum.
    Trust me you don't want access... its the boringest forum on the Board! I don't go there its so boring...
    ______________________________________________________________

    Private docent led mountain bike rides through Limestone Canyon. Go to letsgooutside.org and register today! Also available: hikes, equestrian rides and family events as well as trail maintenance and science study.

  18. #18
    derailleurs are overrated bigbenaugust's Avatar
    Join Date
    Feb 2005
    Location
    KIGX
    My Bikes
    2009 Motobecane Fantom CX, 2012 Motobecane Fantom Cross Uno SSCX
    Posts
    1,718
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Pamestique View Post
    Trust me you don't want access... its the boringest forum on the Board! I don't go there its so boring...
    NorCal is pretty boring. They should compete to see which is the most boring.
    --Ben
    Carrboro Bike Coalition - putting the "bike" in "CARrboro" :)
    2011 Motobecane Fantom Cross Uno, 2009 Motobecane Fantom CX
    Previously: 2000 Trek 4500 (2000-2003), 2003 Novara Randonee (2003-2006), 2003 Giant Rainier (2003-2008), 2005 Xootr Swift (2005-2007), 2007 Nashbar 1x9 (2007-2011), 2011 Windsor Shetland (2011-2014)
    Current Linux Usage (by machine): Arch: I Debian: I openSUSE: II

  19. #19
    Chepooka StupidlyBrave's Avatar
    Join Date
    Sep 2006
    Location
    South Central PA
    My Bikes
    1990 Trek 1400 7spd; 2001 Litespeed Arenberg 10 speed
    Posts
    1,155
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by bigbenaugust View Post
    I gave my BF password to the Official BikeForums Tech Support Team in Nigeria.
    They are also the ones who gave me your shipping address when I had all those cases of Yoo-Hoo to get rid of.

  20. #20
    derailleurs are overrated bigbenaugust's Avatar
    Join Date
    Feb 2005
    Location
    KIGX
    My Bikes
    2009 Motobecane Fantom CX, 2012 Motobecane Fantom Cross Uno SSCX
    Posts
    1,718
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by StupidlyBrave View Post
    They are also the ones who gave me your shipping address when I had all those cases of Yoo-Hoo to get rid of.
    Those Nigerians are most helpful at times.
    --Ben
    Carrboro Bike Coalition - putting the "bike" in "CARrboro" :)
    2011 Motobecane Fantom Cross Uno, 2009 Motobecane Fantom CX
    Previously: 2000 Trek 4500 (2000-2003), 2003 Novara Randonee (2003-2006), 2003 Giant Rainier (2003-2008), 2005 Xootr Swift (2005-2007), 2007 Nashbar 1x9 (2007-2011), 2011 Windsor Shetland (2011-2014)
    Current Linux Usage (by machine): Arch: I Debian: I openSUSE: II

  21. #21
    Cool Beans MangoPumpkin's Avatar
    Join Date
    Jun 2010
    Location
    Lancaster County, PA
    My Bikes
    Raleigh Cadent
    Posts
    165
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by StupidlyBrave View Post
    They are also the ones who gave me your shipping address when I had all those cases of Yoo-Hoo to get rid of.
    Or lots of candy bars.....dangit!
    I've got your restraining order right here. [grabs crotch] Restrain this!

  22. #22
    Still spinnin'..... Stealthammer's Avatar
    Join Date
    May 2009
    Location
    Whitestown, IN
    My Bikes
    Fisher Opie freeride/urban assault MTB, Redline Monocog 29er MTB, Serrota T-Max Commuter, Klein Rascal SS, Salsa Campion Road bike, Pake Rum Runner FG/SS Road bike, Cannondale Synapse Road bike, Santana Arriva Road Tandem, and others....
    Posts
    1,195
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by bigbenaugust View Post
    Quote Originally Posted by Pamestique View Post
    Trust me you don't want access... its the boringest forum on the Board! I don't go there its so boring...
    NorCal is pretty boring. They should compete to see which is the most boring.
    [OT] Sorry OP....

    Actually in the late '80s and '90s there was a group of women who called themselves the W.O.M.B.A.T.S. (Women's Offroad Mountain Biking And Tea Society, I believe) in NorCal and they were anything but boring. I believe that they are still around, but what I remember of them most is that they were really exceptional mountain bikers who impressed anyone who ever saw them ride. Jacquie Phelan (alias "Alice B. Toeclips") was the founder I believe (and a co-founded NORBA too, IIRC) and she the woman's NORBA Champion for several years, and a staunch advocate of mountain biking and bicycling in general. It would be very cool to see her contribute to the BF. She would blow the doors off the place!

    [/OT]
    Just your average 'high-functioning' lunatic, capable of passing as 'normal' for short periods of time.....

    The difference between genius and stupidity is; genius has its limits. - Albert Einstein

    We all know that light travels faster than sound. That's why certain people appear bright until you hear them speak. - Albert Einstein

  23. #23
    Senior Member Keith99's Avatar
    Join Date
    Apr 2005
    Posts
    5,728
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Artkansas View Post
    And you probably want different levels of security. Does your bikeforums password need to be as secure as your bank password?
    Bingo.

    I don't much care if someoen cracking my password here can get onto other social sites. Makes a huge difference if they can get onto my bank account however.

    I would not suggest password management software. Sooner or later someone will break it and ....

    One trick suggested by a coworker is use the first letters of a phrase of title.

    iwtbotiwtwot for example is the start of a rather famous book and actually a poor choice it sort of repeats.

    Throwing in a cipital letter, a bit of leet speak or even jsut a trailing number or letter still helps.

    BUT a huge percentage of security breaches is because someone writes it down. Pick something you can remember and if needed write down somethgin to remind you, but not the passwork itself.
    Perish any man who suspects that these men either did or suffered anything unseemly.

  24. #24
    Senior Member Keith99's Avatar
    Join Date
    Apr 2005
    Posts
    5,728
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Closed Office View Post
    I think the article went for the more sensational sort of 'be very afraid' information. Any site with important information doesn't let you try a billion passwords a second. After 5 failed attempts you have to wait 5 or 15 minutes. At that rate it would take at least a billion years to crack mine.
    I'm pretty sure this site does that. The ones with important information log all failed attempts and report to system administrators. At the very least for any lockouts, likely for anything more than one failure within a specified time less than a half hour.
    Perish any man who suspects that these men either did or suffered anything unseemly.

  25. #25
    Senior Member Keith99's Avatar
    Join Date
    Apr 2005
    Posts
    5,728
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    One thing left out, account access is only as secure as the back door.

    You know those questions they use to reset the password for accounts. If you pick favorite football team and pick the pro team for yuor city how secure do you think that is?

    Oh you will find out next time you try to logon, which if it is for your bank account may be when your debit card stops working.

    If yuo are like me and your favorite 'football' team is not gridiron or in country you are in you have a better chance.
    Perish any man who suspects that these men either did or suffered anything unseemly.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •