Cycling and bicycle discussion forums. 
   Click here to join our community Log in to access your Control Panel  


Go Back   > >

Foo Off-Topic chit chat with no general subject.

User Tag List

Reply
 
Thread Tools Search this Thread
Old 08-21-12, 11:39 PM   #1
mechBgon
Senior Member
Thread Starter
 
mechBgon's Avatar
 
Join Date: Jul 2002
Bikes:
Posts: 6,957
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Are you reusing passwords on multiple websites?

This is a good article on password cracking: http://arstechnica.com/security/2012...under-assault/

Points to take away:

1. don't re-use the same password at multiple sites. If/when one site gets compromised, you want the damage to stop there.

2. don't rely on "mangling" a word (e.g. g0lfba11 in place of golfball) or simply tack on numerals or symbols (kittens!!!1). They're wise to your tricks

3. If possible, avoid any dictionary basis for your passwords at all. To make this easier, consider using a password-manger software like LastPass, or a fingerprint scanner & software (I use an Authentec Eikon Solo for this), so you can use truly strong, lengthy passwords that are unique for each site, without having to remember them all.

4. my tip: if you can get away with it, add at least one "special" character that wouldn't be found on a normal keyboard. For example, hold ALT and type 1098 on the keypad, and when you let go, you get a (in Windows, anyway). This is a game-changer for a ******* since they're almost certainly going to crack for the standard keyboard characters only. I realize this isn't feasible for everyone (laptops, phones). Some sites will not allow special characters, either.


The article isn't just another article on how to pick a strong password. They show how crackers get their hands on literally millions of passwords at a shot, brute-force them on specially-constructed systems armed with multiple GPUs, and learn from the results so they can refine their strategies and algorithms. They also keep accumulating more and more "hashes" (basically digital fingerprints) of the top tens of millons of passwords that people actually pick in real life.

Last edited by mechBgon; 08-22-12 at 12:05 AM.
mechBgon is offline   Reply With Quote
Old 08-22-12, 05:00 AM   #2
Wolfvegas
Senior Member
 
Wolfvegas's Avatar
 
Join Date: Feb 2012
Location: Nova Scotia, CANADA
Bikes: CCM 21 speed big box special.....
Posts: 237
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Yup, almost as easy as cracking photobucket accounts I must say all you need is the proper fuscker tool
Wolfvegas is offline   Reply With Quote
Old 08-22-12, 06:24 AM   #3
ModoVincere
Riding Heaven's Highways on the grand tour
 
ModoVincere's Avatar
 
Join Date: Aug 2006
Bikes:
Posts: 1,675
Mentioned: 1 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
meh....when you have an online persona like mine, no one wants to crack your account.
__________________
1 bronze, 0 silver, 1 gold
ModoVincere is offline   Reply With Quote
Old 08-22-12, 06:31 AM   #4
Artkansas 
Pedaled too far.
 
Artkansas's Avatar
 
Join Date: Oct 2005
Location: La Petite Roche
Bikes:
Posts: 12,855
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 2 Post(s)
And you probably want different levels of security. Does your bikeforums password need to be as secure as your bank password?
__________________
"He who serves all, best serves himself" Jack London

Quote:
Originally Posted by Bjforrestal View Post
I don't care if you are on a unicycle, as long as you're not using a motor to get places you get props from me. We're here to support each other. Share ideas, and motivate one another to actually keep doing it.
Artkansas is offline   Reply With Quote
Old 08-22-12, 06:43 AM   #5
Stealthammer
Still spinnin'.....
 
Stealthammer's Avatar
 
Join Date: May 2009
Location: Whitestown, IN
Bikes: Fisher Opie freeride/urban assault MTB, Redline Monocog 29er MTB, Serrota T-Max Commuter, Klein Rascal SS, Salsa Campion Road bike, Pake Rum Runner FG/SS Road bike, Cannondale Synapse Road bike, Santana Arriva Road Tandem, and others....
Posts: 1,208
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by mechBgon View Post
.....For example, hold ALT and type 1098 on the keypad, and when you let go, you get a (in Windows, anyway).......
Yep, ASCII keyboard codes are a bit of a "hidden" secret that just about foolproofs your passwords that generally even most programmers overlook, but be sure to use the numeric pad on the right side of yout keyboard and not the numeric keys above the lettered keys.

ASCII Keyboard Codes
Stealthammer is offline   Reply With Quote
Old 08-22-12, 07:08 AM   #6
Closed Office
Senior Member
 
Join Date: May 2008
Location: Calgary, Alberta
Bikes:
Posts: 679
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
I think the article went for the more sensational sort of 'be very afraid' information. Any site with important information doesn't let you try a billion passwords a second. After 5 failed attempts you have to wait 5 or 15 minutes. At that rate it would take at least a billion years to crack mine.
Closed Office is offline   Reply With Quote
Old 08-22-12, 08:14 AM   #7
mechBgon
Senior Member
Thread Starter
 
mechBgon's Avatar
 
Join Date: Jul 2002
Bikes:
Posts: 6,957
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by Closed Office View Post
I think the article went for the more sensational sort of 'be very afraid' information. Any site with important information doesn't let you try a billion passwords a second. After 5 failed attempts you have to wait 5 or 15 minutes. At that rate it would take at least a billion years to crack mine.
Good point. But let's say I use the same password at BF and at my primary email account. If BF gets hacked, now they own my email account and can send password-reset requests to it from my bank, PayPal, eBay, and so forth. And then they own them too. A chain's as strong as... yeah.

Another article on the subject: Own the email, own the person It refers to the recent incident where writer Mat Honan ended up so thoroughly pwned that the attackers were able to remote-wipe his iPad and iPhone.

Bottom line, there are some habits that can be unlearned and avoided to help limit the damage potential.
mechBgon is offline   Reply With Quote
Old 08-22-12, 09:38 AM   #8
jsharr
You Know!? For Kids!
 
jsharr's Avatar
 
Join Date: Apr 2005
Location: Just NW of Richardson Bike Mart
Bikes: '05 Trek 1200 / '90 Trek 8000 / '? Falcon Europa
Posts: 6,157
Mentioned: 3 Post(s)
Tagged: 0 Thread(s)
Quoted: 3 Post(s)
No one will ever guess my pa55w0rd.
__________________
Are you a registered member? Why not? Click here to register. It's free and only takes 27 seconds! Help out the forums, abide by our community guidelines.
Quote:
Originally Posted by colorider View Post
Phobias are for irrational fears. Fear of junk ripping badgers is perfectly rational. Those things are nasty.
jsharr is offline   Reply With Quote
Old 08-22-12, 10:29 AM   #9
black_box
Fax Transport Specialist
 
black_box's Avatar
 
Join Date: May 2008
Location: chicago burbs
Bikes: '17 giant propel, '07 fuji cross pro, '10 gary fisher x-caliber
Posts: 944
Mentioned: 2 Post(s)
Tagged: 0 Thread(s)
Quoted: 40 Post(s)
are passwords for sites such as BF commonly stored in plain text? I thought they were one-way hashed. Or is that reversible?
black_box is offline   Reply With Quote
Old 08-22-12, 11:18 AM   #10
Closed Office
Senior Member
 
Join Date: May 2008
Location: Calgary, Alberta
Bikes:
Posts: 679
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by black_box View Post
are passwords for sites such as BF commonly stored in plain text? I thought they were one-way hashed. Or is that reversible?
Passwords to forums are not stored as plain text. Even free forums like Simple Machines store them encrypted in a database. The forum admin themselves cannot see your passwords.
Closed Office is offline   Reply With Quote
Old 08-22-12, 11:22 AM   #11
Greg_R
Senior Member
 
Join Date: Jun 2008
Location: Portland, OR
Bikes: Surly LHT set up for commuting
Posts: 646
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 1 Post(s)
The obligatory XKCD post: http://xkcd.com/936/

Good article in Wired r.e. how easy it is to compromise Apple and Amazon security: http://www.wired.com/gadgetlab/2012/...honan-hacking/
Greg_R is offline   Reply With Quote
Old 08-22-12, 11:28 AM   #12
Greg_R
Senior Member
 
Join Date: Jun 2008
Location: Portland, OR
Bikes: Surly LHT set up for commuting
Posts: 646
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 1 Post(s)
Quote:
Originally Posted by black_box View Post
are passwords for sites such as BF commonly stored in plain text? I thought they were one-way hashed. Or is that reversible?
It only takes a few hours to brute force most passwords. The ARS article details how it's done.
Greg_R is offline   Reply With Quote
Old 08-22-12, 11:36 AM   #13
jsharr
You Know!? For Kids!
 
jsharr's Avatar
 
Join Date: Apr 2005
Location: Just NW of Richardson Bike Mart
Bikes: '05 Trek 1200 / '90 Trek 8000 / '? Falcon Europa
Posts: 6,157
Mentioned: 3 Post(s)
Tagged: 0 Thread(s)
Quoted: 3 Post(s)
When I was a mod here, we had access to the big basket of passwords. They were not encrypted or anything. We just kept them in a big 55 gallon barrel by the storeroom door. I think I kept my key to the storeroom. Want me to go get a handful of passwords for ya'll?
__________________
Are you a registered member? Why not? Click here to register. It's free and only takes 27 seconds! Help out the forums, abide by our community guidelines.
Quote:
Originally Posted by colorider View Post
Phobias are for irrational fears. Fear of junk ripping badgers is perfectly rational. Those things are nasty.
jsharr is offline   Reply With Quote
Old 08-22-12, 11:43 AM   #14
ModoVincere
Riding Heaven's Highways on the grand tour
 
ModoVincere's Avatar
 
Join Date: Aug 2006
Bikes:
Posts: 1,675
Mentioned: 1 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by jsharr View Post
When I was a mod here, we had access to the big basket of passwords. They were not encrypted or anything. We just kept them in a big 55 gallon barrel by the storeroom door. I think I kept my key to the storeroom. Want me to go get a handful of passwords for ya'll?
No thanks...but I'll take access to teh womenz forum.
__________________
1 bronze, 0 silver, 1 gold
ModoVincere is offline   Reply With Quote
Old 08-22-12, 12:43 PM   #15
genec
genec
 
genec's Avatar
 
Join Date: Sep 2004
Location: West Coast
Bikes: custom built, sannino, beachbike, giant trance x2
Posts: 24,975
Mentioned: 5 Post(s)
Tagged: 0 Thread(s)
Quoted: 905 Post(s)
Quote:
Originally Posted by mechBgon View Post
This is a good article on password cracking: http://arstechnica.com/security/2012...under-assault/

Points to take away:

1. don't re-use the same password at multiple sites. If/when one site gets compromised, you want the damage to stop there.

2. don't rely on "mangling" a word (e.g. g0lfba11 in place of golfball) or simply tack on numerals or symbols (kittens!!!1). They're wise to your tricks

3. If possible, avoid any dictionary basis for your passwords at all. To make this easier, consider using a password-manger software like LastPass, or a fingerprint scanner & software (I use an Authentec Eikon Solo for this), so you can use truly strong, lengthy passwords that are unique for each site, without having to remember them all.

4. my tip: if you can get away with it, add at least one "special" character that wouldn't be found on a normal keyboard. For example, hold ALT and type 1098 on the keypad, and when you let go, you get a (in Windows, anyway). This is a game-changer for a ******* since they're almost certainly going to crack for the standard keyboard characters only. I realize this isn't feasible for everyone (laptops, phones). Some sites will not allow special characters, either.


The article isn't just another article on how to pick a strong password. They show how crackers get their hands on literally millions of passwords at a shot, brute-force them on specially-constructed systems armed with multiple GPUs, and learn from the results so they can refine their strategies and algorithms. They also keep accumulating more and more "hashes" (basically digital fingerprints) of the top tens of millons of passwords that people actually pick in real life.
99 percent of sites don't need real passwords... For instance how much security do you need for BF? Are you buying or selling anything here, is your bank account exposed, or is it just to maintain your unique identity?

Do I need a secure password to access the local newspaper site to read the news? How about My Yahoo? The list goes on... unless your money or precious data is involved... you can use cheap passwords for most of the sites that require passwords.
genec is offline   Reply With Quote
Old 08-22-12, 01:02 PM   #16
bigbenaugust 
always rides with luggage
 
bigbenaugust's Avatar
 
Join Date: Feb 2005
Location: KIGX
Bikes: 2009 Fantom CX, 2012 Fantom Cross Uno, Bakfiets
Posts: 1,995
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 25 Post(s)
I gave my BF password to the Official BikeForums Tech Support Team in Nigeria.
__________________
--Ben
Carrboro Bike Coalition - putting the "bike" in "CARrboro" :)
2011 Motobecane Fantom Cross Uno, 2009 Motobecane Fantom CX, and a Bakfiets
Previously: 2000 Trek 4500 (2000-2003), 2003 Novara Randonee (2003-2006), 2003 Giant Rainier (2003-2008), 2005 Xootr Swift (2005-2007), 2007 Nashbar 1x9 (2007-2011), 2011 Windsor Shetland (2011-2014), 2008 Citizen Folder (2015)
Non-Bike hardware: Xubuntu / Ubuntu MATE / Mac OS 10.6 / Android 4.4 / CyanogenMod 13
bigbenaugust is offline   Reply With Quote
Old 08-22-12, 01:13 PM   #17
Pamestique 
Shredding Grandma!
 
Pamestique's Avatar
 
Join Date: Jun 2006
Location: So Cal
Bikes: I don't own any bikes
Posts: 4,805
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 8 Post(s)
Quote:
Originally Posted by ModoVincere View Post
No thanks...but I'll take access to teh womenz forum.
Trust me you don't want access... its the boringest forum on the Board! I don't go there its so boring...
__________________
______________________________________________________________

Private docent led mountain bike rides through Limestone Canyon. Go to letsgooutside.org and register today! Also available: hikes, equestrian rides and family events as well as trail maintenance and science study.
Pamestique is offline   Reply With Quote
Old 08-22-12, 01:14 PM   #18
bigbenaugust 
always rides with luggage
 
bigbenaugust's Avatar
 
Join Date: Feb 2005
Location: KIGX
Bikes: 2009 Fantom CX, 2012 Fantom Cross Uno, Bakfiets
Posts: 1,995
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 25 Post(s)
Quote:
Originally Posted by Pamestique View Post
Trust me you don't want access... its the boringest forum on the Board! I don't go there its so boring...
NorCal is pretty boring. They should compete to see which is the most boring.
__________________
--Ben
Carrboro Bike Coalition - putting the "bike" in "CARrboro" :)
2011 Motobecane Fantom Cross Uno, 2009 Motobecane Fantom CX, and a Bakfiets
Previously: 2000 Trek 4500 (2000-2003), 2003 Novara Randonee (2003-2006), 2003 Giant Rainier (2003-2008), 2005 Xootr Swift (2005-2007), 2007 Nashbar 1x9 (2007-2011), 2011 Windsor Shetland (2011-2014), 2008 Citizen Folder (2015)
Non-Bike hardware: Xubuntu / Ubuntu MATE / Mac OS 10.6 / Android 4.4 / CyanogenMod 13
bigbenaugust is offline   Reply With Quote
Old 08-22-12, 01:32 PM   #19
StupidlyBrave 
Chepooka
 
StupidlyBrave's Avatar
 
Join Date: Sep 2006
Location: South Central PA
Bikes: 1990 Trek 1400 7spd; 2001 Litespeed Arenberg 10 speed
Posts: 1,167
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 4 Post(s)
Quote:
Originally Posted by bigbenaugust View Post
I gave my BF password to the Official BikeForums Tech Support Team in Nigeria.
They are also the ones who gave me your shipping address when I had all those cases of Yoo-Hoo to get rid of.
StupidlyBrave is offline   Reply With Quote
Old 08-22-12, 01:46 PM   #20
bigbenaugust 
always rides with luggage
 
bigbenaugust's Avatar
 
Join Date: Feb 2005
Location: KIGX
Bikes: 2009 Fantom CX, 2012 Fantom Cross Uno, Bakfiets
Posts: 1,995
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 25 Post(s)
Quote:
Originally Posted by StupidlyBrave View Post
They are also the ones who gave me your shipping address when I had all those cases of Yoo-Hoo to get rid of.
Those Nigerians are most helpful at times.
__________________
--Ben
Carrboro Bike Coalition - putting the "bike" in "CARrboro" :)
2011 Motobecane Fantom Cross Uno, 2009 Motobecane Fantom CX, and a Bakfiets
Previously: 2000 Trek 4500 (2000-2003), 2003 Novara Randonee (2003-2006), 2003 Giant Rainier (2003-2008), 2005 Xootr Swift (2005-2007), 2007 Nashbar 1x9 (2007-2011), 2011 Windsor Shetland (2011-2014), 2008 Citizen Folder (2015)
Non-Bike hardware: Xubuntu / Ubuntu MATE / Mac OS 10.6 / Android 4.4 / CyanogenMod 13
bigbenaugust is offline   Reply With Quote
Old 08-22-12, 01:47 PM   #21
MangoPumpkin 
Cool Beans
 
MangoPumpkin's Avatar
 
Join Date: Jun 2010
Location: Lancaster County, PA
Bikes: Raleigh Cadent
Posts: 165
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by StupidlyBrave View Post
They are also the ones who gave me your shipping address when I had all those cases of Yoo-Hoo to get rid of.
Or lots of candy bars.....dangit!
__________________
I've got your restraining order right here. [grabs crotch] Restrain this!
MangoPumpkin is offline   Reply With Quote
Old 08-22-12, 02:06 PM   #22
Stealthammer
Still spinnin'.....
 
Stealthammer's Avatar
 
Join Date: May 2009
Location: Whitestown, IN
Bikes: Fisher Opie freeride/urban assault MTB, Redline Monocog 29er MTB, Serrota T-Max Commuter, Klein Rascal SS, Salsa Campion Road bike, Pake Rum Runner FG/SS Road bike, Cannondale Synapse Road bike, Santana Arriva Road Tandem, and others....
Posts: 1,208
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by bigbenaugust View Post
Quote:
Originally Posted by Pamestique View Post
Trust me you don't want access... its the boringest forum on the Board! I don't go there its so boring...
NorCal is pretty boring. They should compete to see which is the most boring.
[OT] Sorry OP....

Actually in the late '80s and '90s there was a group of women who called themselves the W.O.M.B.A.T.S. (Women's Offroad Mountain Biking And Tea Society, I believe) in NorCal and they were anything but boring. I believe that they are still around, but what I remember of them most is that they were really exceptional mountain bikers who impressed anyone who ever saw them ride. Jacquie Phelan (alias "Alice B. Toeclips") was the founder I believe (and a co-founded NORBA too, IIRC) and she the woman's NORBA Champion for several years, and a staunch advocate of mountain biking and bicycling in general. It would be very cool to see her contribute to the BF. She would blow the doors off the place!

[/OT]
Stealthammer is offline   Reply With Quote
Old 08-22-12, 03:10 PM   #23
Keith99
Senior Member
 
Keith99's Avatar
 
Join Date: Apr 2005
Bikes:
Posts: 5,866
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by Artkansas View Post
And you probably want different levels of security. Does your bikeforums password need to be as secure as your bank password?
Bingo.

I don't much care if someoen cracking my password here can get onto other social sites. Makes a huge difference if they can get onto my bank account however.

I would not suggest password management software. Sooner or later someone will break it and ....

One trick suggested by a coworker is use the first letters of a phrase of title.

iwtbotiwtwot for example is the start of a rather famous book and actually a poor choice it sort of repeats.

Throwing in a cipital letter, a bit of leet speak or even jsut a trailing number or letter still helps.

BUT a huge percentage of security breaches is because someone writes it down. Pick something you can remember and if needed write down somethgin to remind you, but not the passwork itself.
Keith99 is offline   Reply With Quote
Old 08-22-12, 03:19 PM   #24
Keith99
Senior Member
 
Keith99's Avatar
 
Join Date: Apr 2005
Bikes:
Posts: 5,866
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by Closed Office View Post
I think the article went for the more sensational sort of 'be very afraid' information. Any site with important information doesn't let you try a billion passwords a second. After 5 failed attempts you have to wait 5 or 15 minutes. At that rate it would take at least a billion years to crack mine.
I'm pretty sure this site does that. The ones with important information log all failed attempts and report to system administrators. At the very least for any lockouts, likely for anything more than one failure within a specified time less than a half hour.
Keith99 is offline   Reply With Quote
Old 08-22-12, 03:25 PM   #25
Keith99
Senior Member
 
Keith99's Avatar
 
Join Date: Apr 2005
Bikes:
Posts: 5,866
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
One thing left out, account access is only as secure as the back door.

You know those questions they use to reset the password for accounts. If you pick favorite football team and pick the pro team for yuor city how secure do you think that is?

Oh you will find out next time you try to logon, which if it is for your bank account may be when your debit card stops working.

If yuo are like me and your favorite 'football' team is not gridiron or in country you are in you have a better chance.
Keith99 is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -6. The time now is 07:49 PM.