Discussion about account security

[shubla]

http://passwordsgenerator.net/#to
16 characters of randomly generated password should keep you safe.

[loftar]

This makes you lose your Haven account if you lose your e-mail account.

We had that discussion in the past: just send a mail to the old mail account with 'OK' and 'CANCEL', defaulting to ok after 30 days (which should be long enough to come back from holiday in case someone else initiated the change - but your H&H account would have been already compromised at that point anyway, else there would be no change request).

So in case you actively lost access to your old mail account (forgot password) you need to wait a while, in case you passively lost access to it (got hacked) you're shafted anyway.

Certainly, it would arguably be a nice thing, but as you also rightly point out, the account has already been compromised at that point, so it's not all that terribly helpful either. I've considered adding it from time to time and will continue to do so, but given the fairly marginal benefits, it just hasn't felt as enough of a priority yet.

well who ever it is was on my email cuse i saw the pass change email 8hours ago whats funny gmail did not see any suspicious activity

How would you conclude from that that he was on your e-mail account? Isn't that just the automated password change receipt?

[Onep]

http://passwordsgenerator.net/#to
16 characters of randomly generated password should keep you safe.

This stuff is bad and promotes unhealthy passwords that are impossible for humans to remember.
People should use more 'human' passwords that are actually possible for them to remember. Also, it's a million times easier to remember long password if it actually means something.
ie: TrollexIsAFilthyAnimal
That's a 22 character password that is infinitely easier to remember than "SAdjkl*&ASD^3123"

But, don't just take my word for it...


You should feel ashamed for even linking to an awful site like that to be honest.

[shubla]

http://passwordsgenerator.net/#to
16 characters of randomly generated password should keep you safe.

This stuff is autistic and promotes unhealthy passwords that are impossible for humans to remember.
People should use more 'human' passwords that are actually possible for them to remember. Also, it's a million times easier to remember long password if it actually means something.
ie: TrollexIsAFilthyAnimal
That's a 22 character password that is infinitely easier to remember than "SAdjkl*&ASD^3123"

But, don't just take my word for it...


You should feel ashamed for even linking to a degenerate site like that to be honest.

Most good programs know to replace some letters with numbers. Like "Cocaine" is "C0c41n3".
Humas are unable to come up with good passwords themselves. Majority of people are dumb as fuck and will still use something that is easy to guess.
Also, completely randomly generated passwords from many symbols letters and numbers are lot better than stuff like that.

[Onep]

http://passwordsgenerator.net/#to
16 characters of randomly generated password should keep you safe.

This stuff is autistic and promotes unhealthy passwords that are impossible for humans to remember.
People should use more 'human' passwords that are actually possible for them to remember. Also, it's a million times easier to remember long password if it actually means something.
ie: TrollexIsAFilthyAnimal
That's a 22 character password that is infinitely easier to remember than "SAdjkl*&ASD^3123"

But, don't just take my word for it...


You should feel ashamed for even linking to a degenerate site like that to be honest.

Most good programs know to replace some letters with numbers. Like "Cocaine" is "C0c41n3".
Humas are unable to come up with good passwords themselves. Majority of people are dumb as fuck and will still use something that is easy to guess.
Also, completely randomly generated passwords from many symbols letters and numbers are lot better than stuff like that.

You're missing the point. It's not about how random the password is; what really matters is the number of characters it has in it. Did you even look at the image I linked? Every character you add in compounds the time it takes to brute force the password. You said humans are incapable of good passwords... but I literally just linked the easiest way to create an exceptional password.

And if you really wanted to expand the character set you could even do: "correcthorsebatterystaple@1" to include non-alphanumerical characters.

[shubla]

You're missing the point. It's not about how random the password is; what really matters is the number of characters it has in it. Did you even look at the image I linked? Every character you add in compounds the time it takes to brute force the password.
If you really wanted to expand the character set you could even do: "correcthorsebatterystaple@1" to include non-alphanumerical characters.

Its maybe easier to remember but still not as good as vaGe_f?%|:\/IS.%TEc2LX\4^b_RVpfI
Of course correcthorsebatterystaple@1 is better than "12345". But its still quite easy to break compared to vaGe_f?%|:\/IS.%TEc2LX\4^b_RVpfI.

[Onep]

You're missing the point. It's not about how random the password is; what really matters is the number of characters it has in it. Did you even look at the image I linked? Every character you add in compounds the time it takes to brute force the password.
If you really wanted to expand the character set you could even do: "correcthorsebatterystaple@1" to include non-alphanumerical characters.

Its maybe easier to remember but still not as good as vaGe_f?%|:\/IS.%TEc2LX\4^b_RVpfI

The only way you would be able to use a password like that, is if you stored it somewhere. And storing your password so you can easily copy paste it or putting it on a sticky note is retarded.

[Onep]

Its maybe easier to remember but still not as good as vaGe_f?%|:\/IS.%TEc2LX\4^b_RVpfI
Of course correcthorsebatterystaple@1 is better than "12345". But its still quite easy to break compared to vaGe_f?%|:\/IS.%TEc2LX\4^b_RVpfI.

Quite easy to break? Really? At over 550 years with 1000 guesses a second, I would say that does not qualify as quite easy in any definition of the term. That is quite simply, absurd.

[shubla]

You're missing the point. It's not about how random the password is; what really matters is the number of characters it has in it. Did you even look at the image I linked? Every character you add in compounds the time it takes to brute force the password.
If you really wanted to expand the character set you could even do: "correcthorsebatterystaple@1" to include non-alphanumerical characters.

Its maybe easier to remember but still not as good as vaGe_f?%|:\/IS.%TEc2LX\4^b_RVpfI

The only way you would be able to use a password like that, is if you stored it somewhere. And storing your password so you can easily copy paste it or putting it on a sticky note is retarded.

I'd rather store my complicated password in a paper than use horsebattery. There are also some tools to save your passwords in encrypted databade. This way you only have to remember one password.

Its maybe easier to remember but still not as good as vaGe_f?%|:\/IS.%TEc2LX\4^b_RVpfI
Of course correcthorsebatterystaple@1 is better than "12345". But its still quite easy to break compared to vaGe_f?%|:\/IS.%TEc2LX\4^b_RVpfI.

Quite easy to break? Really? At over 550 years with 1000 guesses a second, I would say that does not qualify as quite easy in any definition of the term. That is quite simply, absurd.

I think that 550 years with 1000 guess a second was calculated by assuming that hacker bruteforces and tries all combinations of numbers and letters and symbols starting from number 0
If hacker uses some other methods than bruteforcing its a much shorter time.

[Onep]

I think that 550 years with 1000 guess a second was calculated by assuming that hacker bruteforces and tries all combinations of numbers and letters and symbols starting from number 0
If hacker uses some other methods than bruteforcing its a much shorter time.

Well, if your password is already compromised, is this really going to be doing good in the first place? Having the long password is simply in the interest of preventing simple brute force attempts. If you want to start adding in all sorts of external encryption and jargon, that's not really relevant to the argument I was making.