Spring RTS Engine

Passwords should be no less than 12 characters using a mix of upper and lower case letters with numbers and symbols.

An easy way yo generate a secure password that is easy to learn and remember... Come up with a password of sufficient length, then, run it through a leet speek generator.

Any password with non-keyboard-characters is essentially un-guessable (because the scripts didn't even try them) while being easy to remember... I once used a password with a ╬▓ in place of a B in a dictionary word for example.

The way to do this is to figure out the keystroke for the character.

for example if you have a password of "password§" you would type it as
p a s s w o r d ALT( 7 8 9 ) which is really easy to remember but is about 3 orders of magnitude less likely to be guessed.

"mercury" on the other hand was pretty easy!

Forboding Angel wrote:Passwords should be no less than 12 characters using a mix of upper and lower case letters with numbers and symbols.

if this was my bank and not some shit community maybe.

smoth wrote:

Forboding Angel wrote:Passwords should be no less than 12 characters using a mix of upper and lower case letters with numbers and symbols.

if this was my bank and not some shit community maybe.

This. The system will punt any bot that keeps attempting over and over again. You want to be out of the first 10,000 guesses, not the first billion. Just don't be the low-hanging fruit, that's all.

I am so confused by your post

Hacker posing as SinbadEV wrote:"mercury" on the other hand was pretty easy!

Jerk Face... I hate you forever... I liked that password.

smoth wrote:

Forboding Angel wrote:Passwords should be no less than 12 characters using a mix of upper and lower case letters with numbers and symbols.

if this was my bank and not some shit community maybe.

I have 6 passwords of varying strength that I use. For most things I use 16 character mixed upper lower numbers and symbols, and that one is what I consider to be one of my less secure ones.

My paypal account is guarded by 20 characters same as above, and my most secure pass that I only use for one thing is 32 characters same as above (I hide all the midget on goat porn behind that one... oh and bank stuff ).

Basically if you wanna learn a new password, set it as your winbloze logon password. Within a few days you'll have it memorized.

I have 8 and I use them on my email and bank for cycling

all my online games use the same password.
all my job search sites use the same ones.

only spring sites get bullshit passwords because this place is filled with dicks I never expose my bank or email cycle passwords to this ass filled sandwich.

this site doesn't warrant using good password.

grrr grrr my password is 123 grrr grrr take that spring

so uhm lately i did not get the captcha anymore i think this means they have my password now?

You have no idea teh rage-face I had when I found my bank had a 12-char password limit

and plz no longer pass, my brain wont handle...

longer pass means diddle. If it is a bot, it has all the time in the world. Unless you move to a full sentence you are just wasting time. Even then all the bot has to do is be more aggressive and use a few more zombies and boom now the bandwidth is choked as well. Just fing get over it, there is no such thing as security.

err, actually seeing as each additional character multiplies the number of potential combinations by >50 increasing length of password is very effective. +3 letters = 50*50*50 = 12500 x more power needed to crack. If it took one PC at 8 letters it takes 100 million pcs at 14 letters.

A fun read:
http://www.codinghorror.com/blog/2007/0 ... cking.html

The verdict?
Use lots of letters, use symbols, make sure your software is solid.
Oh, and send me a copy of the password, too.

these rainbow tables are only useful if you have the hashed password values aren't they? which would mean the server is already compromised.

if i understand this correct, yes.
They can turn passwords that are stored encrypted into readable passwords but you still have to steal the encrypted passwords first.
And if they are encrypted with a slightly algorithm, the rainbow tables will not work either. You would have to generate new tables with this algorithm and seeing how these tables are multiple GB large, that would take some time i think. And you would have to know the used algorithm too.

knorke wrote:lol@move from "Development" to "General".
shouldnt this be in "Site content"?

It's neither about spring development nor about site content.

knorke wrote:They can turn passwords that are stored encrypted into readable passwords but you still have to steal the encrypted passwords first.
And if they are encrypted with a slightly algorithm, the rainbow tables will not work either. You would have to generate new tables with this algorithm and seeing how these tables are multiple GB large, that would take some time i think. And you would have to know the used algorithm too.

They steal encrypted passwords but don't look at algorithm? Unlikely.

They steal encrypted passwords but don't look at algorithm? Unlikely.

They steal encrypted passwords look at algorithm but don't directly manipulate the accounts or w/e?
Unlikely.

But even if you know the algorithm you can not (simply) get a readable password from a passwordhash. Afaik that is the purpose of hashs?
ie md5 algorithm is not secret:
http://en.wikipedia.org/wiki/MD5#Pseudocode
Only thing you can do is

knorke wrote:generate new tables with this algorithm and seeing how these tables are multiple GB large, that would take some time i think.

ITT, Holy Hand Grenade of Antioch.