Account Password Security
|
You wouldn't ever use a dictionary with 170k words though.. you'd use one with words people actually use, which is probably still a lot, but nowhere near that size.
Let's say it's 2000 words. 1.6x10^13 Additionally, doing online attacks is stupid though common, and almost all significant attacks are done on offline sources. The grc.com cracker calculator reports a search space of 10^14 would be able to be cracked in 24 minutes and 5x10^12 in 1 minute. Therefore a rough guess of 10 seconds was a little low, but still a reasonable guess. At 10^20 which is what you suggested with 170k words, their massive array calculation returns a mere 3 weeks to crack it. If you have account problems please [url="http://www.pathofexile.com/support"]Email Support[/url]
| |
" That is significantly shorter than 1.6 trillion years. I'm going to have to check out their site and see what sort of calculations they're doing to come up with that number. I would think anything with 10^20 permutations would be nigh impossible to crack, considering that's the length of a credit card # plus the month/year and the 3 digit secure code... TehHammer is not a crime!
|
|
|
I agree that most word-only passwords wouldn't utilize the majority of the English language. Studies have found that university-educated English-speakers have 20,000 or less (depending on the study) words in their vocabularies.
This is a case where the devolution of the language is actually beneficial: even though the spoken language is becoming somewhat simpler over time, people are now accustomed to using incorrect and slang spellings, which artificially enlarges the written vocabulary. This is great for passwords. Closed Beta/Alpha Tester back after a 10-year hiatus.
First in the credits! |
|
" passwords with whole words in them are much more susceptible to dictionary attacks |
|
" A single number or other character between any word however makes such an attack nearly impossible without knowing the format. As previously discussed, correcthorsebatterystaple using a reasonable dictionary size containing those words would return in a minute or so on a massive array. However if you add anything between the words it makes the dictionary attack moot without knowing roughly the format and would take months or years to crack potentially. If you have account problems please [url="http://www.pathofexile.com/support"]Email Support[/url]
| |
|
I will freely admit that I am pretty much clueless when it comes to hacking or anything else.. I follow the typical rules.
1. mix some numbers in 2. mix some capital letters in 3. don't use 'password' or '123456' 4. use different pw's for different sites. 5. change them up. I am wondering though, if I use my security softwares virtual keyboard to type in my password every time (for the game or for my bank) is there any way they can get that? . "the premier Action RPG for hardcore gamers." -GGG Happy hunting/fishing Last edited by Wittgenstein#0994 on Jun 16, 2012, 12:42:44 AM
|
|
|
Everything is get'able... just depends how much effort is required. I'm actually not sure what a virtual keyboard does for you that a regular one does not, but whatevs. (someone might claim it bypasses a keyboard hook, but that depends on the method the virtual keyboard uses to input I would assume.)
Here are perhaps the best rules (that I can think of): 1) most important rule, keep it something you can remember. Looking at the xkcd pic it explains why complicated hard to remember passwords are bad. 2) If you look at the combinatorics, you only need 1 number, 1 capital, 1 lowercase, and 1 punctuation to extract the maximum value of permutation. Therefore,this1 is bEtt3rTh4nTh!s 3) Must be longer than 12 characters to be secure against current computers... These basic rules put the average time to crack at 50 years using a massive array. It also prevents dictionary attacks. Nobody cares about your POE characters or even your bank records that much to ever accomplish this cracking feat ;) Someone is FAR more likely to then figure out how to break the algorithm or develop a quantum computer algorithm to brute force it in those 50 years. If you have account problems please [url="http://www.pathofexile.com/support"]Email Support[/url]
| |
|
Virtual keyboards are all well and good for avoiding low-level keyloggers (the hardware kind). Some of them scramble the keys randomly to avoid click location logging and to make it harder to visually see what someone is clicking.
I generally follow DoD password schemes, plus a few extra characters to up the count. It's what I'm used to, and we obviously have a high standard for security. Closed Beta/Alpha Tester back after a 10-year hiatus.
First in the credits! |
|
|
My very first password on an online game ever, back in the early 1990's was... *drum roll*... zeto. The same name as my character that I played heh.
If you have account problems please [url="http://www.pathofexile.com/support"]Email Support[/url]
| |
" What are the password validation? There are websites from big companies that still won't let me enter anything else than letters and numbers. Not even space. And no more than 12 characters. It's amazing. People talk about security all day but you still have very restricted limitations for passwords which make the whole discussion completely irrelevant. I'm using passphrases when I can, so easy to remember: "i like path of exile its full of monkeys" EDIT: But yeah, in gaming it seems trojans is the biggest culprit and unfortunately developers can't do much about it. I never used an anitvirus on Windows until the day I was hit by a zero-day exploit that stole my FTP passwords and injected code in all my php pages. It was a vulnerability in Adobe PDF Reader plugin... in Firefox. Last edited by DeF46#3887 on Jun 17, 2012, 7:44:24 AM
|
|
