Account Password Security

Be sure to use different security question answers as well. It looks like Blizzard was recently hacked and the secret answers were stored in plain-text. Their passwords were also stolen but you're probably not at a huge risk if you have a complicated password.

http://us.blizzard.com/en-us/securityupdate.html

"

zeto wrote:

You wouldn't ever use a dictionary with 170k words though.. you'd use one with words people actually use, which is probably still a lot, but nowhere near that size.

Let's say it's 2000 words.

Umm, I think you forgot that some people here are NOT english! Add eu dictionnaries and you might reach the 170k :D


btw when making sentences with whole words, don't forget spaces ^^

My standard password cracking dictionary is currently 9.9 million words.

Some casino and poker sites i used to visit used an additional 3-4 digit pin number once you set up an account.
So for someone to hack it they had to have username, password and pin number, so maybe look into that...the extra layer seems to work for them.

"

CyberDaemonicTroll wrote:

Some casino and poker sites i used to visit used an additional 3-4 digit pin number once you set up an account.
So for someone to hack it they had to have username, password and pin number, so maybe look into that...the extra layer seems to work for them.

I question systems like this. The question becomes.. why? What does having 2 passwords, one vastly inferior to the other, do?

The only way I see this being valuable is if the two are stored remotely on 2 separate systems that are not implemented in the same way. Therefore if a hack does occur they only have half the password.

"

zeto wrote:

"

CyberDaemonicTroll wrote:

Some casino and poker sites i used to visit used an additional 3-4 digit pin number once you set up an account.
So for someone to hack it they had to have username, password and pin number, so maybe look into that...the extra layer seems to work for them.

I question systems like this. The question becomes.. why? What does having 2 passwords, one vastly inferior to the other, do?

The only way I see this being valuable is if the two are stored remotely on 2 separate systems that are not implemented in the same way. Therefore if a hack does occur they only have half the password.

I'll concede that it was Probably an unfair comparison....i don't know what their running costs are for their systems, the casinos usually have 256-bit ssl and almost certainly run a seperate server for the games.

I'd not be surprised if those pins are just a marketing and/or psychological trick.

i use a really easy password :(

I didn't read through all 9 pages to see if someone already posted this... sorry...

One of the better ways I've seen to get a hard to guess password that's different for every site is by using the following system:

pick a phrase you like, I'll use my signature as an example but it's best to use a phrase you neither say nor use on the net. Then take the first letter of each word: bthowoysttm

Change some letters to numbers/symbols (use the ones you'll remember):
bt40w0y5ttm

Take a portion of the website name:
elixe

Add:
bt40w0y5ttm31ix3

Looks like complete gibberish but is easy to remember, and is unique to each service you use. My own mother has no clue what phrase I use, nor what part of the web name I use (has it's own easy to remember system to make it different for each service), has no idea what numbers and/or symbols I may use (again, it's own system), and has no idea where within the password I may add the altered web name.

:)

You can make password like this 123hellojack!@# this type passwords are mostly secured.

Good to hear that the passwords are hashed & salted. I hope it's at least bcrypt or PBKDF2. MD5 or similar hashes are not secure anymore.