HomeLatest ThreadsGreatest ThreadsForums & GroupsMy SubscriptionsMy Posts
DU Home » Latest Threads » Forums & Groups » Main » General Discussion (Forum) » Kill the Password: Why a ... » Reply #26

Response to Jim Lane (Reply #14)

Thu Nov 22, 2012, 12:24 PM

26. Probably not.

As UnrepentantLiberal notes, there are programs that can guess, in theory, millions in a few seconds.

In practice, it's much longer. Passwords are nowadays stored on a server in one-way encrypted form (hash). When you enter your password, the server uses the same encryption algorithm on your entry and compares it to the encrypted form on the server. There is no way to decode it, which is why you can't retrieve your passwords any more - they need to be reset.

Any secure website will disable an account after x number of tries (usually under ten), and a round trip HTTP authentication takes at least a second. So you might be able to guess ten passwords in ten seconds, but then you would have to re-enable the account. Practically speaking, a five-character pseudo-random password with upper/lower alpha and numerals is sufficient protection against brute force attacks for anything except your investment/banking accounts.

By a factor of thousands (millions?) the biggest risk you face is by not keeping your password secret.

The next biggest risk is by using a simple password. I always discounted the ability of hackers to guess simple passwords until I had a client's website hacked through (what we found out later to be) a guess. His password? "Butthead".




Reply to this post

Back to OP Alert abuse Link to post in-thread

Always highlight: 10 newest replies | Replies posted after I mark a forum
Replies to this discussion thread
Arrow 34 replies Author Time Post
UnrepentantLiberal Nov 2012 OP
wildbilln864 Nov 2012 #1
customerserviceguy Nov 2012 #2
Canuckistanian Nov 2012 #9
TheBlackAdder Nov 2012 #12
wtmusic Nov 2012 #27
3c273a Nov 2012 #3
Posteritatis Nov 2012 #4
XemaSab Nov 2012 #10
ProfessionalLeftist Nov 2012 #5
gtar100 Nov 2012 #30
Shankapotomus Nov 2012 #6
behindthe8ballnchain Nov 2012 #7
AsahinaKimi Nov 2012 #8
wtmusic Nov 2012 #11
UnrepentantLiberal Nov 2012 #13
Jim Lane Nov 2012 #14
UnrepentantLiberal Nov 2012 #21
LineLineLineNew Reply Probably not.
wtmusic Nov 2012 #26
RomneyLies Nov 2012 #19
wtmusic Nov 2012 #23
Edweird Nov 2012 #15
NYC Liberal Nov 2012 #16
hobbit709 Nov 2012 #17
MyNameGoesHere Nov 2012 #18
Tracer Nov 2012 #20
backscatter712 Nov 2012 #25
Egalitarian Thug Nov 2012 #22
backscatter712 Nov 2012 #24
gtar100 Nov 2012 #28
unblock Nov 2012 #29
SWTORFanatic Nov 2012 #31
mrsadm Nov 2012 #32
UnrepentantLiberal Nov 2012 #34
cherokeeprogressive Nov 2012 #33
Please login to view edit histories.