I know this doesn't belong in this forum, but I think it deserves exposure it wouldn't get in the computer forum....

Is anyone changing passwords in their various accounts across the sites they use in light of the recent data breach and theft of 1.8 billion passwords by Russian hackers? I haven't as yet, but am putting a plan of action together to do something about it over the weekend....

In perspective 1.8 accounts breached isnt that much when you look at the possibility of total accounts being in the trillions.


I would say if you do not have atleast a capital lettet a lower case letter and a numbet in you password i would do so to protect valuable info.

Keep in mind a special character like # doesnt hurt either.
Posted from my iPhone/Mobile device

I think everyone should change their passwords on everything based on the amount of commonality people use.

I had my medium secure password, 8 random character / numbers, compromised or brute forced a few months back. I would recommend a 10-15 character uncommon phrase / song lyric with at least one upper case letter, a number, and a special character.

Never let the kids use the computer for gaming (or pR0n) that you do anything secure - including banking - on.

Password1!
Posted from my iPhone/Mobile device

Hold security reported this 2 (two) months ago. They were just working on a way to monetize it so you can check to see if your stuff is affected. Monay monay monay!!!!

sql injections like a mf'er!

Yeah 10+ characters, upper and lower case, special characters help(!@~#%^&*), never full words found in dictionary (brute force step1)


4.5 billion

Th!55I$myP@55w0Rd!

Something like this or use a password vault like robo form.

Invalid Password

Asstastic
Posted from my iPhone/Mobile device

Invalid Password

Agreed
Posted from my iPhone/Mobile device

First letters of a song you can't get out of you head is good I suppose.
Posted from my iPhone/Mobile device

First letters of a song you can't get out of you head is good I suppose.
Posted from my iPhone/Mobile device

Cocacabana

Changed 'em all that were important or financially related/connected.

"What song is it you want to hear?" - RIP Ronnie

However strong your password if it is stored on a websites server it could be retrieved if hacked.
Posted from my iPhone/Mobile device

I thought passwords were only stored hashed?

-spence

I thought passwords were only stored hashed?

-spence

Makes sense like spence
Posted from my iPhone/Mobile device

you'll laugh...........
because i have a very short memory (typically)
i change my passwords ALL the time
as a matter of course or habit
choosing to never remember them
and so i constantly change them

i remember the answers to secret questions tho
because they are historically easy to remember

Churchofapplientology
Posted from my iPhone/Mobile device

MillerLite
Posted from my iPhone/Mobile device

^that might be a little easy to figure out for some
Posted from my iPhone/Mobile device

Food for thought without getting too sexy.

Ordinary desktop computers can test over a hundred million passwords per second using password cracking tools that run on a general purpose CPU and billions of passwords per second using GPU-based password cracking tools.[4] (http://en.wikipedia.org/wiki/Password_cracking#cite_note-4)[5] (http://en.wikipedia.org/wiki/Password_cracking#cite_note-bugcharmer-5)[6] (http://en.wikipedia.org/wiki/Password_cracking#cite_note-6) See: John the Ripper (http://en.wikipedia.org/wiki/John_the_Ripper) benchmarks.[7] (http://en.wikipedia.org/wiki/Password_cracking#cite_note-7) A user-selected eight-character password with numbers, mixed case, and symbols, reaches an estimated 30-bit strength, according to NIST. 230 is only one billion permutations and would take an average of 16 minutes to crack.[8] (http://en.wikipedia.org/wiki/Password_cracking#cite_note-NIST-8) When ordinary desktop computers are combined in a cracking effort, as can be done with botnets (http://en.wikipedia.org/wiki/Botnet), the capabilities of password cracking are considerably extended. In 2002, distributed.net (http://en.wikipedia.org/wiki/Distributed.net) successfully found a 64-bit RC5 (http://en.wikipedia.org/wiki/RC5) key in four years, in an effort which included over 300,000 different computers at various times, and which generated an average of over 12 billion keys per second.[9] (http://en.wikipedia.org/wiki/Password_cracking#cite_note-distributed-9) Graphics processors (http://en.wikipedia.org/wiki/Graphics_processor) can speed up password cracking by a factor of 50 to 100 over general purpose computers. As of 2011, available commercial products claim the ability to test up to 2,800,000,000 passwords a second on a standard desktop computer using a high-end graphics processor.[10] (http://en.wikipedia.org/wiki/Password_cracking#cite_note-elcomsoft-10) Such a device can crack a 10 letter single-case password in one day. Note that the work can be distributed over many computers for an additional speedup proportional to the number of available computers with comparable GPUs.

Most services will lock the account in a few attempts, a good software will stop and try again later, however sites are getting smartet and locking sooner.
Posted from my iPhone/Mobile device

and so....... does the same apply (graphically speaking) using a powerful GPU
if your using a photo as your password?

I am an Advisory Board Member for a startup called AnchorId.

The company will go live next month and will use voice bio-metrics for passwords. Absolutely foolproof. Even if you made a copy of someone's voice it wouldn't work as the systems makes you change the phrase every time you log in.

It's based on how you say things and the voice print generated so it doesn't matter what you say it's your own individual voice print that is generated. More to come.

I am an Advisory Board Member for a startup called AnchorId.

The company will go live next month and will use voice bio-metrics for passwords. Absolutely foolproof. Even if you made a copy of someone's voice it wouldn't work as the systems makes you change the phrase every time you log in.

It's based on how you say things and the voice print generated so it doesn't matter what you say it's your own individual voice print that is generated. More to come.

yeah Baby
I'm IN