Author Topic: DISCUSSION: Why are passwords still getting cracked? (Read 5018 times)

Kiwi · « **on:** May 04, 2011, 12:13:44 AM »

From a computer log on, to a facebook account, many user accounts enforce a password policy where the password being set must comply with its rules in order to continue. These password policies are applied in order to prompt the user to set a strong password so that their account is secure.

However, amongst these policies the passwords are still being broken into. Are the policies not strict enough? Are we just keeping easy passwords? do people not know the risks?

granted people fall into scams and give away their passwords unknowingly, this is called social engineering. i believe this is human error. when it comes to social engineering people need to be more vigilant. but with password hacking its not under your control apart from making sure you have a strong password.

There will always be people out there that will hack accounts and crack passwords and gain information one way or another. but if there was one thing we could do about passwords specifically, there would be one less way for them to get us. What do you think should be done?

Hilly-of-the-Marshes · « **Reply #1 on:** May 04, 2011, 12:28:39 AM »

urm, i guess you could lock people out if their passwords are wrong too many times like your pin, some sites do this, like i think student finance does, but most still accept more tries until you get it right, so a brute force program could get through in time

Kiwi · « **Reply #2 on:** May 04, 2011, 12:31:41 AM »

The question is what do you think should be done?

Hilly-of-the-Marshes · « **Reply #3 on:** May 04, 2011, 02:27:21 AM »

Quote from: Kiwi on May 04, 2011, 12:31:41 AM

The question is what do you think should be done?

Quote from: Hilly-of-the-Marshes on May 04, 2011, 12:28:39 AM

you could lock people out if their passwords are wrong too many times like your pin

this will prevent brute force programs from working

i'm just saying it exists, but not many people use it, as it annoys people when they get locked out of their own accounts

in existing systems that work this way, you then get an email saying that someone's been trying to get into your account, and are told that it's been locked, then you have to spend some time unlocking it, and get given a random password, which you then are required to change next time you log in.

Also an additional system i just remembered, where my old Windows XP PC forced me to change my password once a month, and wouldn't accept the new password if it was the same as any of the last 30

JBardey · « **Reply #4 on:** May 04, 2011, 05:05:23 AM »

Perhaps try and slow down their attempts even further.

Every time you want to login you need to fill out a captcha (one of those squiggly word picture things) or a simple math equation?

Might prevent such an automated attempt, or at least slow them down as they need to automatically read the captcha using OCR first.

Jason · « **Reply #5 on:** May 04, 2011, 08:27:13 PM »

Ok several ideas for this problem

Method 1---Make all passwords 60 characters long and a mix of upper-lower-numbers-symbols

that would stop hackers logging on and also stop the user most of the time

Result --- much faster access times on the internet as most people can't get on due to their password

Method 2--- When a person is either caugt hacking or even suspected of hacking (or maybe even suspected of being capable of hacking ) Shoot them without a trial

Result ---- mass drop in number of people hacking or even being computer litterate thus solving the problem

Method 3--- Ban the use of electricity in any way shape or form (including batterys)

Result ---- Instant stop to password fraud and will set the world back to the middle ages

Method 4--- Don't use a password at all

Result --- This has worked for me in the past when I have not set up a password for something and it still asks you for one (I spend 2 hours typing every password I could remember only to find out that all I had to do was hit enter

)

The real answer is that as long as there are locks there will be somebody trying to pick them so you are onto a looser just make your property to difficult to bother with and the thieves will move onto an easier target

A long time ago I had an idea for a method to make good long passwords so try this

Take 4/5/6 easily remembered words of the same length and remember them in order as below (simplified for demo)

Bocker
Family
always
good12

now read down instead of across giving you
BFAGoalocmwokiadely1rys2

But instead of just typing it hit caps lock every other line to give

bfagOALOcmwoKIADely1RYS2

Now show me a hacker that can get that one and Bill Gates will already employ him

Jason

Locky · « **Reply #6 on:** May 04, 2011, 08:34:56 PM »

I didnt think this was a widespread problem.

I thought it is more that systems containing data gets hacked (sony's recent problem for example) and people being fooled by the emails or other scams asking for data.

I cant beleive the number of idiots...YES IDIOTS I see on facebook that have given their details to a page saying it will reveal who views your profile or something similar.

1. These are lies and you've just given your details to a 3rd party so well done for that.
2. IDIOTS!

I might as well make a webpage that says give me your card details and I will give you ten pounds. Are people really that stupid?

Kiwi · « **Reply #7 on:** May 04, 2011, 08:49:40 PM »

In return those system and databases are protected by passwords. if you have enough computing power looking at cost vs benefit, you can crack an immense password in a matter of days. something like the soney hack has a hooge benefit for the hacker so spending a million or two on computing power is justified.

jason i recommend you read up on brute force attacks, it might shed some light on your password strategy.

Jason · « **Reply #8 on:** May 04, 2011, 08:57:28 PM »

Yes they are Locky

If you stuck your website up you would probably get at least 1000 hits and basicly most scams work on the old fasioned method

This is so simple that it hurts

You can only con a greedy man

Most people will jump through hoops to get a freebee and loose sight of what they are doing

There is a minority that still don't understand and will happily reply to an email if it looks like it comes from their bank etc
But these people are not always idiots they just have less knowledge of computers than others

I service and repair my own cars and am always amazed when someone can't even find the right hole to pour the oil into but they are not idiots just can't be bothered to learn until the oil light flashes and they need a new engine
To me they are idiots to the average person they are normal

As far as Facebook is concerned I agree with Locky I am always amazed how many people post things like
I live at ************* (Full Address)
I bought a new super TV 60" and cost a bomb
It goes well with my £3000 sterio set up and my £2000 games system
We are going to Spain for 2 weeks next week

There must be people out there with there crowbar just waiting

Now that is stupid

Jason

Locky · « **Reply #9 on:** May 04, 2011, 09:05:04 PM »

Hey now...so it was you who took my 60" telly!

Kiwi · « **Reply #10 on:** May 04, 2011, 09:06:34 PM »

no it was mee!!! mwahahahahahaah

< the only laughing emote there doesnt look very menacing but it will have to do

Jason · « **Reply #11 on:** May 04, 2011, 09:17:37 PM »

Now Locky please tell me you didn't tell everyone on Facebook about your telly

And yes it looks lovely in my lounge mate but it will only pick up BBC Wales

Yep your right there Kiwi we need an Evil Laugh Smiley

Jason

Kiwi · « **Reply #12 on:** May 04, 2011, 09:32:02 PM »

Locky · « **Reply #13 on:** May 04, 2011, 09:37:07 PM »

my cat aswell!

Pro-Jump PowerBocking Jumping Stilts Forum - Community for Power bocking / Pro Jumping!

News: