What's new

Stealing Neighbors Bandwith

cb91710

cb91710

Tony Miller said:
Slightly off topic but since al the computer experts seem to be here I'll ask. Just how random are randomly generated passwords?

For example. we had forgot a password from a major department store rewards program. We requested a password to log in so we could reset a new one. It gave us about a 10 digit sequence of numbers and letters, some cap, some lower case. It also happened to be the exact same password a company gave us for a router login when we were updating our network just 3 weeks earlier.

How can that happen?
Click to expand...

I would have bought a lottery ticket.
That is an incredible coincidence, especially considering the passwords were from two different companies, and for two different products.

And this is where I don't understand how more complex passwords are "stronger"

Ignoring simple words from the dictionary, how is mY48r&eThrO2%* any more secure than 11111111111111?
I understand that the first is harder to guess, and more secure from a brute force attack, but I intentionally made the 2nd one ludicrously simple to show the point... I could have used any 14-character term.

Yes, the first contains random upper case and lower case, numbers, and three special characters.... but from a hackers viewpoint, he has a blank.
He doesn't know whether my password has 3 characters or 23 (other than network policy dictating a minimum of 8).
He doesn't know if my password is alpha, numeric, alphanumeric, has special characters, or has upper case (other than network policy dictating that the password contain one or more of each).

It's all ones and zeros.
What is the difference in attempting to guess or hack:

mY48r&eThrO2%*
my48r&ethro2%*
my48r5ethro252
myhbrsethroszs
mybrothersnose

I get it, if the hacker knows the password is 14 lower case letters, he can limit his search to 14 character combinations comprised of lower case letters and make quick work of it... but he doesn't know that.

I read a network security article a couple of years ago that touched on this. It said that complex passwords only make passwords difficult to remember, which leads to poor security tactics such as using the same password for multiple accounts, or storing passwords in an online "wallet" or even worse, plain text file. It suggested that the best passwords are nonsense phrases such as H*rse42W*n1D*ggie. All special characters substitute for the same vowel, each word is capitalized, and the entire password forms a rather silly sentence, making it easy to remember, yet just as hard to hack as J*dtk42G%g1D&ttob... which I defy anyone to remember :wink:
 
S

shaveitoff

Tony Miller said:
Slightly off topic but since al the computer experts seem to be here I'll ask. Just how random are randomly generated passwords?

For example. we had forgot a password from a major department store rewards program. We requested a password to log in so we could reset a new one. It gave us about a 10 digit sequence of numbers and letters, some cap, some lower case. It also happened to be the exact same password a company gave us for a router login when we were updating our network just 3 weeks earlier.

How can that happen?
Click to expand...

How random it is depends on the source generating it. I just found this site the other day.

http://www.random.org/passwords/

Its whole purpose is randmoness.
 
S

skip

Yarr.

Basic wifi security:
1. Do NOT broadcast your network name (SSID).
2. Use wpa2
3. Change the password every few weeks.

It literally takes look less than 2 minutes to get past wep encryption. Some people like wardriving for the fun of it. Others have different intentions. Black and White hats.
 
August West

August West

skip said:
Yarr.

Basic wifi security:
1. Do NOT broadcast your network name (SSID).
2. Use wpa2
3. Change the password every few weeks.

It literally takes look less than 2 minutes to get past wep encryption. Some people like wardriving for the fun of it. Others have different intentions. Black and White hats.
Click to expand...

I am totally on board with #2 and #3. I never saw the option for #1 in my router/computer settings.
 
August West

August West

cb91710 said:
I would have bought a lottery ticket.
That is an incredible coincidence, especially considering the passwords were from two different companies, and for two different products.

And this is where I don't understand how more complex passwords are "stronger"

Ignoring simple words from the dictionary, how is mY48r&eThrO2%* any more secure than 11111111111111?
I understand that the first is harder to guess, and more secure from a brute force attack, but I intentionally made the 2nd one ludicrously simple to show the point... I could have used any 14-character term.

Yes, the first contains random upper case and lower case, numbers, and three special characters.... but from a hackers viewpoint, he has a blank.
He doesn't know whether my password has 3 characters or 23 (other than network policy dictating a minimum of 8).
He doesn't know if my password is alpha, numeric, alphanumeric, has special characters, or has upper case (other than network policy dictating that the password contain one or more of each).

It's all ones and zeros.
What is the difference in attempting to guess or hack:

mY48r&eThrO2%*
my48r&ethro2%*
my48r5ethro252
myhbrsethroszs
mybrothersnose

I get it, if the hacker knows the password is 14 lower case letters, he can limit his search to 14 character combinations comprised of lower case letters and make quick work of it... but he doesn't know that.

I read a network security article a couple of years ago that touched on this. It said that complex passwords only make passwords difficult to remember, which leads to poor security tactics such as using the same password for multiple accounts, or storing passwords in an online "wallet" or even worse, plain text file. It suggested that the best passwords are nonsense phrases such as H*rse42W*n1D*ggie. All special characters substitute for the same vowel, each word is capitalized, and the entire password forms a rather silly sentence, making it easy to remember, yet just as hard to hack as J*dtk42G%g1D&ttob... which I defy anyone to remember :wink:
Click to expand...

I am glad you are on our side Rich.
 
Toothpick

Toothpick

Needs milk and a bidet!
Staff member
I've broken the number 1 rule...I've got 3 pages at my desk full of all my passwords for various websites and things.
With each website having different guidelines for their passwords I don't see how anyone remembers them all.

Website A will tell you it must contain 1 uppercase and a number and be minimum of 8 characters but can't contain any special characters
Website B will tell you it must contain 1 uppercase and one number and one special character and a minimum of 6 characters
Website C will tell you it must contain 1 uppercase one lower case one number a special character and a minimum of 7 characters

And they all will tell you that you can not use any of your previous passwords when you reset it.

so really...how the heck can you remember your passwords. Especially when pretty much every website wants you to register to use the site.

AND THEN if you use any passwords at work for things like Outlook or company web portals you've now got your business passwords to remember as well as your personal passwords.

Personally I can't wait for the day that the password as we know it dies. It's time to move on. Fingerprints, eye scans, voice recognition....I'll embrace any of them at this point.
 
cb91710

cb91710

August West said:
I am glad you are on our side Rich.
Click to expand...

Ya... I could really....

Mess up your traffic signals :wink:

My office:

$TMC-730-1.jpg

That's John the intern.
He doesn't stutter.
 
Lockedin

Lockedin

AABCDS said:
Change the network name and set it so the router doesn't broadcast the network name so someone can't connect unless they know the network name. Matthew's suggestion is good too.
Click to expand...

+1

as well as all of the suggestions to switch to WPA2


as far as passwords go - a long, random appearing are great ideas - and use special characters if allowed. ex:

tH!3ving*nEiGh80r

If you blur your eyes a bit, it spells "Thieving*Neighbor" - long, random strings and phrases like that are exponentially harder to crack

You might want to write it on a piece of tape and put that on the bottom of the router.


Speaking to him about it might be an option, though I understand that this is a single woman and that might not be the best idea...
 
StillShaving

StillShaving

cb91710 said:
I would have bought a lottery ticket.
That is an incredible coincidence, especially considering the passwords were from two different companies, and for two different products.

And this is where I don't understand how more complex passwords are "stronger"

Ignoring simple words from the dictionary, how is mY48r&eThrO2%* any more secure than 11111111111111?
I understand that the first is harder to guess, and more secure from a brute force attack, but I intentionally made the 2nd one ludicrously simple to show the point... I could have used any 14-character term.

Yes, the first contains random upper case and lower case, numbers, and three special characters.... but from a hackers viewpoint, he has a blank.
He doesn't know whether my password has 3 characters or 23 (other than network policy dictating a minimum of 8).
He doesn't know if my password is alpha, numeric, alphanumeric, has special characters, or has upper case (other than network policy dictating that the password contain one or more of each).

It's all ones and zeros.
What is the difference in attempting to guess or hack:

mY48r&eThrO2%*
my48r&ethro2%*
my48r5ethro252
myhbrsethroszs
mybrothersnose

I get it, if the hacker knows the password is 14 lower case letters, he can limit his search to 14 character combinations comprised of lower case letters and make quick work of it... but he doesn't know that.

I read a network security article a couple of years ago that touched on this. It said that complex passwords only make passwords difficult to remember, which leads to poor security tactics such as using the same password for multiple accounts, or storing passwords in an online "wallet" or even worse, plain text file. It suggested that the best passwords are nonsense phrases such as H*rse42W*n1D*ggie. All special characters substitute for the same vowel, each word is capitalized, and the entire password forms a rather silly sentence, making it easy to remember, yet just as hard to hack as J*dtk42G%g1D&ttob... which I defy anyone to remember :wink:
Click to expand...

I agree that these complex passwords are impossible to remember. I use an encrypted data store like keepass to store them, and only remember a few.

I think you pretty much answer your question, that by using special characters, mixed case, alphanumeric, increases the set of potential values for a given password length. Making it less vulnerable to recovery in a brute force attack. I am no expert but after breaches like the gawker password file leak, hackers got access to millions of real world passwords which they used to fine time their brute force approaches. e.g. where to start guessing first. Which to my understanding makes " mY48r&eThrO2%*" better than the others in that list. Since even requiring a mixed case as compared to just lower case greatly increases the number of potential values. And that is before mixing in numbers and special characters.
 
cb91710

cb91710

August West said:
Shouldn't he be getting your coffee.
Click to expand...

Never actually asked him for that.
Never actually asked him for anything.
Never actually asked for him. :confused1
We brought him in as a favor to one of the supervisors to give him something to do during the summer and to get something on his resume before getting his mechanical engineering degree.
He was one semester away, and I do not have high hopes... boss asked him to remove a flat-screen mount and replace it with a whiteboard.
He had no clue where to begin.

But such is what you get for free, and he actually did do some useful work transferring our fiber optic system from a hand-written book into Excel.
 
You must log in or register to reply here.

Similar threads

Joezamboni
The heck and want to do
Replies
11
Views
2K
H4nk
H4nk
Mr. Shavington
Are We Luddites?
2 3
Replies
56
Views
3K
Alum Ladd
Alum Ladd
SliceOfLife
Every main character in the office was a deeply flawed person who is arguably unlikeable
Replies
13
Views
1K
The Knize
The Knize
M
Experience of a brand new wetshaver
Replies
15
Views
1K
wes1953
wes1953
Star_Wahl_Clipper_Treker
Ray-Ban Predator 2 Grey Polarized Lenses Black Nylon Frame Shades
2
Replies
33
Views
4K
BradWorld
BradWorld
Top Bottom