Main Area and Open Discussion > General Software Discussion

Instantly Increasing Password Strength

<< < (4/6) > >>

4wd:
I protect my digital signature / online-banking stuff with longer passphrases than forum logins,....-f0dder (February 23, 2011, 06:25 PM)
--- End quote ---

Cool!  Now I know I at least have a chance of logging into DoCo as you and donating all your donations to me....mwaahahaha  >:D

f0dder:
I protect my digital signature / online-banking stuff with longer passphrases than forum logins,....-f0dder (February 23, 2011, 06:25 PM)
--- End quote ---

Cool!  Now I know I at least have a chance of logging into DoCo as you and donating all your donations to me....mwaahahaha  >:D
-4wd (February 23, 2011, 08:54 PM)
--- End quote ---
Yeah, it should actually be trivial if you get your hands on the userdb, if it isn't salted :(

Paul Keith:
Anything else done to reduce the complexity or length in order to make it more suitable for human use will reduce the level of security.
--- End quote ---

Not necessarily. As I suggested before in another thread, three way login forms can be very powerful.

You can't mass brute force a photo upload for an image captcha unless you have access to the home storage file already but even then you have to know each users' specific thought process and which personal photo they are using to access something.

Same thing with using QR codes except the problem is cellphones obviously but the more you're inserting custom logins - the harder it is to guess the password. It's also a lot slower. You really have to have a database of things other than texts and you need a fast undetected connection so that you can mass upload all the custom passwords of multiple accounts rather than just quickly auto-type the entries based on guessing one syntax (letters and numbers).

Basically, I'm not a security expert, but IMO if you increase length of entry rather than length of password or complexity of password - it becomes harder to crack obviously since you're telling the cracker to crack multiple access points instead of one hub.

Edit:

One simple example of this is: fake username + fake password + fake e-mail.

Even if you can hack the e-mail, the recipient loses barely anything of importance. But let's say the e-mail username and password is showing a fake "fewer access" profile? Suddenly even if you can cut through the middle, you better be sure the user is logging in into their secure account rather than just giving you access to a limited account. It's basic Linux security who's only weakness is that it's not simple enough yet to create a disposable account as opposed to a guest account for the masses to use.

Gwen7:
Anything else done to reduce the complexity or length in order to make it more suitable for human use will reduce the level of security.
--- End quote ---

Not necessarily.

-Paul Keith (February 24, 2011, 09:36 AM)
--- End quote ---

i'm not a mathematician or a cryptography expert. but i think the experts disagree with you on that point based on what i've read and do understand ;-)

Paul Keith:
Well, the problem with experts is that they often treat security in a vacuum.

That's why they missed defending people against Facebook while some of them were trying to figure out OpenID or some of them can only go so far as thinking cryptographically without having any solution for an easy to decipher master password except for one click logins.

The reason why simplicity is important is because the dumbest users are the ones in need of the best security. I'm not saying I'm unhackable and if you're not an expert, I'm way worse. I don't know anything about cryptography.

I do understand though that my first PC which was on Windows didn't function like Linux or that the guy who set it up didn't give me any better AV than Norton so I feel I get to have an opinion on security when I've experienced the fall and none of those security guys where there to save me from my own stupidity and naivete.

Navigation

[0] Message Index

[#] Next page

[*] Previous page