this post was submitted on 13 Mar 2024
1018 points (96.9% liked)

Memes

45587 readers
2209 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago
MODERATORS
 

Brute force protection

@memes

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 12 points 8 months ago* (last edited 8 months ago) (2 children)

Dictionary attacks have been around for a long time, but It's still quite strong especially if you throw in a number.

A fully random 8 character password has about 10^14 brute force combinations (assuming upper and lower case + the normal special characters). 4 words choosen at random from the top 3000 words (which is a very small vocabulary really) is 10^13 dictionary attack combinations, add a single number or account for variations in word style (I.e maybe don't always use camel case) and you've matched the difficulty. If you use 5 words it's 10^17 combinations.

A password manager and a hard password is a better idea but there are cases where you can't use a password manager (like the password to said manager).

[–] [email protected] 4 points 8 months ago (1 children)

I'm a basic little shit so, I basically use a correct horse + number password for my PW manager

[–] [email protected] 7 points 8 months ago (1 children)

I use a whole sentence with a typo lol

Something like "On March the 3rd of 2012 my dog Billy ate 8€ worrth of schmeggles!“

[–] [email protected] 6 points 8 months ago* (last edited 8 months ago)

Used beginning letters of the words in song verse sprinkled with special characters for the rythm, feels good while typing

[–] [email protected] 1 points 8 months ago

I do a passphrase like the comic followed by 56 characters of gibberish using an https://onlykey.io/ (acts as a USB keyboard) that has a 10 digit pin (6 characters to choose from) and a kill switch pin (if I were ever forced to unlock it). I use this method for my disk encryption, main account login, and password manager.

I also use a https://www.themooltipass.com/ for vendor diversity (4 digit pin but all hex characters). I prefer the onlykey.

I rotate the gibberish monthly and the passphrase 2-3 times a year.

Once a year I change up the pin codes.

I figure that gives me enough entropy from brute force on all my systems with a balanced level of convienence and security. I literally don't know a single one of my passwords.