Security rant ahead - you have been warned.
It never fails to amuse and irritate me that, despite being in the 2019 supposed information age, people still don't understand or care about their security.
I've travelled to a lot of ports and a lot of countries, but, at EVERY port, without fail, there will be at least one wifi that:
- Has default name/password that has been cracked already (Thomson/SpeedTouch/Netfaster etc)
- Has a phone number as password (reduces crack time to 15-30 mins)
- Someone, to this day, has plain old WEP
I am not talking about cafeteria/store wifi but home networks. WTF people?! I can check my email (through VPN, of course) but it still bugs me. I have relented to try and snoop around the network - I can get carried away, which is bad. Still...
The speed is great though :P

The most used password is password

People don't change. In fact, they do, but for worse

8 characters password hash no matter how complex the password is, can be cracked in under 2 hours on GTX 2080Ti

@milkyway Um.... I hope not! Do you have a source by chance? The alphabet + caps + common special characters is like 80 possibilities and 80^8 is 1.68 quadrillion

@FelisPhasma I think they used 8x2080ti https://twitter.com/hashcat/status/...

@milkyway interesting... and good to know! So what is the recommended length for random passwords now?

@milkyway that depends on the type of hash. If one is using a password based key derivation function (pbkdf) with a high enough iteration then that would be highly computational on the cpu

I always get furious when people claim that they have nothing to hide. That's just bullshit and I try my best to get them to realize that they are lying to themselves

@milkyway Depends on the character set though. I've been trying to crack a 4 way handshake(for educational purposes) using hashcat on my gtx 1060( shit card, I know) and it's supposed to take 8 years for a 8 char password containing numbers, lower + uppercase letters and symbols.

@SecFreak Well, until now I never used wifi for more than 30 seconds to 1 minute, tops. And I do know how to keep my ass covered.

But either way, my point is, wifi is still extremely unsecure when it shouldn't be. It is convenient, sure, but implemented so badly, it's no wonder many malicious folks use it as their primary way and tool for almost anything, from attacks to identity theft. And home wifi... if there was ANYONE who cared, they'd have taken at least some measures. I mean, come on, default settings? That's 3-5 minutes of your time to set up. Come on. Even as a passive attacker, one could do incredible damage.

Also, I don't live in the USA. I don't know the laws on that here (I do believe they exist, and they are strict). "Common use" wifi is also on the rise here, but still insecure. Hmmm............