Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
molaram346038dI have 5 different "levels" of passwords based on the importance of the account, eg shit sites get a shitty password that's easy and fast to type, banking and shit gets the toughest mother fucking passwords you'd need a quantum computer to crack.
Funny part is even my simplest passwords never actually got brute-forced BUT the websites got hacked or leaked or sold the info so they got into my accounts on a few other sites where i used the same shitty password - no harm done they were shit anyway...
My point is even if you have the most complex password ever (like what your gf moaned the first time you pushed her mud upstairs?), if you use the same password everywhere you will eventually get fucked.
molaram346038d...Best way to deal with this shit? a different COMPLEX password for each single account of any kind you have. Even better if you can use a different email address, like, buy a bunch of domains, set up catch-all accounts, forward all into a central mailbox and just use a different email/domain on every account. And if you're like me (92385927359279345 accounts everyfuckingwhere), good luck remembering all the emails and pwds dumbass.
Also, MFA works and anyone who builds a web app without MFA should suck cocks in hell.
And speaking of MFA, fuck devise: it took me less time to roll out my own solution including 100% coverage than it took to get devise to work with the most basic options.
Also, FUCK those password management apps, none actually works all the way. It either doesn't work at all on a device, or doesn't sync, or doesn't work on some browser or just crashes or costs more than getting a testicle transplant.
I get pissed if I can't have at least a 40 character password. I don't know any of them. They all reside on encrypted, triple redundant stores. The only key I know is the 30 character master encryption key.
Fast-Nop2799938dI use 20 character random passwords, and a different one for each website. How I remember them? I don't, I let the browser do this work.
It's not even about the password cracker. That's where we are making things complex for no reason.
It's about math:
If the character set is for example [a-c] (a,b,c)
You can make this 4 letter password:
To calculate all possibilities you do:
size_of_character_set raised to length_of_password
That is: 3^4 = 81
If you add two new characters like "d" and "e" it will be: 5^4 = 625
But if you increase the length by two instead it will be: 3^6 = 729
See the difference? By increasing the length you get more password possibilities than by increasing the characters you have to choose from.
TL;DR; ask users to make long passwords instead of complex ones. (minimum 8? Maybe 10? 🤔)
(I wrote this on my phone sorry if there's errors)
cafebabe17438dMFA is retarded. you used to need to find one password to get into an account. now because MFA can lockout user completely they needed some fallback, so they issue 10 keys ~10 chars in hex.
so now attackers have 10x more chance of a shot + knowing the exact format of the recovery key
A password resembling actual passwords I usually use:
So long AND complex.
CanisVenatici1538dImho just use very long passwords to inflate bit entropy. Even a standard/silly phrase with some mixed numbers/capitalized letters. Just avoid trivial substitution.