- Twitter account hacked. How?!
I use Oplop to generate passwords – https://oplop.appspot.com/
Basically you put in a keyword in the top field – say singletrackworld, amazon, facebook – whatever you want to call the site you want to generate a password for. In the second box you use a master key.
Then click create password and it generates a string based on an MD5 Hash of 8 characters (as most websites will be happy with that).
Whilst the password is reasonably secure because the password is pretty random you can easily get a reminder by filling in the details again.
The idea being that you use a unique website name and the same master key to generate each password and only have to remember one long, difficult to guess password.
A tip in this respect – use symbols in place of some letters eg:
th1$ismyp@ssword4S1ngletr@ckworld (its not of course but you get the idea).
You can also use something like keepass to store all your passwords. Again – this is locked using a single but very secure password like the one above.Posted 4 years ago
Account hacked and various dodgy emails, PMs and images sent out to loads of people.
How on earth do they do this? My password was pretty bombproof and I hadn’t logged in / out for over a year (never use it). It is linked to my Facebook business page, so there are tweets from my posts on FB – could it have been compromised this way?
Password now changed to something even more bombproof so I’ll forget it in a week…Posted 4 years ago
PrinceJohn – the howsecureismypassword site uses a brute force attack calculation. If you look at the details it does warn that dictionary attacks may be quicker for real words. e.g. it suggests singletrackworld would take 345 thousand years – but clearly that would be worth a guess on this site early on!Posted 4 years ago
I liked xkcd’s take on it: linky
I worked somewhere which required you to use computer generated passwords which got changed every month. They had a format which meant they were only semi-gibberish, but everybody I knew wrote the password down somewhere. As somebody with better than average memory for these sort of things I found that a good way to predict when it was about to require a new password was when I’d finally managed to memorize the current one. Complete failure to understand the weak points in computer security – the irony being that I was working on computer security systems at a far higher level than our corporate systems (I wasn’t even cleared to a high enough level to know who our customers were), yet corporate wouldn’t take the advice of those people who knew better in our department.
I’ve always tried to use symbols & numbers to make them more secure..
See above.Posted 4 years ago
length, length, length.
By making passwords incredibly complex but restricting the length, we merely make them difficult for humans to remember and easier for computers to guess.
But as above, it’s actually unlikely that anyone has brute forced it, what a waste of time that would be. They’ll have taken some alternative route as the hacker highlighted appears to have done.Posted 4 years agochvckMember
I use lastpass for my password needs and it’s pretty good – so long as you trust a third party with all of your passwords. It generates unique passwords for each site for you (complexity as you define) and stores them, does auto-login etc… Them being stored in this way does also mean that you can get at all of your passwords from any device with a browser. Granted, if anyone gets your master password you’re pretty screwed.Posted 4 years agofourbangerMember
poly – Member
Do you use the same password for any other accounts?
How sure are you it is bombproof: https://howsecureismypassword.net
POSTED 10 HOURS AGO # REPORT-POST
This site appears to be based on how many letters you type in. If you keep typing “b”, it goes from cracked instantly to 19 years. I think it’s just stealing passwords.Posted 4 years agob rMember
I select a passwords’ strength based on how important the data stored within the system/site is to me. Therefore for STW it’s ‘unimportant’ and therefore the password is easily remembered for me.
For the bank I use 2FA, while Paypal and the like is strong, but rememberable (sic).Posted 4 years agopurpleyetiMember
But as above, it’s actually unlikely that anyone has brute forced it, what a waste of time that would be. They’ll have taken some alternative route as the hacker highlighted appears to have done.
so not true but hay it’s nice to think that. i compromised an entire network the other day with a very simple password brute force.
although in this instance i would say the chances are either password reuse with the twitter email/password being used on another site that got compromised, or a password reset being forced though a compromised email account. afaik there haven’t been any xss issues in twitter recentlyPosted 4 years agogofasterstripesSubscriber
There is also the issue of Rainbow Tables – lookups of encrypted passwords. It may take 1,000 hour [on what system I wonder] to crack a password, but that don’t mean nuffink if someone’s already saved the answer in a rainbow table – it’s just a lookup.
And there’s the issue of GPUs turning a 1,000 password into a 10 minute one 🙁Posted 4 years agopurpleyetiMember
rainbow tables are only any use once you have the hash though. the time to crack a password hash isn’t just dependent on the password strength it’s also highly dependent on the hashing algorithm used too, things like unixcryp(des) and lanman are case insensitive so cracking them is much quicker then say a linux sha512. also most rainbow tables can be defeated by salting password hashes.Posted 4 years ago
And it gets even more complicated when you’re trying to crack something which uses a unique identifier to formulate the hash, for example wireless encryption. Then you can only build the rainbow tables (which takes a long time), once you have the access point SSID.
For the bank I use 2FA, while Paypal and the like is strong, but rememberable (sic).
You can use 2FA with Paypal now as well.Posted 4 years ago
The topic ‘Twitter account hacked. How?!’ is closed to new replies.