“A man chooses; a slave obeys.” | “Want HardMode? Play Ranger!”
[iR] EASY Account Security for PW
“A man chooses; a slave obeys.” | “Want HardMode? Play Ranger!”
I have many hundreds of passwords. Most are 20+ chars. I’m going to need a lot of paper.
If you want secure passwords, get a password manager. No other option really.
There are may PWManager programs that use 1 pw to store multiple ones, but thats Digital, so Hackable. Real Paper only visible for you and whoever gets it (family members, robbers.)
This option is for those who have trouble with making and remember their PW.
“A man chooses; a slave obeys.” | “Want HardMode? Play Ranger!”
I know your passwords now. I suggest you delete that image.
I was going to post a wall of text explaining why none of your passwords for sites even matter but I’m going to say this simply: Hackers don’t care about a users password, they’re not trying to get YOUR account (except for games), they’re trying to get the database on the servers so they can get ALL OF THE ACCOUNTS, not so they can take your account, but so they can take your personal info and MAKE accounts elsewhere with them to get ALL YOUR MONEY!
Anyway, any “easy account security” is already hackable, that’s why that image and technique got posted. It was created by someone that already has the algorithm in place to use it…
Use a password manager or write them down, whichever makes you FEEL more secure – feel because nothing is going to make your account secure in the slightest.
I was going to post a wall of text explaining why none of your passwords for sites even matter but I’m going to say this simply: Hackers don’t care about a users password, they’re not trying to get YOUR account (except for games), they’re trying to get the database on the servers so they can get ALL OF THE ACCOUNTS, not so they can take your account, but so they can take your personal info and MAKE accounts elsewhere with them to get ALL YOUR MONEY!
Anyway, any “easy account security” is already hackable, that’s why that image and technique got posted. It was created by someone that already has the algorithm in place to use it…
Use a password manager or write them down, whichever makes you FEEL more secure – feel because nothing is going to make your account secure in the slightest.
Most things are secure with passwords due to diminishing returns. If it is easy to get 10 people who thing the word password is clever then the person who uses any even slightly better is not as much at risk.
Puppy is right about how the real hackers do the job.
Can we defend that? No. ArenaNet Can, Have to, Must do that.
So all we can is trust.
In other hands, the offical statement was “Please make a strong password for yourself…”, and don’t forget it.
so you can help yourself now
“A man chooses; a slave obeys.” | “Want HardMode? Play Ranger!”
Whatever you do….make your password at LEAST 10 characters (if not 12 or more).
- A modern i5 based computer (not even a real good one) can list all the possible 8 character combinations (both letters, numbers and punctuation ) in less than 24 hours.
- The same computer would take over 5 years to list all the combinations of a 12 character password if it is just lower case letters.
Do NOT use the same password for different sites (the most common way sites are compromised these days) and I suggest setting up email aliases for logins to very critical websites.
Fate is just the weight of circumstances
That’s the way that lady luck dances
(edited by Brother Grimm.5176)
This is a very simple methood I’ve made for myself, and worked perfectly so far.
With this, your PW is:
- unguessable
- & you can manage ALL of your different accounts.
Additional Advice:
- keep the print close to you in case you’re not quicklogging,
- keep a synced copy somewhere hidden/safe, aka treasure trove
- keep the color-codes in your mind, don’t write it down
Hope it helps. Shared only for the “greater good”!
Your “password” there has a length of 35 and each of those 35 units can be any of 36 different symbols. That is plenty. However, if someone has access to your precious paper, your password is reduced to having a length of 4 with 8 possible symbols (accounting for direction of your strings), giving you 9 bits of entrophy. You would have a better password at 13 bits of entrophy if you went to Diceware and picked a single random word.
Some people would be able and willing to store them in a physical medium only. That makes them safer from hacking but more vulnerable to physical harm. Your fancy password isn’t much use if someone throws them away or spills coffee on them. And if you happen to have a particularly mean sibling living in the house, you could easily end up being “hacked” for something like this.
Most people would instead store them in a file on your PC or on an external memory. The former is vulnerable to hacking and thus your password is reduced to the aforementioned uselessness, whereas the latter is vulnerable to time factors and simple hardware failures.
And of course, all the measures in the world will not help you whatsoever if a hacker happens to find an exploitable vulnerability in the encryption used, as that will pretty much spill the passwords to them as is. Which is exactly what most of them are trying to do.
As the ah-so-popular xkcd comic shows, it is very easy to have a password that is difficult to guess but easy to remember.
(edited by Olba.5376)
As I’ve said, everything in Digital format is Hackable. Your pendrive on table can be scanned too. So don’t trust in digital storing that mutch.
And I wouldn’t trust in any kind of logical password, where words are used.
It has a reason why essential key-codes are actual Codes. Generate yours.
“A man chooses; a slave obeys.” | “Want HardMode? Play Ranger!”
As I’ve said, everything in Digital format is Hackable. Your pendrive on table can be scanned too. So don’t trust in digital storing that mutch.
And I wouldn’t trust in any kind of logical password, where words are used.
It has a reason why essential key-codes are actual Codes. Generate yours.
The thing is, using an alphanumeric password pretty much always leads to repetitive usage. And if you believe that most people would really be using dozens of unique, lengthy alphanumeric passwords, you’re being overly optimistic.
The beauty of something like Diceware is that there is no logic to it unless you give it one. If you pick the words at random (which you can totally do), they are just random picks from a much, much larger pool than mere alphanumerics. An alphanumeric password would have 62 symbols, whereas Diceware’s list has 7776. And as long as you don’t misuse the list (such as making a sentence), that is really all that matters.
The reason people tend to shy away from using words is because to a human, words look logical. But if you were to interpret them like a computer, then they’re literally no different from a number or a letter.
So let’s say this is a password on a paper below my keyboard:
6ZH6-ZW96T2-GGDGS3-6211CQF
What you think, will it be hacked?
Not until they don’t stole it directly.
And thats up to “ArenaNet we Trust.”
“A man chooses; a slave obeys.” | “Want HardMode? Play Ranger!”
I just use KeePass. I generates 20+ random strings for me and I don’t have to write anything down or remember anything.
The database is encrypted with highly secure ciphers so I feel like if someone was able to get into it I woulda been kinda screwed no matter what. I feel like it’s more likely some kitten-hat (;p) would find a paper with hand-written passwords and decide to be a jerk. That’s how most people get “hacked”, anyway.
first level of security) Anet preventing people from getting to player data
second level of security) whatever encryption Anet uses on our data so if hackers did get it they wouldn’t be able to read it
third level of security) how complicated your password is. simple password = easy for them to decypher Anet’s encryption.
if Anet uses really crummy encryption, then short/simple passwords are decrypted almost instantly. complicated ones would likely still be safe. As others have said, hackers want an easy list of as many people’s username/email/passwords as possible. If they steal our passwords and can instantly decrypt 100,000 of them because people used passwords like ‘abc123’, they aren’t going to spend the time to go through everyone else’s one-by-one.
The trick to a complicated password is length. even if it’s all lower-case letters, if you have a 20-digit password, that is far better than 6-character passwords that use more character types, such as ‘aB1@[?’
I like how this place tells you how safe your password is (dont enter your actual password there – try one that’s similar but doesn’t use the same characters): https://howsecureismypassword.net/
(‘aB1@[?’ would take 3 minutes. 20-character all lowercase would take 157 billion years)
Mystic’s Gold Profiting Guide
Forge & more JSON recipes