Recent searches

No recent searches

Search options

Only available when logged in.
toad.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mastodon server operated by David Troy, a tech pioneer and investigative journalist addressing threats to democracy. Thoughtful participation and discussion welcome.

Administered by:

Server stats:

273
active users

toad.social: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.1

#passphrase

0 posts0 participants0 posts today
*
Lorry

I am waiting for #AI to get good enough to work out my #PGP passphrases for the last 30 years.

They are only going to be a combination of about 50 words with various capitalisations and probably few filler words.

I don't need them, it just bugs me that without fail, I will forget any PGP #password I set within a year of doing it, and I have piles of the bloody things. Next time I will just backup one with no #passphrase too.

#security #sucks ... Oh, wait, that might be one of the early #keys!

postmodern

I saw this passphrase wordlist project popup. Just like to remind folks that passphrase passwords (ex: correcthorsebatterystapler), even with character substitution, can be enumerated and that GPUs will eventually be able to bruteforce the inevitable password dumps from data breaches. In fact a certain someone wrote up a blog post two years ago showing how you could enumerate all permutations of passphrases using Ruby to build your own custom passphrase wordlists; which of course was met with immediate poo-pooing upon.
#wordlists #passphrase #enumeration #ruby

GitLabinitstring / passphrase-wordlist · GitLabPassphrase wordlist and hashcat rules for offline cracking of long, complex passwords
rita

An alle, mit #Kompetenz im Bereich #IT-#Sicherheit:

• Ist eine "#Passphrase" sicherer als ein "#Password" oder nicht? (Ich habe mal gelernt, dass Einträge aus Wörterbüchern vermieden werden sollen, weil Computer die leicht abgleichen können.)

• Gibt es einen guten Grund dafür, für Anmeldungen (#Login|#daten) eine maximale #Anzahl an Zeichen und eine #Beschränkung auf bestimmte #Zeichen vorzuschreiben? (Egal ob für den #Account, das #Konto, #Benutzer:in oder eben das #Passwort.)

@askfedi_de

Continued thread
Skullvalanche

Now, sometimes there are logins for which a password manager would just be a really cumbersome step. Like, say, logging into your computer. 😅
-
For situations like that I recommend a pass *phrase* rather than trying to do some complex combination of letters and numbers and symbols. Human minds have a much easier time remembering a set of words than they do a jumble of symbols.
-
"I should drink 3.7 liters of water every day" is a very long and complex pass phrase which is easier to memorize than something like "1S&4Zz3(mm$"
-
In fact, I recommend using a pass phrase as the login for your password manager.

#passphrase#passwords#security
Jeremi M Gosney :verified:

Happy #WorldPasswordDay!

I've cracked billions of #passwords from tens of thousands of #data #breaches in the past 12+ years, and because of this, I likely know at least one #password for 90% of people on the Internet. And I'm not alone! While I primarily crack breached passwords for research purposes and the thrill of the sport, others are selling your breached passwords to criminals who leverage them in #AccountTakeover and #CredentialStuffing attacks.

How can you keep your accounts safe?

- Use a #PasswordManager! I recommend @bitwarden and @1password

- Use a #Diceware style #passphrase - four or more words selected at random - for passwords you have to commit to memory, like your master password!

- Enable MFA for important online accounts, including cloud-based password managers!

- Harden your master password by tweaking your password manager's KDF settings! For #Bitwarden, use Argon2id with 64MB memory, 3 iterations, 4 parallelism. For #1Password and other PBKDF2 based password managers, set the iteration count to at least 600,000.

- Use unique, randomly generated passwords for all your accounts! Use your password manager to generate random 14-16 character passwords for everything. Modern password cracking is heavily optimized for human-generated passwords, because humans are highly predictable. Randomness defeats this and forces attackers to resort to incremental brute force! There's no trick you can do to make a secure, uncrackable password on your own - your meat glob will only betray you.

- Use an ad blocker like #uBlock Origin to keep you safe from password-stealing #malware and other browser based threats!

- Don't fall for #phishing attacks and other social engineering attacks! Browser-based password managers help defend against phishing attacks because they'll never autofill your passwords on fake login pages. Think before you click, and never give your passwords to anyone, not even if they offer you chocolate or weed.

- #Enterprises: require ad blockers, invest in an enterprise password management solution, audit password manager logs to ensure employes aren't sharing passwords outside the org, implement a Fine Grained Password Policy that requires a minimum of 20 characters to encourage the use of long passphrases, implement a password filter to block commonly used password patterns and compromised passwords, disable #NTLM authentication and disable RC4 for #Kerberos, disable legacy broadcast protocols like LLMNR and NBT-NS, require mandatory #SMB signing, use Group Managed Service Accounts instead of shared passwords, monitor public data breaches for employee credentials, and crack your own passwords to audit the effectiveness of your password policy and user training!

Continued thread
*
September

In case anyone else is interested on a comparison of passphrases vs. passwords, here is the result.

Number in the top row refers to the number of words in the #wordlist and the hardware used. The number in the first column refers to the number of words in the #passphrase
For comparison the original table for passwords from hive systems.

We assume the attacker knows we use a passphrase and uses a wordlist attack. Other than that method and calculation basis as in: hivesystems.io/blog/are-your-p

September

How did I end up making calculations in a spreadsheet instead of studying now?

I just quickliy wanted to check what the picture about password security, that is currently shared a lot means for the security of #passphrase / #diceware.

Ehm, the Internet in the train was shitty, so I couldn't study! Let's use that as excuse. (He says, hours after exiting the train.)

My camera shoots fascists

A long #passphrase *that you can actually remember* is better than something like: 7#gHB0_=rq)f

I use a password manager but with DJI accounts, I sometimes need to re-login to the account while in the field, so a memorable one is necessary.

The 20 characters DJI limits you to (plus specials, numbers) is okay, but 30 is better. Their minimum is a mere 8!

Whenever there is an upper limit, I always check if the below VERY BAD password is accepted. It always is.

Use long passphrases!

TrendingLive feeds
About