SolarWinds hackers have a clever way to bypass multi factor authentication

Jump to latest Follow Reply
Status
You're currently viewing only Abhi Beckert's posts. Click here to go back to viewing the entire thread.
Muted (0)
Sort by date Sort by votes
Abhi Beckert

Abhi Beckert

Ars Tribunus Angusticlavius
8,981
  • #50
    DDopson said:
    I used to memorize random passwords like bahopre3[...] Something like "purple dog flowers" or "social squash Augustus" is trivially easy to remember, but surprisingly difficult to brute-force. If there are 1000 common English words[...]
    Click to expand...
    Your short random password is is 36^8, or 2 821 109 907 456 possible combinations.

    Your passphrase is 1000^3 or 1 000 000 000 combinations.

    Really neither one has acceptable entropy, but the passphrase is clearly worse.

    If you made the password just a bit longer, maybe some mixed case or symbols and don't just slap a number on the end it should be in the middle, that would be the way to go.

    Also, the use case matters - is your password stored in a plain text database somewhere? That can be compromised no matter how strong and you better not use it elsewhere. If it's only ever used as a decryption for password vault software with a good key derivation function? Nobody's going to crack even a fairly weak password in that scenario.

    The FBI required months and millions of dollars to crack the san burnidino iphone which was only six digits (or possibly four digits?). Only high value targets will ever face that level of effort.

    Passwords are hard. There is no simple solution that is secure... you really need to use password management software and even then know what you're doing.
     
    Upvote
    -4 (5 / -9)
    You must log in or register to reply here.
    Status
    You're currently viewing only Abhi Beckert's posts. Click here to go back to viewing the entire thread.
    Jump to latest Follow Reply
    Jump to latest Follow Reply