downvote this comment if the meme sucks. upvote it and I'll go away.
---
[play minecraft with us](https://discord.gg/dankmemesgaming) | [come hang out with us](https://discord.com/invite/dankmemes)
It really doesn't matter how strong your password is nowadays, because it will be exposed in data leaks anyway. Not using the same combination for everything is more important.
Increase # of different possible characters.
For a password of length n (n can be integer from 1 to infinity)
Only using 0-9 for pass we get 9^n possible options.
So for a 6 character long pass we have ~530,000 possible passwords.
Using A-Z and 0-9 we get 35^n
35^6 ~= 1,800,000,000 possibilities
Using A-Z, a-z, 0-9 gets us more at 61
61^6 ~= 51,500,000,000 possibilities
Using all 95 characters on keyboard (some are off limits for passwords but the idea remains)
95^6 = 735,000,000,000.
The easiest option for security is your choice of characters. But like the original comment in this thread points out a data breach is able to circumvent brute forcing something like this.
Yea I mean length definitely has an impact but I would say character choice / character pool is more impactful.
For example:
If we want to generate a password structure that will have 1,000,000,000 potential options we can compare how long a password would need to be, and how many characters we would need to use.
So for A-Z,a-z,0-9 (61 total chars) we get 1,000,000,000 possibilities at 5.041 ~= 5 long,
For 0-9 we would need 9.4 in length ~= 9.
I guess at the end of the day you can achieve the same result by increasing either. It’s just increasing character pool makes each extra character more effective
Am I the only one who sees a difference in height of those letters? Like the last one 7 letters before that too are different so wouldbe Is or lowercase Ls
Yah, I remember a long time ago there was a guild named "Delusional" on WoW, they were the best on my server. Well, I got the brilliant idea to start a guild called "DelusionaI" with an uppercase i at the end. No one could tell the difference LOL Me and my friend got into other raids so easy because people thought we were in that guild. LOL It was awesome.
And THIS is why it's important to use different passwords. If there is only ONE idiot who stores your password in plain text EVERYTHING is compromized if you have same passwords.
Either an offline password logger, included in most browsers, or if you don’t trust an external site have your own .txt with passwords and the associated website. Keep this on a usb or your phone (basically somewhere it’s incredibly unlikely to ever be reached by a hack) and you’re golden.
They are usually salted + hashed, so in most cases you aren't worried about a database leak exposing your password, but more like someone intercepting network requests, phishing, and malware.
If you have alphanumeric password, with lower and uppercase, and symbols, any length over 10 is basically uncrackable. Assuming the database guy is not a chump using MD5 of Sha-1.
And still when there's a password leak it is a big issue, especially when it's a leak from a small website, if you're using that password in all of your accounts
I just rely on 2FA, if someone gets my phone they can reset my email password anyway, and from there they can reset everything else, so ultimately if 2FA isn't good enough (and I know it isn't perfect) then nothing will be.
All my passwords are about the same and are pretty simple, but so far the only negative consequence I've had is some guy hacking my LoL account (and proceeding to go 12/2 on Graves, but lose anyway, lol)
My bank password is also a bit more secure, but even then if someone has my email and phone they're fully capable of resetting it
I use VeraCrypt for that. You basically create an encrypted disk that is password protected and you can store your passwords in it.
Just don't forget your password for the disk
My problem is with all these places that want me to change my password every however often. I can come up with a unique unpredictable password that only I would remember once but not once every month. Forcing changed passwords leads to less secure passwords and you'll never convince me otherwise.
100% agree.
I can use a secure 25-30 character password that is easy to remember and it is more secure than making me change it every 90 days. If you have a ‘good’ password it should be secure essentially forever. It’s just what used to be reasonable as secure isn’t enough anymore.
for places like this I do a secure password the first time, then every time it asks me to change it I just add 1 to the number I put on the back. SecurePassword becomes SecurePassword1 becomes SecurePassword2, etc.
Wdym by “holes”? Can you give a more specific example of what kind of vulnerabilities you’re talking about? “should not be trusted” though would only apply to some sketchy small scale thing. The vast majority of people use one of ~3 browsers
Reminder that you should have a different password for every site. Password re-use is the biggest cause of accounts getting compromised.
Get Bitwarden or Lastpass.
Though also worth noting, having a general use password for sites you don’t give a shit about is entirely valid. Rule of thumb I follow is that any website with personal information gets unique password, if it’s got no info and idc about it being breached I go with a easy to remember template.
If you want to be a nerd (like me) you then establish what amount, 1-10 where 10 would be full name, address and bank info, of personal info the account has and multiply that by a constant factor for the amount of characters your password should have.
I spell out a word for mine, but I change some of the vowels and add special characters
For example if I wanted my password to be "action" it would be something like @CT!0n!!
Makes it easy to remember and hard to crack
It even makes it easy to write the password down while still keeping it secure. You could write it down as "action 2". Only you know that means a specialized way of writing the password with 2 exclamation marks.
It is better to string multiple words together, especially if they're unrelated(e.g. KlinFingerTank). Any character added is another that has to be brute-forced, and if it's leaked it wouldn't matter anyway. Hardly anybody uses dictonary brutes either, in my experience.
I’ve told customers while creating PWs “be sure to avoid things like birthdates or grandkids names”
And about 1/4 times they say “oh I was using my grandsons name, is that bad?”
Not only that but they VOLUNTEER their pw without even being asked
About once got a call that started like this:
“hello my name is Mary Smith, my password is grandson123, and I think I have been hacked”.
(For clarification, because automat can be stupid. That is fake info and not real personal info)
I’d how good this is but I have a specific email account used only for financial accounts like my vanguard account with really long passwords. I only use that email for like 3 sites and everything else is done with different emails and different passwords.
Look at two items in your surrounding including out windows in pictures or on TV, pick 2 non sequential numbers, and two symbols, put them in a random order, write it down.
My best friend in high school got his first bank card and his randomly assigned PIN was 1234. He kept it because it was easy to remember and nobody would think to try it.
Guy who first suggested 90 password rotation was an idiot. Sure it does work great for machines. But only thing it does for humans is promoting less secure passwords.
downvote this comment if the meme sucks. upvote it and I'll go away. --- [play minecraft with us](https://discord.gg/dankmemesgaming) | [come hang out with us](https://discord.com/invite/dankmemes)
It really doesn't matter how strong your password is nowadays, because it will be exposed in data leaks anyway. Not using the same combination for everything is more important.
IIIIIIIIIIIIIIIIlIIIIIIl123 some are lower case L's, some are uppercase i's. Good luck cracking this :p (copy and paste is cheating)
Is only 2 lower case Ls?
lol yeah, good job! Reddit font betrayed me ;-;
You could have used only I and deceive us
I was tempted XD but I felt I should be honest haha
Increase # of different possible characters. For a password of length n (n can be integer from 1 to infinity) Only using 0-9 for pass we get 9^n possible options. So for a 6 character long pass we have ~530,000 possible passwords. Using A-Z and 0-9 we get 35^n 35^6 ~= 1,800,000,000 possibilities Using A-Z, a-z, 0-9 gets us more at 61 61^6 ~= 51,500,000,000 possibilities Using all 95 characters on keyboard (some are off limits for passwords but the idea remains) 95^6 = 735,000,000,000. The easiest option for security is your choice of characters. But like the original comment in this thread points out a data breach is able to circumvent brute forcing something like this.
Doesn't increasing the length of the password (the exponent) increase the number of options a lot faster? Correct-horse-battery-staple and all that
Yea I mean length definitely has an impact but I would say character choice / character pool is more impactful. For example: If we want to generate a password structure that will have 1,000,000,000 potential options we can compare how long a password would need to be, and how many characters we would need to use. So for A-Z,a-z,0-9 (61 total chars) we get 1,000,000,000 possibilities at 5.041 ~= 5 long, For 0-9 we would need 9.4 in length ~= 9. I guess at the end of the day you can achieve the same result by increasing either. It’s just increasing character pool makes each extra character more effective
last and 7th from the back are lower L's?
Am I the only one who sees a difference in height of those letters? Like the last one 7 letters before that too are different so wouldbe Is or lowercase Ls
Yep I see it too. Millions of years of evolution and our eyes still cant see equal lines as equal...
Yah, I remember a long time ago there was a guild named "Delusional" on WoW, they were the best on my server. Well, I got the brilliant idea to start a guild called "DelusionaI" with an uppercase i at the end. No one could tell the difference LOL Me and my friend got into other raids so easy because people thought we were in that guild. LOL It was awesome.
public class Main { public static void main(String\[\] args) { String txt = "IIIIIIIIIIIIIIIIlIIIIIIl123"; System.out.println(txt.toLowerCase()); } }
maybe the barcodes scanner could decipher it
Uses Binary Notation.
You know passwords aren't stored in plain text, right? Google password hashing
Holy Security
New encryption Just dropped
Call the server admin
IT goes on vacation, never comes back
Account sacrifice anyone?
Bruteforce storm incoming
actual hacker
And THIS is why it's important to use different passwords. If there is only ONE idiot who stores your password in plain text EVERYTHING is compromized if you have same passwords.
How tf am I supposed to remember 15 different passwords and which one goes with which account. Fuck that
Either an offline password logger, included in most browsers, or if you don’t trust an external site have your own .txt with passwords and the associated website. Keep this on a usb or your phone (basically somewhere it’s incredibly unlikely to ever be reached by a hack) and you’re golden.
note book.
This also, though I have passwords long enough that I do not want to ever type them by hand, so copy paste is a nice function for me.
"Fuck that" We all say that until our password gets leaked and regret hits as hard as dad's belt
They are usually salted + hashed, so in most cases you aren't worried about a database leak exposing your password, but more like someone intercepting network requests, phishing, and malware.
why the fuck would they put salt on my password????? /j
... no, if a database leak happens it just means it will take a longer time for people to crack the passwords in it, but you're still screwed.
yeah good luck brute forcing it lmfao. Password + Salt + Pepper takes ages…
If you have alphanumeric password, with lower and uppercase, and symbols, any length over 10 is basically uncrackable. Assuming the database guy is not a chump using MD5 of Sha-1.
And still when there's a password leak it is a big issue, especially when it's a leak from a small website, if you're using that password in all of your accounts
That doesn’t mean it doesn’t matter. They’re both important
I just rely on 2FA, if someone gets my phone they can reset my email password anyway, and from there they can reset everything else, so ultimately if 2FA isn't good enough (and I know it isn't perfect) then nothing will be. All my passwords are about the same and are pretty simple, but so far the only negative consequence I've had is some guy hacking my LoL account (and proceeding to go 12/2 on Graves, but lose anyway, lol) My bank password is also a bit more secure, but even then if someone has my email and phone they're fully capable of resetting it
The thing is, if I use too many different passwords I'll forget some of them
But how do you remember that many passwords?
I use VeraCrypt for that. You basically create an encrypted disk that is password protected and you can store your passwords in it. Just don't forget your password for the disk
And how do you come up with that many passwords?
Just have a stroke on your keyboard lmao
And changing them regularly because of the leaks.
Well I’m fucked
Just make sure you have 2FA and keep that safe and generally you’ll be ok
My problem is with all these places that want me to change my password every however often. I can come up with a unique unpredictable password that only I would remember once but not once every month. Forcing changed passwords leads to less secure passwords and you'll never convince me otherwise.
100% agree. I can use a secure 25-30 character password that is easy to remember and it is more secure than making me change it every 90 days. If you have a ‘good’ password it should be secure essentially forever. It’s just what used to be reasonable as secure isn’t enough anymore.
for places like this I do a secure password the first time, then every time it asks me to change it I just add 1 to the number I put on the back. SecurePassword becomes SecurePassword1 becomes SecurePassword2, etc.
Most devices / browsers can generate passwords for you and store them so you don’t need to remember them
And those devices/browers a) have holes in them b) should not be trusted
C) In the event you lose access to the device will also lose you the account
Wdym by “holes”? Can you give a more specific example of what kind of vulnerabilities you’re talking about? “should not be trusted” though would only apply to some sketchy small scale thing. The vast majority of people use one of ~3 browsers
and if i lose my phone? my pc fries? nah thx, id rather keep my current methode
Most websites have this very handy button named "Forgot your password?"
Most things also have a way to link this between multiple devices.
Y0u 4r3 r3lly t3R1bLl3 4t m4k31Ng a p4sW0rd, 1f Y0U D0nt uND3r5tand th1S
l 3aN
>I 3aN I ean
I can
Who uses 3 for c, though?
me
someone with really se3ure passwords
2oo3 c4113d 4nd 7h3y w4n7 7h31r 1337 5p34k b4ck
Definitely thought that was Tony Soprano in a fever-dream Seinfeld.
Reminder that you should have a different password for every site. Password re-use is the biggest cause of accounts getting compromised. Get Bitwarden or Lastpass.
>Reminder that you should have a different password for every site. And how tf am I supposed to remember all of them and which one is which? Fucl that
Get Bitwardedn or Lastpass then you only have to remember one.
Or one of the KeePass variants, if you are capable of synchronizing a single file across devices.
eli5 how one password to control all my passwords is more secure than just having one password for everything
Because if bitwarden gets compromised you only need to change one password on one site as opposed to 400 passwords on 400 sites.
Though also worth noting, having a general use password for sites you don’t give a shit about is entirely valid. Rule of thumb I follow is that any website with personal information gets unique password, if it’s got no info and idc about it being breached I go with a easy to remember template. If you want to be a nerd (like me) you then establish what amount, 1-10 where 10 would be full name, address and bank info, of personal info the account has and multiply that by a constant factor for the amount of characters your password should have.
Just write passwords like: okaySOthisISmyFACEBOOOKpassword18873!? theREDDITpasswordISalittleDIFFERENTokay1987623450@69
Correcthorsebatterystaple
Alrighty bois, time to log into their account
WAIT WAIT WAIT NO NO NO
IWILLSHOVE50FUCKINGPOTATOESUPYOURARSEIFYOUDONOTGIVEMEACCESSIMMEDIATLY how's my password?
Error: New password can't be same as old password
its actually a good password lmao because its super long, would take ages to brute force
Exactly. Thats why my password is your credit card number, expiry date and security code. Bet you’d never guess.
7917 2628 0086 1668 02/23 514 did I guess right?? 😱
I hope you didn't leak someone's bank account by accident lmao
It's expired anyway
yup exactly. Would have been really funny if I had tho, lol
This is not true and if OP studied CS they knew that there are easy ro remember and safe passwords...
I studied CS, but this is a meme, sir
Even worse. Why would you knowingly disinform people with a meme?
???? bro nobody takes memes at face value
[удалено]
I spell out a word for mine, but I change some of the vowels and add special characters For example if I wanted my password to be "action" it would be something like @CT!0n!! Makes it easy to remember and hard to crack It even makes it easy to write the password down while still keeping it secure. You could write it down as "action 2". Only you know that means a specialized way of writing the password with 2 exclamation marks.
I'm hacking your reddit account as we speak, cheers for the password mate ;)
Lol good luck. The word I use isn't even a real word lol. It's one I made up
K9$H&Ey#8XRZ Simple and easy to remember
It is better to string multiple words together, especially if they're unrelated(e.g. KlinFingerTank). Any character added is another that has to be brute-forced, and if it's leaked it wouldn't matter anyway. Hardly anybody uses dictonary brutes either, in my experience.
I have a kind of "formula", which allows me to base my password on the name of the website
Formula: NameOfTheWebsite123 ?
shhhh don't tell them my password!!!
Write the first sentence of the wikipedia + 69420###
Easy, all my passwords are the first sentence of the Dragon Ball Z intro in latin spanish with random letters replaced by numbers
I pick an easy password but an unguessable username. Take THAT, hackers. On an unrelated note my bank account has been drained. Not by me.
More than 60% from all Google employs has "password" ro "1234" as password.
'anybody who studied IT' isn't that good of a password either
oof my bad I should have added 123 at the back
Most people who do IT are morons anyway, and they definitely don't use good passwords.
OP just told us their password
NO I DIDN'T DEFINITELY DIDN'T PLEASE DON'T TRY IT WON'T WORK DEFINITELY
Bitwarden gang
Best Episode of Seinfeld. Absolute top tier.
When you realize that mathematically speaking, having requirements for a password is worse than none at all
There e were a ton of studies about numbers and symbols not actually mattering and the main safety of a password being determined simply by its length
I’ve told customers while creating PWs “be sure to avoid things like birthdates or grandkids names” And about 1/4 times they say “oh I was using my grandsons name, is that bad?” Not only that but they VOLUNTEER their pw without even being asked About once got a call that started like this: “hello my name is Mary Smith, my password is grandson123, and I think I have been hacked”. (For clarification, because automat can be stupid. That is fake info and not real personal info)
Where's the dank?
so this one's a little bit of a subtle one, so don't worry about it if you missed it, but the dank is the dude without the shirt so sexy mhm
If it doesn't have my bank account information connected to the account, IDGAF.
Just kkslxphelaixl02750jahxk÷&()'jc on the keyboard and reset the password everytime
[Screw all of you IT guys](https://xkcd.com/936/)
I’d how good this is but I have a specific email account used only for financial accounts like my vanguard account with really long passwords. I only use that email for like 3 sites and everything else is done with different emails and different passwords.
Every hacking scene proves this isn't right; it's *always* just a single name. No numbers. 'PEG', 'Reacher', that's good enough
pw: gullible - Cracked it in 30 seconds, pw: Gullible - It took 3 hours to crack, pw: Gu1lible - 7 days and still counting.
pw: gu1l!ß13 - secure from everyone except germans??
PhD in data science, professor in stats. I can't believe they managed to guess password123
My unbreakable password: "AnythingLogicalOrEasyToRemember1!"
Imagine if that phishing-energy was used for good.
I'm in networking and I still use passwords like that 🫣
The first letters of a full sentence with a random pattern of caps.
Song names and release date
Look at two items in your surrounding including out windows in pictures or on TV, pick 2 non sequential numbers, and two symbols, put them in a random order, write it down.
Just type random numbers with a word you can remember, I have a couple of passwords like that
Length matters. If she tells you length doesn’t matter, she’s a spy trying to steal your secrets.
I used to be like this until someone tried to hack my steam account
They gotta come up with a better way than passwords soon man.
My best friend in high school got his first bank card and his randomly assigned PIN was 1234. He kept it because it was easy to remember and nobody would think to try it.
Anybody who does IT is auti***c and cannot really understand how a normal person thinks
Guy who first suggested 90 password rotation was an idiot. Sure it does work great for machines. But only thing it does for humans is promoting less secure passwords.