Jump to content



Photo

Leo Leporte Corrects 'CBS Sunday Morning' Segment on Passwords

video

  • Please log in to reply
52 replies to this topic

#1 +warwagon

warwagon

    Only you can prevent forest fires.

  • 26,179 posts
  • Joined: 30-November 01
  • Location: Iowa

Posted 16 July 2013 - 01:40

Leo Leporte Corrects 'CBS Sunday Morning' Segment on Passwords
 




#2 ILikeTobacco

ILikeTobacco

    Neowinian Senior

  • 4,789 posts
  • Joined: 08-July 10

Posted 16 July 2013 - 02:02

Is this guy really that stupid? Passwords are nothing but a theater show. If hackers want your password, they will get it. Look to Sony for the perfect example. How many sites have Anonymous giving out passwords for. His claim that any competent hacker can hack a password in 30 seconds is stupid. Social engineering is how they get passwords these days, not brute force because websites can actually detect that now. If they are a competent hacker, they won't use brute force, they will use social engineering. This guy thinks he's smart and ignores the reality of the situation. His advice is to store all of your passwords in one location which happens to be web accessable for someone to get to. That site must have paid him a fee to advertise for him to say that load of garbage.



#3 xWhiplash

xWhiplash

    Neowinian Senior

  • 1,590 posts
  • Joined: 07-March 08

Posted 16 July 2013 - 02:02

Yeah those password advice she gave were horrible.

 

 

Is this guy really that stupid? Passwords are nothing but a theater show. If hackers want your password, they will get it. Look to Sony for the perfect example. How many sites have Anonymous giving out passwords for. His claim that any competent hacker can hack a password in 30 seconds is stupid. Social engineering is how they get passwords these days, not brute force because websites can actually detect that now. If they are a competent hacker, they won't use brute force, they will use social engineering. This guy thinks he's smart and ignores the reality of the situation. His advice is to store all of your passwords in one location which happens to be web accessable for someone to get to. That site must have paid him a fee to advertise for him to say that load of garbage.

 
Do you know what the general public uses?  Things like Tony96.  You are telling me that a hacker cannot brute force that in under 30 seconds?  Not all sites require special characters.


#4 ILikeTobacco

ILikeTobacco

    Neowinian Senior

  • 4,789 posts
  • Joined: 08-July 10

Posted 16 July 2013 - 02:09

 

Yeah those password advice she gave were horrible.

 

 

 
Do you know what the general public uses?  Things like Tony96.  You are telling me that a hacker cannot brute force that in under 30 seconds?  Not all sites require special characters.

 

You can brute force Tony96 in under 30 seconds huh? Do you know what a brute force attack is? You try out millions of combinatins until one matches. Can you run a script like that that would get to Tony96 in under 30 seconds. Sure. Can you do it with less than 3-10 guesses before google, yahoo, or any other email provider locks the account? No. Like I said, he ignored the real world situation.

 

FYI her advice isn't very good but his advice is no better. Storing all of your passwords online in one central location is the dumbest thing you could possibly do short of posting all your passwords on your facebook feed.



#5 xWhiplash

xWhiplash

    Neowinian Senior

  • 1,590 posts
  • Joined: 07-March 08

Posted 16 July 2013 - 02:15

You can brute force Tony96 in under 30 seconds huh? Do you know what a brute force attack is? You try out millions of combinatins until one matches. Can you run a script like that that would get to Tony96 in under 30 seconds. Sure. Can you do it with less than 3-10 guesses before google, yahoo, or any other email provider locks the account? No. Like I said, he ignored the real world situation.

 

FYI her advice isn't very good but his advice is no better. Storing all of your passwords online in one central location is the dumbest thing you could possibly do short of posting all your passwords on your facebook feed.

 

Okay really?  Have you ever used LastPass?  It is highly recommended by A LOT of people.  So that is ALMOST AS BAD as posting you passwords IN PLAIN TEXT in FaceBook?  Okay....whatever you say.

 

For the people that use the same passwords over and over and over again, or have passwords like Tony96, LastPass is a good option since it generates a secure password that you do not need to memorize.  All you will need to do is remember ONE password.  And if you make just THAT ONE safe and secure, you do not have to worry about somebody getting into it.  Yes if you make your LastPass password Tony96 it would cause issues.



#6 ILikeTobacco

ILikeTobacco

    Neowinian Senior

  • 4,789 posts
  • Joined: 08-July 10

Posted 16 July 2013 - 02:25

Okay really?  Have you ever used LastPass?  It is highly recommended by A LOT of people.  So that is ALMOST AS BAD as posting you passwords IN PLAIN TEXT in FaceBook?  Okay....whatever you say.

 

For the people that use the same passwords over and over and over again, or have passwords like Tony96, LastPass is a good option since it generates a secure password that you do not need to memorize.  All you will need to do is remember ONE password.  And if you make just THAT ONE safe and secure, you do not have to worry about somebody getting into it.  Yes if you make your LastPass password Tony96 it would cause issues.

/facepalm. Yes I have used it, and when I realized its entire model is based on storing all of your passwords in on location, I promptly quit using it. Anyone who can't see why storing all of your passwords in one location that anyone can access is a bad idea has absolutely no idea about security. Who cares who highly recommends something. A LOT of people recommended using Sony's online environment for gaming. Clearly what A LOT of people recommend is always the best choice. Storing your passwords in one location is and will always be the dumbest thing you can do SHORT OF posting it in plain text for everyone to see.

 

But you know what, you are right. Sony never got hacked and even though the info was not stored in plain text, hackers never got to it. I wish I could live in a bubble fantasy that you call reality.



#7 OP +warwagon

warwagon

    Only you can prevent forest fires.

  • 26,179 posts
  • Joined: 30-November 01
  • Location: Iowa

Posted 16 July 2013 - 02:26

/facepalm. Yes I have used it, and when I realized its entire model is based on storing all of your passwords in on location, I promptly quit using it. Anyone who can't see why storing all of your passwords in one location that anyone can access is a bad idea has absolutely no idea about security. Who cares who highly recommends something. A LOT of people recommended using Sony's online environment for gaming. Clearly what A LOT of people recommend is always the best choice. Storing your passwords in one location is and will always be the dumbest thing you can do SHORT OF posting it in plain text for everyone to see.

 

But you know what, you are right. Sony never got hacked and even though the info was not stored in plain text, hackers never got to it. I wish I could live in a bubble fantasy that you call reality.

 

You do realize those passwords are encrypted with your master password?  A hacker can't just "hack lastpass" and get access to all your passwords....



#8 xWhiplash

xWhiplash

    Neowinian Senior

  • 1,590 posts
  • Joined: 07-March 08

Posted 16 July 2013 - 02:27

Oh well okay you are right.  Let's just keep letting the general user use Tony96 instead.  That is MUCH better.



#9 OP +warwagon

warwagon

    Only you can prevent forest fires.

  • 26,179 posts
  • Joined: 30-November 01
  • Location: Iowa

Posted 16 July 2013 - 02:28

Oh well okay you are right.  Let's just keep letting the general user use Tony96 instead.  That is MUCH better.

 

and Tony96 for EVERY WEBSITE!!

 

as far as brute forcing that might take a while. Unless it was offline. Then it wouldn't' take long at all. I would assuming it would have a dictionary of names and would start every name by itself

 

then every name with 1 next to it. I would bet it would go up to 2000 given most people use their birthday.

 

Type Tony96 into this.

 

https://www.grc.com/haystack.htm



#10 ILikeTobacco

ILikeTobacco

    Neowinian Senior

  • 4,789 posts
  • Joined: 08-July 10

Posted 16 July 2013 - 02:32

Oh well okay you are right.  Let's just keep letting the general user use Tony96 instead.  That is MUCH better.

Let me get this logic of yours straight. You are saying, store all of someones passwords, their emails, the credit cards, their bank passwords in one location instead of teaching them how to make a good password. How can you possible not see how stupid your advise is? Any security course will tell you that storing all of your passwords in one location is absolutely moronic.

 

What planet do you live on that all of those accounts don't lock you out after a few wrong guesses? Brute force attacks are not used on sites like those because by its very nature, it can't work. However storing all of your passwords in one location while hackers work there way into such a valuable source is the absolute dumbest thing you can do for your security. THe only way a hacker would use "Tony96" as one of the first guesses is through social engineering, not brute force. They would have to already know its the password before they put it into the site or they would be locked out.



#11 OP +warwagon

warwagon

    Only you can prevent forest fires.

  • 26,179 posts
  • Joined: 30-November 01
  • Location: Iowa

Posted 16 July 2013 - 02:34

Let me get this logic of yours straight. You are saying, store all of someones passwords, their emails, the credit cards, their bank passwords in one location instead of teaching them how to make a good password. How can you possible not see how stupid your advise is? Any security course will tell you that storing all of your passwords in one location is absolutely moronic.

 

 

You said "teaching them how to make a good password, not passowords" Which would imply 1 good password that you would the use on every site. That's also moronic.. At the moment i use roboform and have 280 passwords stored in it. I will never remember 280 passwords.



#12 Enron

Enron

    Windows for Workgroups

  • 9,222 posts
  • Joined: 30-May 11
  • OS: Windows 8.1 U1
  • Phone: Nokia Lumia 900

Posted 16 July 2013 - 02:35

You can brute force Tony96 in under 30 seconds huh? Do you know what a brute force attack is? You try out millions of combinatins until one matches. Can you run a script like that that would get to Tony96 in under 30 seconds. Sure. Can you do it with less than 3-10 guesses before google, yahoo, or any other email provider locks the account? No. Like I said, he ignored the real world situation.

 

FYI her advice isn't very good but his advice is no better. Storing all of your passwords online in one central location is the dumbest thing you could possibly do short of posting all your passwords on your facebook feed.

 

I thought brute force was when you press the keys as hard as you can, the web site has no choice but to let you in.



#13 OP +warwagon

warwagon

    Only you can prevent forest fires.

  • 26,179 posts
  • Joined: 30-November 01
  • Location: Iowa

Posted 16 July 2013 - 02:38

Let me get this logic of yours straight. You are saying, store all of someones passwords, their emails, the credit cards, their bank passwords in one location instead of teaching them how to make a good password. How can you possible not see how stupid your advise is? Any security course will tell you that storing all of your passwords in one location is absolutely moronic.

 

What planet do you live on that all of those accounts don't lock you out after a few wrong guesses? Brute force attacks are not used on sites like those because by its very nature, it can't work. However storing all of your passwords in one location while hackers work there way into such a valuable source is the absolute dumbest thing you can do for your security. THe only way a hacker would use "Tony96" as one of the first guesses is through social engineering, not brute force. They would have to already know its the password before they put it into the site or they would be locked out.

 

So how do you manage your passwords? Do you write them down? Do you use the same password on every website? Do you have 3 or 4 passwords you use on every website?



#14 Salutary7

Salutary7

    Neowinian

  • 459 posts
  • Joined: 05-March 12

Posted 16 July 2013 - 02:39

Hmm, I would agree that Leo isn't quite sure what he's saying.



#15 ILikeTobacco

ILikeTobacco

    Neowinian Senior

  • 4,789 posts
  • Joined: 08-July 10

Posted 16 July 2013 - 03:11

So how do you manage your passwords? Do you write them down? Do you use the same password on every website? Do you have 3 or 4 passwords you use on every website?

I have a different password for every website and all of them are similar but have a specific variation based on the website.


You said "teaching them how to make a good password, not passowords" Which would imply 1 good password that you would the use on every site. That's also moronic.. At the moment i use roboform and have 280 passwords stored in it. I will never remember 280 passwords.

No what it implies is nothing. Don't assume because you will likely always be wrong. Stop making a strawman where there isn't one. Of course using one good password is moronic. What leo and whiplash are both telling us to do is don't bother making any good passwords. Just store them all online so that if someone gets to them, you loose everything at once. It would be no different than using one password for everything which is what you are doing anyway since they all tie back to that one password.