How to Devise Passwords That Drive Hackers Away

By Hum
in Smart Home, Network & Security

 Share

Recommended Posts

Grand Master

Hum

Posted
Posted

FORGET THE DICTIONARY If your password can be found in a dictionary, you might as well not have one. ?The worst passwords are dictionary words or a small number of insertions or changes to words that are in the dictionary,? said Mr. Kocher. Hackers will often test passwords from a dictionary or aggregated from breaches. If your password is not in that set, hackers will typically move on.

NEVER USE THE SAME PASSWORD TWICE People tend to use the same password across multiple sites, a fact hackers regularly exploit. While cracking into someone?s professional profile on LinkedIn might not have dire consequences, hackers will use that password to crack into, say, someone?s e-mail, bank, or brokerage account where more valuable financial and personal data is stored.

COME UP WITH A PASSPHRASE The longer your password, the longer it will take to crack. A password should ideally be 14 characters or more in length if you want to make it uncrackable by an attacker in less than 24 hours. Because longer passwords tend to be harder to remember, consider a passphrase, such as a favorite movie quote, song lyric, or poem, and string together only the first one or two letters of each word in the sentence.

OR JUST JAM ON YOUR KEYBOARD For sensitive accounts, Mr. Grossman says that instead of a passphrase, he will randomly jam on his keyboard, intermittently hitting the Shift and Alt keys, and copy the result into a text file which he stores on an encrypted, password-protected USB drive. ?That way, if someone puts a gun to my head and demands to know my password, I can honestly say I don?t know it.?

STORE YOUR PASSWORDS SECURELY Do not store your passwords in your in-box or on your desktop. If malware infects your computer, you?re toast. Mr. Grossman stores his password file on an encrypted USB drive for which he has a long, complex password that he has memorized. He copies and pastes those passwords into accounts so that, in the event an attacker installs keystroke logging software on his computer, they cannot record the keystrokes to his password. Mr. Kocher takes a more old-fashioned approach: He keeps password hints, not the actual passwords, on a scrap of paper in his wallet. ?I try to keep my most sensitive information off the Internet completely,? Mr. Kocher said.

A PASSWORD MANAGER? MAYBE Password-protection software lets you store all your usernames and passwords in one place. Some programs will even create strong passwords for you and automatically log you in to sites as long as you provide one master password. LastPass, SplashData and AgileBits offer password management software for Windows, Macs and mobile devices. But consider yourself warned: Mr. Kocher said he did not use the software because even with encryption, it still lived on the computer itself. ?If someone steals my computer, I?ve lost my passwords.? Mr. Grossman said he did not trust the software because he didn?t write it. Indeed, at a security conference in Amsterdam earlier this year, hackers demonstrated how easily the cryptography used by many popular mobile password managers could be cracked.

IGNORE SECURITY QUESTIONS There is a limited set of answers to questions like ?What is your favorite color?? and most answers to questions like ?What middle school did you attend?? can be found on the Internet. Hackers use that information to reset your password and take control of your account. Earlier this year, a hacker claimed he was able to crack into Mitt Romney?s Hotmail and Dropbox accounts using the name of his favorite pet. A better approach would be to enter a password hint that has nothing to do with the question itself. For example, if the security question asks for the name of the hospital in which you were born, your answer might be: ?Your favorite song lyric.?

USE DIFFERENT BROWSERS Mr. Grossman makes a point of using different Web browsers for different activities. ?Pick one browser for ?promiscuous? browsing: online forums, news sites, blogs ? anything you don?t consider important,? he said. ?When you?re online banking or checking e-mail, fire up a secondary Web browser, then shut it down.? That way, if your browser catches an infection when you accidentally stumble on an X-rated site, your bank account is not necessarily compromised. As for which browser to use for which activities, a study last year by Accuvant Labs of Web browsers ? including Mozilla Firefox, Google Chrome and Microsoft Internet Explorer ? found that Chrome was the least susceptible to attacks.

SHARE CAUTIOUSLY ?You are your e-mail address and your password,? Mr. Kocher emphasized. Whenever possible, he will not register for online accounts using his real e-mail address. Instead he will use ?throwaway? e-mail addresses, like those offered by 10minutemail.com. Users register and confirm an online account, which self-destructs 10 minutes later. Mr. Grossman said he often warned people to treat anything they typed or shared online as public record.

?At some point, you will get hacked ? it?s only a matter of time,? warned Mr. Grossman. ?If that?s unacceptable to you, don?t put it online.?

more

Grand Master

The Evil Overlord

Posted
Posted

A good one I've found is to use a word from another language, and eastern european, asian etc... something that can be spelled out on an english keyboard, then using numbers to replace certain letters... but alas, xendrome does also make a good point

  • Draconian Guppy
  • Like 1
Mentor

MDboyz

Posted
Posted

The problem is that most people have too many accounts and hard to remember all the passwords. They choose the easy way is to have the same password for pretty much all accounts. The way I have all passwords different for each account, but it's still easy to remember all.

Just create one complex password (mix lower case, upper case, numbers, special character ... etc...). Then you can add the last two letters (or 3 up to you) based on the account. Pick one logic, so you won't forget.

Eg. my password is sAmpL3pa55.

So if I have account with Hotmail, and I pick the first and last letter, so my password now is sAmpL3pa55hl

For newegg, I have sAmpL3pa55ng

... and so on.

This is the easy logic to have different password for each account you own, and you still have the strong passwords.

Grand Master

Japlabot

Posted
Posted

?That way, if someone puts a gun to my head and demands to know my password, I can honestly say I don?t know it.?

I think that in this situation it would be probably better to give them the password and have the chance to live. You might end up dead anyway, but at least it's a chance.

Grand Master

Ambroos

Posted
Posted

This:

password_strength.png

If you REALLY want to test your password strength (all client-side javascript), try this one, it's amazing at analyzing password strength: https://dl.dropbox.com/u/209/zxcvbn/test/index.html

  • Phouchg and djdanster
  • Like 2
Rookie

VerletzerCR

Posted
Posted

OR JUST JAM ON YOUR KEYBOARD For sensitive accounts, Mr. Grossman says that instead of a passphrase, he will randomly jam on his keyboard, intermittently hitting the Shift and Alt keys, and copy the result into a text file which he stores on an encrypted, password-protected USB drive. ?That way, if someone puts a gun to my head and demands to know my password, I can honestly say I don?t know it.?

That's a great way to get yourself killed; assuming you're ever in a situation like that. Nobody in this day and age has an excuse to make a password based off a word that can be found in a dictionary are something such as "12345." People that do this honestly deserve to be hacked.

Grand Master

primexx

Posted
Posted

password_strength.png

This is the most widely repeated advice on passwords, and it's completely wrong. "correct horse battery staple" is about as secure as "xkcd" because - guess what - crackers use this newfangled thing called a dictionary.

The best password advice I've seen to-date is this https://www.grc.com/haystack.htm

The problem is that most people have too many accounts and hard to remember all the passwords. They choose the easy way is to have the same password for pretty much all accounts. The way I have all passwords different for each account, but it's still easy to remember all.

Just create one complex password (mix lower case, upper case, numbers, special character ... etc...). Then you can add the last two letters (or 3 up to you) based on the account. Pick one logic, so you won't forget.

Eg. my password is sAmpL3pa55.

So if I have account with Hotmail, and I pick the first and last letter, so my password now is sAmpL3pa55hl

For newegg, I have sAmpL3pa55ng

... and so on.

This is the easy logic to have different password for each account you own, and you still have the strong passwords.

the problem with that is that attackers actually take this into account as well, and if you look at the recent high profile cracks a lot of users do append the site's name (or a derivative thereof) onto a "general" password and it's no better because the pattern is trivial to figure out. now, part of it could be mitigated if everyone actually used sane password storage practices, but that seems to be quite a rarity.

  • djdanster, ThatOne6uy and FiB3R
  • Like 3
Mentor

MDboyz

Posted
Posted

Not really. They still have to figure out the complex password that you create. My logic is the easy way to have diff passwords for each account. I don't recommend people to create a simple one and attach the site name after like 123newegg.

the problem with that is that attackers actually take this into account as well, and if you look at the recent high profile cracks a lot of users do append the site's name (or a derivative thereof) onto a "general" password and it's no better because the pattern is trivial to figure out. now, part of it could be mitigated if everyone actually used sane password storage practices, but that seems to be quite a rarity.

Grand Master

DPyro

Posted
Posted

I think people are being a little paranoid here. There are over 6 billion people in the world. There is security in just the shear number of people who use computers. No one cares about an individual person unless your really important. As long as you make your passwords reasonably hard to guess there should be nothing to worry about.

Grand Master

primexx

Posted
Posted

I think people are being a little paranoid here. There are over 6 billion people in the world. There is security in just the shear number of people who use computers. No one cares about an individual person unless your really important. As long as you make your passwords reasonably hard to guess there should be nothing to worry about.

sure it's unlikely that someone would individually target you, but when a huge corp's databases leak and you have a weak/non-unique password, you bet the attackers will take advantage of that. they won't care who you are, but they will care about your bank account.

Grand Master

the evn show

Posted
Posted

This is the most widely repeated advice on passwords, and it's completely wrong. "correct horse battery staple" is about as secure as "xkcd" because - guess what - crackers use this newfangled thing called a dictionary.

The math is easy. Can you explain why he's wrong?

Assume I use diceware and assume I give you the dictionary that I used to generate passwords (7776 words). Assume I tell you my password is at most 6 words long. Calculate the key space taking into account what you know:

7776^6 = 2.2E23

Compare to a 12 character "random, but easily typed character" password: a-zA-Z0-9 and all of the typical symbols: !@#$[];',. etc. Let's just call it 80 characters.

Sigma(n=1,12) 80^n = 7.0E22

So 6 random words form a dictionary that the attacker knows is an order of magnitude larger search space than 12 random characters.

My comparison assumes the 'best case' for random passwords: brute force search of the entire key space. I also assumed the worst case for diceware passwords (the attacker knows exactly which words are valid in my password, that I used only lower case letters to type them, that it's exactly 6 words long - not 4, not 7) and still diceware is better than 12 random digits by a large amount. Bumping it to 16 random characters vs 6 random words does not erase the advantage diceware ware if you allow me a minor change like "maybe I don't use spaces" or "maybe I capitalize some words".

The XKCD comic restricted the comparison space - he assumed the attacker knew the strategies in both cases and tuned his algorithm accordingly. He was also considering the common advice to start with a random word and modify it some way - that ends up in a much smaller amount of entropy than a purely random password. I tried to correct for these short comings in my example just to show that his advice still holds.

In his example and looking at his concerns (how hard is it to generate and memorize a strong password) things favour the random words approach even more. If the attacker doesn't have information about what passwords should look like and they resort to brute forcing the entire a-z0-9+symbols search space then the longer password will be stronger - that tends to favour diceware for the reason he highlighted.

The best password advice I've seen to-date is this https://www.grc.com/haystack.htm

Using your recommended site to evaluate passwords:

First I used diceware to make a 6 random word (The minimum recommended length) password:

  • Password: cash party island beset waxen coil
  • Search Space: 1.65E60
  • Massive Cracking Array Scenario: 5.23 trillion trillion trillion centuries

Note that the advantage calculated here is much higher than in my example because here he's assuming the attacker only knows that he has to search a-z+spaces, not that he can restrict his key space to combinations of a specific list of 7776 words.

Using keychain to generate a 12 character random password:

  • Password: zXn6(iy77&:r
  • Search space: 5.23E23
  • Massive Cracking Array Scenario: 1.74 centuries

Assuming compute speed doubles ever year and that 1.74 centuries starts looking pretty damn small. If you're sending 'sexy pictures' with a 12 character password to a mistress now - they'll be pretty easy to crack (1 month) in 10 years when your wife is looking to divorce for a history of cheating. What are the odds those files end up laying about on a gmail account waiting for a sopena?

In order to reach the same "durability" as I had with diceware I had to use a 30 character random character password. That seems to demonstrate exactly the point Randal was making: a few random words is just as strong and infinitely easier to memorize than random passwords or using a common strategy of mangling an uncommon word in predictable ways.

Grand Master

primexx

Posted
Posted

The math is easy. Can you explain why he's wrong?

Assume I use diceware and assume I give you the dictionary that I used to generate passwords (7776 words). Assume I tell you my password is at most 6 words long. Calculate the key space taking into account what you know:

7776^6 = 2.2E23

Compare to a 12 character "random, but easily typed character" password: a-zA-Z0-9 and all of the typical symbols: !@#$[];',. etc. Let's just call it 80 characters.

Sigma(n=1,12) 80^n = 7.0E22

So 6 random words form a dictionary that the attacker knows is an order of magnitude larger search space than 12 random characters.

My comparison assumes the 'best case' for random passwords: brute force search of the entire key space. I also assumed the worst case for diceware passwords (the attacker knows exactly which words are valid in my password, that I used only lower case letters to type them, that it's exactly 6 words long - not 4, not 7) and still diceware is better than 12 random digits by a large amount. Bumping it to 16 random characters vs 6 random words does not erase the advantage diceware ware if you allow me a minor change like "maybe I don't use spaces" or "maybe I capitalize some words".

The XKCD comic restricted the comparison space - he assumed the attacker knew the strategies in both cases and tuned his algorithm accordingly. He was also considering the common advice to start with a random word and modify it some way - that ends up in a much smaller amount of entropy than a purely random password. I tried to correct for these short comings in my example just to show that his advice still holds.

In his example and looking at his concerns (how hard is it to generate and memorize a strong password) things favour the random words approach even more. If the attacker doesn't have information about what passwords should look like and they resort to brute forcing the entire a-z0-9+symbols search space then the longer password will be stronger - that tends to favour diceware for the reason he highlighted.

Using your recommended site to evaluate passwords:

First I used diceware to make a 6 random word (The minimum recommended length) password:

  • Password: cash party island beset waxen coil
  • Search Space: 1.65E60
  • Massive Cracking Array Scenario: 5.23 trillion trillion trillion centuries

Note that the advantage calculated here is much higher than in my example because here he's assuming the attacker only knows that he has to search a-z+spaces, not that he can restrict his key space to combinations of a specific list of 7776 words.

Using keychain to generate a 12 character random password:

  • Password: zXn6(iy77&:r
  • Search space: 5.23E23
  • Massive Cracking Array Scenario: 1.74 centuries

Assuming compute speed doubles ever year and that 1.74 centuries starts looking pretty damn small. If you're sending 'sexy pictures' with a 12 character password to a mistress now - they'll be pretty easy to crack (1 month) in 10 years when your wife is looking to divorce for a history of cheating. What are the odds those files end up laying about on a gmail account waiting for a sopena?

In order to reach the same "durability" as I had with diceware I had to use a 30 character random character password. That seems to demonstrate exactly the point Randal was making: a few random words is just as strong and infinitely easier to memorize than random passwords or using a common strategy of mangling an uncommon word in predictable ways.

you're right, it's not completely the same, but the fact that it's using real words from a dictionary means it's not all that strong either. essentially the difference is between a 4 character password where each character can be one of ~70 choices and a 4 character password where each character can be one of ~10,000 choices (arbitrary example), while yes, it is stronger, it still takes a sane amount of time to crack. an order of magnitute, as you have calculated, is not really that much stronger in terms of passwords. The mistake that Randall made is exactly the one that you pointed out in the haystack calculator that I linked - it doesn't take into account dictionary attacks. Steve Gibson's method, on the other hand, is not vulnerable to a dictionary attack (of course, it might have other weaknesses of its own).

Grand Master

the evn show

Posted
Posted

essentially the difference is between a 4 character password where each character can be one of ~70 choices and a 4 character password where each character can be one of ~10,000 choices (arbitrary example), while yes, it is stronger, it still takes a sane amount of time to crack.

What are you talking about - it's like you didn't even read the post.

an order of magnitute, as you have calculated, is not really that much stronger in terms of passwords.

It's the difference between a year and a decade. An order of magnitude is the difference between minimum wage and 1%. Between failing a math class and having the top score.

A 'six word' password is 30,000,000,000,000,000,000,000,000,000x times stronger than a 12 random character password when it comes to resisting brute force attacks 10x stronger when I give you the dictionary I used, the number of words, I used, and the combination method (spaces,all lower case, etc).

If you're not seeing how this is true the you're literally struggling with the concept that 23 > 22.

The mistake that Randall made is exactly the one that you pointed out in the haystack calculator that I linked - it doesn't take into account dictionary attacks.

I pointed out that issue, then did the math for you to show that even if you correct for that mistake you still don't eliminate the advantage of 6-word passwords.

Once again: show the math. Given your difficultly with inequality I can see why your hesitant to trundle into the lofty world of exponents but I believe in you! You can do it if you try!

Steve Gibson's method, on the other hand, is not vulnerable to a dictionary attack (of course, it might have other weaknesses of its own).

Diceware passwords aren't vulnerable to dictionary attacks in any meaningful sense either. I get the feeling you don't actually know what that term means or how it actually works in practice.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • An oversimplified explanations of Passkeys

      By +Warwagon · Posted

      Passkeys: Think of them like a broken heart necklace. Imagine one of those heart necklaces that breaks into two matching pieces. One person keeps one half, and the other person keeps the other half. With passkeys, the website has one half, and you have the other half. If the website gets hacked and someone steals its half, that stolen piece is useless by itself. It cannot unlock your account without your matching half. This particular heart necklace is one of a kind, there is only one in existence. Your half of the necklace has to be stored somewhere. It might be stored on your phone, tablet, computer, security key, or a password manager that can sync it between all your devices. A security key is a small physical device that you keep with you, kind of like a house key, car key, or flash drive. I would not usually recommend a security key as the first option for the average person. For most people, it is easier to use their phone, computer, or a password manager that can sync passkeys between their devices. A security key is more like a spare key you keep in a safe place, just in case you lose access to your other devices or your password manager. Some security keys plug into your computer. Some plug into your phone or tablet. Some do not plug in at all and instead get tapped against your device. The idea is simple: a security key can hold another passkey for the same website. Think of it like creating a second one-of-a-kind heart necklace for the same account. One necklace could be paired with your password manager, while another necklace could be paired with your security key. That means the website has more than one matching half on file. One half matches the passkey in your password manager. Another half matches the passkey stored on your security key. So, if you lose access to your phone, computer, or password manager, you would still be able to log in using the passkey stored on your security key. Think of it like keeping an extra special necklace piece on a tiny keychain, stored somewhere safe. The website still has the matching half for that security key, but your half is safely stored inside the little key. A passkey does not automatically exist on every device you own. It lives wherever you save it. If your half is stored on one device, then that device is the one that has the matching piece. For example, if you create the passkey on your Windows computer and it is only saved to that computer, your iPhone does not automatically have that same half. If you create it on your iPhone and it only stays on that iPhone, your Android phone does not automatically have it either. That is where password managers come in. A password manager can act like a protected jewelry box for your passkeys. Instead of your half of the necklace being locked to only one device, the password manager can securely sync that half to your other approved devices. For example, Apple Passwords and iCloud Keychain can sync passkeys between your Apple devices. Google Password Manager can sync passkeys with your Google account. But password managers such as 1Password and Bitwarden can sync passkeys between everything, your phones, tablets and computers. Now, you might ask: “What happens if I lose access to the device that has my passkey?” That depends on where your passkey was saved and what recovery options the website gives you. If your passkey was synced through a password manager, you may be able to sign in from another device that has access to that same password manager. For example, if your passkey is saved in iCloud Keychain, Google Password Manager, 1Password, or Bitwarden, another approved device may still have access to it. If your passkey was saved only on one phone, computer, or security key, and you lose that device, then you may not have your half of the necklace anymore. In that case, you would usually need to use the website’s backup login or account recovery options. A lot of websites that support passkeys still let you fall back to your regular password. So if you lose access to your passkey, the site may still let you log in with your password, a code sent to your email, a text message, a recovery code, or some other account recovery process. That is convenient, but it is also important to understand: if the website still allows password login, then your password still matters. Passkeys are safer than passwords, but if your account still has a password as a backup, you should still use a strong, unique password and turn on two-factor authentication if the website offers it. This is why it is a good idea to have more than one safe way back into important accounts. For example, you might keep your passkey in a syncing password manager, add a second trusted device, save recovery codes somewhere safe, or set up a backup security key. A passkey is very secure, but just like a real key, you need a backup plan in case you lose access to it. Now, you might ask: “What stops a hacker from copying my half of the necklace?” That’s the important part: your half is protected. It is not something you type in, and it is not something the website gets to keep. Think of your half as being locked inside a tiny safe on your phone, computer, security key, or password manager. That safe only opens when you approve it with your fingerprint, face, PIN, or device password. When you log in, the website does not need to see your half. It only needs proof that your half matches its half. Your actual half is not handed over to the website. This is different from a password. With a password, you type the secret into the website. If you type it into a fake website, the hacker now has it. With a passkey, you are not typing your secret into the website. Your device is proving you have the matching half without giving the half away. That also helps protect you from fake websites. If someone makes a fake login page that looks like the real site, your device can tell it is not the real match. It will not use your passkey there. Now, could someone use your passkey if they stole your device, got into your password manager, or somehow unlocked the safe that holds your half? Yes, that is why your device password, PIN, fingerprint, face unlock, and password manager security still matter. But a hacker cannot just steal your passkey from the website or trick you into typing it into a fake page like they can with a password. That is why passkeys are safer than passwords. The two matching pieces have to come together, like two lovebirds who were once separated and are finally reunited.
    • Newegg offers insane combo deal on Amazon Prime Day 2026 that beats Steam Machine

      By hellowalkman · Posted

      Newegg offers insane combo deal on Amazon Prime Day 2026 that beats Steam Machine by Sayan Sen Building a PC is undoubtedly difficult nowadays but with this epic combo deal, Newegg is trying to make it as easy for you as it is possible. If you are making a new one or even upgrading an old system to a new Windows 11 device, this combo bundle is truly unmissable as you get AMD's Ryzen 9800X3D, a compatible X870 motherboard, a 240mm AIO liquid cooler and finally a Samsung 990 PRO SSD all for under $1000 (purchase link under the specs table down below). This should beat out the newly launched Steam Machine from Valve in terms of performance and performance per dollar especially if you are willing to set Linux up on it. Essentially with this combo you will get the AMD Ryzen 7 9800X3D 8-core 3D V cache CPU, Samsung's 990 PRO 2TB NVMe SSD, the MSI MAG X870 TOMAHAWK WIFI ATX Motherboard, and finally the Cooler Master Elite Liquid 240. Thanks to that massive vertically stacked L3 cache, the X3D desktop processors, including the 9800X3D, also come with the benefit of not needing fast memory. Even DDR5-5600 should be plenty for it. The technical specifications of the Ryzen 7 9800X3D are given in the table below: Specification Value Architecture Zen 5 Cores / Threads 8 / 16 Base Clock 4.7 GHz Max Boost Clock Up to 5.2 GHz L1 Cache 640 KB L2 Cache 8 MB L3 Cache 96 MB Total Cache 104 MB CPU Core Process TSMC 4nm FinFET I/O Die Process TSMC 6nm FinFET Socket AM5 Default TDP 120W Max Temperature (Tjmax) 95°C Thermal Solution Not included Memory Type DDR5 Max Capacity 256 GB Memory Speeds 2x1R: DDR5-5600 2x2R: DDR5-5600 4x1R: DDR5-3600 4x2R: DDR5-3600 PCIe Version PCIe 5.0 PCIe Lanes (Total/Usable) 28 / 24 USB 3.2 Gen 2 (10Gbps) 4 USB 2.0 1 Graphics Cores 2 CU RDNA 2 Frequency 2200 MHz DisplayPort over USB-C Yes Overclocking Unlocked Up next we have the tech specs for the MSI MAG X870 TOMAHAWK WIFI Motherboard: Specification Value Chipset AMD X870 CPU Support AMD Ryzen 9000 / 8000 / 7000 Series Desktop Processors Socket AM5 Memory Slots 4 × DDR5 UDIMM Maximum Memory Capacity 256GB Memory Support DDR5 8400–5600 MT/s (OC), DDR5 5600–4800 MT/s (JEDEC) Integrated Graphics Outputs 1 × HDMI 2.1 FRL (up to 8K 60Hz) 2 × USB4 Type-C with DisplayPort 1.4 HBR3 (up to 4K 60Hz) Expansion Slots PCI_E1: PCIe 5.0 x16 (CPU) PCI_E2: PCIe 3.0 x1 (Chipset) PCI_E3: PCIe 4.0 x4 (Chipset) Audio Realtek ALC4080 Codec 7.1-Channel USB High Performance Audio Supports up to 32-bit/384kHz playback on front panel S/PDIF output M.2 Slots 4 × M.2 M2_1: PCIe 5.0 x4 (CPU, 22110/2280) M2_2: PCIe 5.0 x4 (CPU, 2280/2260) M2_3: PCIe 4.0 x2 (Chipset, 2280/2260) M2_4: PCIe 4.0 x4 (Chipset, 2280/2260) SATA Ports 4 × SATA 6Gb/s RAID Support RAID 0, 1, 5, 10 for M.2 NVMe storage devices Rear USB Ports 4 × USB 2.0 3 × USB 5Gbps Type-A 2 × USB 10Gbps Type-A 1 × USB 10Gbps Type-C 2 × USB4 40Gbps Type-C Front USB Headers 4 × USB 2.0 4 × USB 5Gbps Type-A 1 × USB 20Gbps Type-C LAN Realtek 8126-CG 5G LAN Wireless Wi-Fi 7 (M.2 Key-E module pre-installed) Supports 2.4GHz / 5GHz / 6GHz bands Up to 5.8Gbps Supports 802.11 a/b/g/n/ac/ax/be Bluetooth Bluetooth 5.4, MLO, 4KQAM Internal Power Connectors 1 × 24-pin ATX Power 2 × CPU Power Connectors 1 × PCIe 8-pin Power Connector Fan Headers 1 × CPU Fan 1 × Combo Fan (Pump/System) 6 × System Fan RGB Headers 3 × Addressable V2 RGB (JARGB_V2) 1 × RGB LED (JRGB) Other Internal Headers 1 × EZ Conn-header 2 × Front Panel Headers 1 × Chassis Intrusion 1 × Front Audio 1 × TPM 2.0 Header Debug Features 4 × EZ Debug LEDs 1 × EZ Digit Debug LED Rear I/O Ports Clear CMOS Button Flash BIOS Button HDMI 2 × USB 40Gbps Type-C 1 × USB 10Gbps Type-C 4 × USB 10Gbps Type-A 3 × USB 5Gbps Type-A 4 × USB 2.0 5G LAN Port Wi-Fi/Bluetooth Antenna Connectors Audio Connectors Form Factor ATX The Samsung 990 PRO is a PCIe Gen4 NVMe SSD and still one of the fastest drives available today for under $500. Speaking of fast, sequential reads and writes are rated at 7450 MB/s and 6900 MB/s, respectively. The random throughputs for reads and writes are 1400K IOPS and 1550K IOPS, respectively. The 990 PRO is based on Samsung's 7th Gen V-NAND flash, and it too is TLC. It packs 2 gigs of LPDDR4 DRAM cache, which helps the random performance. The endurance rating for this is 1200 TBW (terabytes written), which should be sufficient for most users. The Samsung 990 PRO is compatible with the PlayStation 5, but if you are going to use the 990 PRO on a PC, check out the Samsung Magician app that lets you track your drive's health, update its firmware, customize various settings, and more. The tech specs are given below: Specification Value Interface PCIe Gen 4.0 x4, NVMe 2.0 Form Factor M.2 2280 Controller Samsung In-house Controller NAND Flash 3D TLC DRAM Cache 2GB LPDDR4 Sequential Read (Max) 7,450 MB/s Sequential Write (Max) 6,900 MB/s Random Read (4K) Up to 1,400,000 IOPS Random Write (4K) Up to 1,550,000 IOPS TBW (Endurance) 1,200 TBW MTBF 1,500,000 hours Operating Temperature 0°C to 70°C Storage Temperature -40°C to 85°C Shock Resistance 1,500G / 0.5ms Heatsink No Get the combo deal at this link: AMD Ryzen 7 9800X3D, Samsung 990 PRO 2TB, MSI MAG X870 TOMAHAWK WIFI motherboard, Cooler Master Elite Liquid 240: $784.99 + $25 off with promo code FTTF77: $759.99 (Sold and Shipped by Newegg US) Good to know This Newegg deal is U.S. specific, and not available in other regions unless specified. We only use first-party seller links (at the time of article publishing); ensure that you purchase from a first-party seller link only. Check out Today's Deals on Amazon | or our recent tech deals. Become a Prime member (for Students or SNAP) via Neowin Get Prime Access - Prime for half price (for qualifying Medicaid, EBT, SNAP) Subscribe to Prime Video, Audible Plus, Music Unlimited or Kindle Unlimited via Neowin As an Amazon Associate, we earn from qualifying purchases.
    • AMD confirms 26.6.2 FSR driver breaks on many Windows PCs

      By sphbecker · Posted

      I heard from a lot of people that driver support for the latest games when RDNA first came out (Radeon 5000 series) was pretty bad, but if you didn't buy the card on day one, or were not trying to play the latest titles, then you were isolated from that issue. Other than that, it's been good and only getting better.
    • Meta launches new AI glasses in 26 styles and Muse Spark multimodal capabilties

      By pradeepviswav · Posted

      Meta launches new AI glasses in 26 styles and Muse Spark multimodal capabilties by Pradeep Viswanathan Meta today announced a new line of Meta Glasses in partnership with EssilorLuxottica. The new AI glasses build on the company’s existing smart glasses portfolio, which is sold under the Ray-Ban Meta and Oakley Meta brands. The new Meta Glasses start at just $299, are compatible with prescription lenses, and will be available in 26 styles across different colors, lenses, and frames. At launch, Meta Glasses will be available in three frame styles. The Meta Adventurer features a clean rectangular design and comes in Standard and Large sizes. The Meta Fury is a bolder frame for users who want a stronger look. Meta Glasses by Kylie is a slim oval frame designed in collaboration with Kylie Jenner. Similar to existing Meta AI Glasses, the new Meta Glasses include a dedicated action button that can be used to quickly access Meta AI or launch a favorite feature. They also feature open-ear speakers for calls, music, and more. Meta has also included a multi-mic array with wind noise reduction for calls and messaging. Users can capture photos and videos hands-free using voice commands. Meta claims more than eight hours of battery life, while the portable charging case can provide up to 40 additional hours. As expected, Meta Glasses come pre-loaded with Meta AI powered by Muse Spark from day one. Muse Spark is the first model from Meta Superintelligence Labs with improved multimodal capabilities. The same Meta AI upgrade is also now available on existing Ray-Ban Meta and Oakley Meta Glasses in the US and Canada via an update. With the Muse Spark-powered AI assistant, Meta AI in the new glasses can provide smarter answers, understand what the user is seeing, and help with daily tasks such as calendar management and navigation. Meta also announced an upcoming feature called the dynamic photo feature, which captures multiple frames and recommends the best one. Pedestrian navigation is also coming soon to these glasses. Meta is also adding support for 14 new live translation languages, including Japanese, Mandarin Chinese, Hindi, and Korean. The new Meta Glasses are available starting today through Meta.com, Best Buy, Amazon, LensCrafters, Sunglass Hut, and select retailers.
    • Why you need to take back control of your synced passwords and how to go about doing that

      By fintechfooty · Posted

      is that a personal preference? whether it is or isn't, i get where you're coming from. i try to get and use fully open sourced applications whenever i can but there are instances where i find a superior product that is closed sourced. in these cases i do my best to learn about the company, who operates it, their background, parent and sub structure etc. to some extent, depending on "the smell test". i really believe that Syncback is really and truly something great. even if you don't use it, it's always worth a recommendation to someone else, especially if that someone else is not very computer literate. for someone of your calibre you, you'll manage just fine with Syncthing, no doubt about it.

  • Recent Achievements

    • One Month Later
      timbobit earned a badge
      One Month Later
    • One Month Later
      nates earned a badge
      One Month Later
    • Week One Done
      Almohandis earned a badge
      Week One Done
    • Rookie
      dorf went up a rank
      Rookie
    • First Post
      mike_rumble earned a badge
      First Post

  • Popular Contributors

    1. 1
      +primortal
      468
    2. 2
      +Edouard
      166
    3. 3
      PsYcHoKiLLa
      104
    4. 4
      Michael Scrip
      87
    5. 5
      Steven P.
      70
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!