Log in
Register
What's new
Search
Search
Search titles only
By:
Menu
Log in
Register
What's new
Search
Search
Search titles only
By:
Forums
Tutorials
About
Rules
What's New
Driver Reference Table
Donate
Search titles only
By:
Latest activity
Register
Relaxation and Information Center
News You Can Use
Security News
The problem with website security is us!
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="AceInfinity" data-source="post: 38208" data-attributes="member: 4"><p>lol, it's funny because I know lots of other's passwords... Friends, relatives, etc... And the network of people that exist for the people that I know as well. This is so true I can't disagree. Nobody needs to "hack" anything if they wanted, they could probably just guess, or use a dictionary to bruteforce their way in. This is why:</p><p></p><p>1) You don't use dictionary words in your password</p><p>2) You don't use your name</p><p>3) Anything specific to you</p><p></p><p>You should at least be using a combination of things, but even I would suggest doing that. Your name combined with the birth year is still not good. If my name was Bob Smith for example, perhaps I would have a password like this:</p><p></p><p>[code]smithb0b24[/code]</p><p></p><p>Or:</p><p>[code]$mithb0b24[/code]</p><p></p><p>And depending on which websites, case sensitivity, matters, you could use an alternation as well:</p><p>[code]$mItHb0B24[/code]</p><p></p><p>Something like that is much better than something like "smith24". Mine is of no significance to myself at all, nor does it contain anywords, but it is 14 values in length both lowercase and uppercase letters, mixed with numbers. The larger your password is too, the more secure it would be to a bruteforce attack, because obviously there's more combinations.</p><p></p><p>My recommendation? A password that is at least 7 values long.</p><p></p><p>So regardless of how secure a website is, the last thing it comes down to is the password you chose as a user on the site lol. Aside from that, even if your password is good, it could be down to the developer that doesn't know what they are doing. Sending stuff in plain text over HTTP requests that could be intercepted... Allowing execution of javascript that could introduce an XSS attack, or perhaps not checking the input before the code later uses that data to query an SQL database introducing an SQL injection vulnerability?</p><p></p><p>Such easy mistakes to avoid, but yet these are all still THE most common thing you see, and who's to blame? Not the system itself, but us.</p></blockquote><p></p>
[QUOTE="AceInfinity, post: 38208, member: 4"] lol, it's funny because I know lots of other's passwords... Friends, relatives, etc... And the network of people that exist for the people that I know as well. This is so true I can't disagree. Nobody needs to "hack" anything if they wanted, they could probably just guess, or use a dictionary to bruteforce their way in. This is why: 1) You don't use dictionary words in your password 2) You don't use your name 3) Anything specific to you You should at least be using a combination of things, but even I would suggest doing that. Your name combined with the birth year is still not good. If my name was Bob Smith for example, perhaps I would have a password like this: [code]smithb0b24[/code] Or: [code]$mithb0b24[/code] And depending on which websites, case sensitivity, matters, you could use an alternation as well: [code]$mItHb0B24[/code] Something like that is much better than something like "smith24". Mine is of no significance to myself at all, nor does it contain anywords, but it is 14 values in length both lowercase and uppercase letters, mixed with numbers. The larger your password is too, the more secure it would be to a bruteforce attack, because obviously there's more combinations. My recommendation? A password that is at least 7 values long. So regardless of how secure a website is, the last thing it comes down to is the password you chose as a user on the site lol. Aside from that, even if your password is good, it could be down to the developer that doesn't know what they are doing. Sending stuff in plain text over HTTP requests that could be intercepted... Allowing execution of javascript that could introduce an XSS attack, or perhaps not checking the input before the code later uses that data to query an SQL database introducing an SQL injection vulnerability? Such easy mistakes to avoid, but yet these are all still THE most common thing you see, and who's to blame? Not the system itself, but us. [/QUOTE]
Insert quotes...
Verification
Post reply
Relaxation and Information Center
News You Can Use
Security News
The problem with website security is us!
Menu
Log in
Register
Top
