Which is the better password & 4 facts about passwords
-
Not to mention that you'll still want a contact list on there. So are you saying you never add a phone number/email address/etc via the phone? You only do it via another device? cause if you do it via the phone, then you do want/need backups/syncing.
-
@Dashrender said:
@BRRABill said:
@Dashrender said:
You have backups don't you? shouldn't be an issue.
No need for backups. No data is stored on the phone anymore.
I've caved to the @scottalanmiller method of data storage.
This doesn't make sense to me. If you, like he, takes pictures with your phone - how do you get them off the phone? Unless you just don't care about them.. or, you only take pictures assuming you can post them to wherever that moment.. if not, you skip the pic.
Auto upload is where it's at man. I could completely destroy/loose my phone tomorrow and all my pictures/videos would be available online. Considering that's really all that I care about on the phone, well, great!
-
@BRRABill said:
@Dashrender said:
This doesn't make sense to me. If you, like he, takes pictures with your phone - how do you get them off the phone? Unless you just don't care about them.. or, you only take pictures assuming you can post them to wherever that moment.. if not, you skip the pic.
Goes right to iCloud.
technically a backup.
-
@BRRABill said:
Goes right to iCloud.
I'm not sure I don't like my OCD control over my pictures.
But I have to admit it's pretty nice not having to worry about it.
-
@Dashrender said:
Not to mention that you'll still want a contact list on there. So are you saying you never add a phone number/email address/etc via the phone? You only do it via another device? cause if you do it via the phone, then you do want/need backups/syncing.
All that stuff syncs with my Exchange account. If they phone got wiped, I'd just reinstall the Exchange account and it all would be back.
-
@BRRABill said:
@Dashrender said:
Not to mention that you'll still want a contact list on there. So are you saying you never add a phone number/email address/etc via the phone? You only do it via another device? cause if you do it via the phone, then you do want/need backups/syncing.
All that stuff syncs with my Exchange account. If they phone got wiped, I'd just reinstall the Exchange account and it all would be back.
That syncing is a form of backup.. so it's not accurate to say there is no data on the phone you care about.. it's more accurate to say that anything on the phone you do care about is snyc'ed/backed up to someplace else that comes right back with my new/wiped phone.
-
@Dashrender said:
technically a backup.
I'm not arguing with you, per se.
I'm just saying there is no data JUST on the phone that I care about losing.
Not so before ML. I'd have months of pictures and stuff I never got around to copying off the phone.
My first step was just to enable iCloud backup. Then I went whole hog.
I might even one day just use OneDrive, because that is where all my other pictures are located. But I"ve just ... delayed doing that.
-
@Dashrender said:
That syncing is a form of backup.. so it's not accurate to say there is no data on the phone you care about.. it's more accurate to say that anything on the phone you do care about is snyc'ed/backed up to someplace else that comes right back with my new/wiped phone.
There is no data solely on the phone I am worried about losing because don't have it elsewhere, correct.
-
Of course, as I say this, I forgot that last week I tried accessing PHOTOS on iCloud through my browser, and could not.
Figured it was a fluke.
Tried again today? NADA. Keeps saying it is a network error.
Good job, Apple.
-
@BRRABill said:
Of course, as I say this, I forgot that last week I tried accessing PHOTOS on iCloud through my browser, and could not.
Figured it was a fluke.
Tried again today? NADA. Keeps saying it is a network error.
Good job, Apple.
Time to switch it to OneDrive right now!
-
-
During a password cracking contest years ago we were able to crack multiple word passwords of considerable length, sometimes even faster than the more complex shorter passwords.
However, passwords like this with a number in the middle of the word or even slightly misspelled proved to basically be nearly impossible. I also use a lot of Serbian or Hungarian words mixed in my passwords. For example, a temporary password I created for one of my employees yesterday was:
%Kalendardishwasherbiber25
Percent sign, calendar (with a K, which funnily is the original spelling), dashwasher, and the Serbian word for Pepper, which hilarious is also the Serbian spelling for Justin Bieber's last name.
This was just a temporary one. The kind I would use, using this one as the base, would be something like:
%Kalendard1shwasherbiber255555
Similar idea, but I replaced one of the letters with a number, still had 25, but did the 5 five times. This is a more complex version though, typically I just do one of these things, but most of the time it's typically three, four, or five words depending on length with at least 1 number stuck in the middle and some at the end, and one of the words misspelled.
The words typically are always a mix too of English, Serbian, Hungarian, and sometimes Arabic words, but I don't speak Arabic fluently so they're usually religious or traditional words.
-
@Dashrender said:
Time to switch it to OneDrive right now!
After being escalated to three levels, still no resolution.
Strangely enough I think the third level (who English was not his first language) was the worst. He kept called Google Chrome "Google dot com"
-
@Dashrender said:
The problem that I have with SevenTimesSevenEqualsEleven is that those are each a work in the dictionary. If you treat each word as a single character, you now have a 5 character password.
Five characters with 171,000 possibilities each in English alone, not including spelling variations, or capitalization variations. So very, very different than how you are thinking of characters.
Also, you do NOT have a five character set unless the attacker already knows that you are using specific formats and only English language words. To think of this as a reduced set requires you do have the majority of the password already broken (set reduction.) You never hear people applying this same logic to "complex" passwords even though it exists there, too.
-
@Dashrender said:
The tiniest amount of complexity added to SevenTimesSevenEqualsEleven, say SevenTimesXSevenEqualsEleven Dramatically improves the security of this password.
No complexity has been added, that's not what complexity means. All you have done is increased the length by one character. That alone increases security, but adding one character, but nothing more.
-
@wirestyle22 said:
I always thought that if there is a lockout after 4-5 wrong passwords, dictionary attacks don't really matter. Opinions?
That's a huge assumption. If you do lockouts like that with a lot of things they become a vector for DDoS attacks. Don't like someone at work, lock them out all the time. Don't like someone on the Internet, lock them out forever. Can't always do that. It's a great idea but...
- Can't be used in all cases.
- Isn't used in all cases regardless of if it should be.
- If we are talking about compromised hardware, they will just disable the lock out.
-
@wirestyle22 said:
If a device were stolen I would remote wipe though, right?
You are relying on easily bypassed mechanisms. How do you remote wipe a stolen device that is offlline or in a faraday cage? How do you remote quite your stolen laptop, desktop or server? How do you remote wipe a hard drive that isn't in a computer any longer?
-
@Dashrender said:
Because it's no longer a pure dictionary attack. The letter X (I don't think) isn't in the dictionary because it's not a word).
You are depending on the hacker knowing the kind of password that it is. If they know that, none of this matters. Basically you are assuming that the attackers knows a huge portion of the password already in order to determine how effective an attack will be. Assuming real world and the attacker does not already know the password set (when would this ever happen?) the added X makes no difference.
Also X would be in any attack (not English) dictionary.
-
@Dashrender said:
@BRRABill said:
@Dashrender said:
You have backups don't you? shouldn't be an issue.
No need for backups. No data is stored on the phone anymore.
I've caved to the @scottalanmiller method of data storage.
This doesn't make sense to me. If you, like he, takes pictures with your phone - how do you get them off the phone? Unless you just don't care about them.. or, you only take pictures assuming you can post them to wherever that moment.. if not, you skip the pic.
Lots of services upload pictures immediately as they are taken. It's the default for many of them.
-
@Dashrender said:
Not to mention that you'll still want a contact list on there. So are you saying you never add a phone number/email address/etc via the phone? You only do it via another device? cause if you do it via the phone, then you do want/need backups/syncing.
Those go directly elsewhere as well. Exchange, iCloud, etc.