@nadnerB said in Random Thread - Anything Goes:
Win what? Both are terrible approaches to passwords.
@nadnerB said in Random Thread - Anything Goes:
Win what? Both are terrible approaches to passwords.
@dafyre said in Random Thread - Anything Goes:
@tonyshowoff said in Random Thread - Anything Goes:
@nadnerB said in Random Thread - Anything Goes:
Win what? Both are terrible approaches to passwords.
Free network pwnage with every Posty Boi.
Until I get the password file or SAM file (no, not that SAM) and then crack all those kick ass, secure 10 character passwords fairly fast and instead of just having access to the secretary's Office 365 account, I now have access to everything because people thought characters and numbers really made that much of a difference with entropy. On my networks I always enforce at least 15 character pass phrases. It used to be 12.
Something I'm sure most people here have seen but still applicable:
https://xkcd.com/936/
Saying a password is "complex" just means "more likely to be written down", it doesn't mean "secure." Length, especially with slightly mispelled words or replacing a letter with a number, in order to avoid compound dictionary attacks does a whole hell of a lot better. It's easier to remember: purplem0nkeedishwasher than it is to remember S!kl33S(I@ and it's immensely more secure. 10 character passwords are peanuts, no matter what characters they have in them, especially with GPU crackers. It's basically obsolete advice.
I think I posted this to SW or here a long time ago, or one from the series, but here you go: