The danger of the clause "FORGOT YOUR PASSWORD ?"
12 years 7 months ago #37898
by sose
sose
Network Engineer
analysethis.co/index.php/forum/index
The danger of the clause "FORGOT YOUR PASSWORD ?" was created by sose
The clause "FORGOT YOUR PASSWORD ?" below the LOGIN box is a double edge sword, because people close to you or by searching public archives can allow people access your account.
Caution!!! if you are asked in a form ' what is your favourite food , please your answer could be x+2x
Caution!!! if you are asked in a form ' what is your favourite food , please your answer could be x+2x
sose
Network Engineer
analysethis.co/index.php/forum/index
12 years 7 months ago #37899
by sose
sose
Network Engineer
analysethis.co/index.php/forum/index
Replied by sose on topic Re: The danger of the clause "FORGOT YOUR PASSWORD ?"
check out the case here involving wrong use of forgot your password
www.post-gazette.com/stories/ae/celebrit...cyber-crimes-628159/
sose
Network Engineer
analysethis.co/index.php/forum/index
12 years 7 months ago #37937
by TheBishop
Replied by TheBishop on topic Re: The danger of the clause "FORGOT YOUR PASSWORD ?"
The other side of the coin here is that if security people weren't so overzealous with their password requirements then we wouldn't need the 'Forgot my Password' box and our systems would therefore actually be more secure
12 years 6 months ago #37968
by sose
sose
Network Engineer
analysethis.co/index.php/forum/index
Replied by sose on topic Re: The danger of the clause "FORGOT YOUR PASSWORD ?"
It not about being over zealous, the password crackers find it easier to break passwords that don't meet requirement. follow a pattern when formulating your passwords- like an old music first characters in each word with some capitalisation or symbols, and you can always remember your password
sose
Network Engineer
analysethis.co/index.php/forum/index
12 years 6 months ago #37970
by sose
sose
Network Engineer
analysethis.co/index.php/forum/index
Replied by sose on topic Re: The danger of the clause "FORGOT YOUR PASSWORD ?"
It is not about being over zealous but the password crackers find it easier to break passwords that dont meet requirement. Just make sure you follow a pattern when formulating your passwords and you will always remember them.
sose
Network Engineer
analysethis.co/index.php/forum/index
12 years 6 months ago - 12 years 6 months ago #37972
by S0lo
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
Replied by S0lo on topic Re: The danger of the clause "FORGOT YOUR PASSWORD ?"
The thing here is that resetting the password through "FORGOT YOUR PASSWORD" feature should better be forwarded to the persons email through a link, to verify that he is the holder, NOT immediately on the webpage. Except for the case where he is reseting his own email, then it better be forwarded to another back up email, which in the case of the celebrities above didn't seam to happen.
Regarding password complexity. Long passwords (even if they are simple) are usually more effective than short passwords (even if they are complex). Lets take for example a six character password comprised of letters, numbers and signs, say Yu*e+5
When you see this password, one can say that it's fairly complex. It's not easy to guess it easily. But for a bruteforce attack to work on it, the cracker must search through all combinations of the characters a-z A-Z 0-9 ~!@#$%^&*()-={}|:"<>?[]\;',./
Thats 93 characters, say 100 (those are easily reachable in the keyboard, there are more offcourse). So the total number of combinations is 100 to power 6. Thats 1000000000000, one thousand billion trials max to find the password.
Now lets have another simple BUT longer password, an 8 character password but containing only letters (no numbers or signs), say OmiPoxma. Now that one is pronounceable and it might seam simpler than the Yu*e+5. But for a bruteforcer to break it, it has to try all possible combinations on a-z A-z. Total 54 characters, But thats done for 8 letters now. So total number of combinations is 54 to power 8, thats 72301961339136. Now, Compare these two numbers:
1000000000000 (one thousand billion trials)
72301961339136 (72 thousand billion trials)
By just adding 2 letters to the length of the password we have increased the difficulty 72 times more, ALTHOUGH we used LESS characters from the keyboard (nearly half).
Simply speaking, "lengthen your passwords"
Regarding password complexity. Long passwords (even if they are simple) are usually more effective than short passwords (even if they are complex). Lets take for example a six character password comprised of letters, numbers and signs, say Yu*e+5
When you see this password, one can say that it's fairly complex. It's not easy to guess it easily. But for a bruteforce attack to work on it, the cracker must search through all combinations of the characters a-z A-Z 0-9 ~!@#$%^&*()-={}|:"<>?[]\;',./
Thats 93 characters, say 100 (those are easily reachable in the keyboard, there are more offcourse). So the total number of combinations is 100 to power 6. Thats 1000000000000, one thousand billion trials max to find the password.
Now lets have another simple BUT longer password, an 8 character password but containing only letters (no numbers or signs), say OmiPoxma. Now that one is pronounceable and it might seam simpler than the Yu*e+5. But for a bruteforcer to break it, it has to try all possible combinations on a-z A-z. Total 54 characters, But thats done for 8 letters now. So total number of combinations is 54 to power 8, thats 72301961339136. Now, Compare these two numbers:
1000000000000 (one thousand billion trials)
72301961339136 (72 thousand billion trials)
By just adding 2 letters to the length of the password we have increased the difficulty 72 times more, ALTHOUGH we used LESS characters from the keyboard (nearly half).
Simply speaking, "lengthen your passwords"
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
Last edit: 12 years 6 months ago by S0lo.
The following user(s) said Thank You: Rockape
Time to create page: 0.137 seconds