Results 1 to 10 of 37

Hybrid View

  1. 09-13-2013 10:31 PM #1
    SIXTYONESIX
    Player
    SIXTYONESIX's Avatar
    Join Date
    Nov 2012
    Posts
    41
    Character
    Broseph Smith
    World
    Sargatanas
    Main Class
    Pugilist Lv 50
    Make your password longer than 8 characters and you don't need a token.

    ForgetThisPasswordNever
    IHateRMTWithAFieryPassion
    BillLikesToPickHisNose.

    Passwords like that have so much entropy that it would take thousands of years to crack, and they are much easier to remember than a random string of BS letters and digits. Don't get me wrong, a security token is a really good idea, but if you can't get one for some reason, this is the next best step.
    (1)
    Reply With Quote Reply With Quote
  2. 09-13-2013 10:51 PM #2
    KisaiTenshi
    Player
    KisaiTenshi's Avatar
    Join Date
    Sep 2013
    Location
    Gridania
    Posts
    2,776
    Character
    Kisa Kisa
    World
    Excalibur
    Main Class
    White Mage Lv 100
    Quote Originally Posted by SIXTYONESIX View Post
    Make your password longer than 8 characters and you don't need a token.

    ForgetThisPasswordNever
    IHateRMTWithAFieryPassion
    BillLikesToPickHisNose.

    Passwords like that have so much entropy that it would take thousands of years to crack, and they are much easier to remember than a random string of BS letters and digits. Don't get me wrong, a security token is a really good idea, but if you can't get one for some reason, this is the next best step.
    That's not how they do it. Lookup Rainbow tables. Many backends don't use a salted password hash, so all they have to do is "for each (rainbowtable) {cat stolenpasswords | grep (passwordhash)}" and they have a list of accounts to hack. No bruteforcing required.
    (0)
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »