hahahanoobs
Posts: 5,618 +3,395
How do they have my account with just a password? Did you read the article in full?
A record 10 billion passwords were just posted to a popular hacking forum
- Thread starter Skye Jacobs
- Start date
If you had bothered to read the comments (or done even the simplest of research)... you'd know that MANY password lists come with usernames as well... not to mention that there are plenty of individual dumps with usernames (and they're far easier to guess than passwords anyways).
Even the lousiest hacker can simply load a username and pw file into any program and simply wait a few minutes for results to come... then they can reuse the successful ones on future websites...
hahahanoobs
Posts: 5,618 +3,395
This one didn't.
Focus on the article, not the comments.
'A record 10 billion PASSWORDS were just posted to a popular hacking forum'
Last edited:
EchoWhiskey
Posts: 25 +22
"A record 10 billion passwords..."
Is this really a problem?
I mean, a brute force attack can probably generate more passwords in a second
(Not sure about the second, but what I mean is: very fast)
So having them in a ready list or generating them on the fly, is imho the same.
(provided of course, that those 10 billion passwords are not attached to usernames....)
Is this really a problem?
I mean, a brute force attack can probably generate more passwords in a second
(Not sure about the second, but what I mean is: very fast)
So having them in a ready list or generating them on the fly, is imho the same.
(provided of course, that those 10 billion passwords are not attached to usernames....)
Brute force generates RANDOM passwords that aren’t necessarily REAL passwords… using a list means that every single one is a real password - making the odds FAR more likely that you will get someone’s account.
This one didn’t… that’s like saying “my car is safe” when 1000 cars in your neighborhood are stolen but yours is not…
There are TONS of lists on the dark web… just because this specific list doesn’t have your info doesn’t mean you are safe.
hahahanoobs
Posts: 5,618 +3,395
As safe as MFA...
Even when MFA is allowed and used, it can be hacked, sometimes just as easily as single-factor authentication solutions. MFA is good, but don't look at it as the holy grail of security assurance.
Once again proving you don't actually read... I suggest you go back and READ my comments...
NOTHING is safe... EVERYTHING can be hacked... but your best bet is 2FA as at least it requires a hacker to specifically target your account.
Most hackers, however, tend to go for the lowest common denominator, and simply use dictionary attacks - using lists like the one mentioned in the article we are commenting on.
So, as the lists publicized are only a fraction of the lists actually available to hackers (and more get released every week), the complexity of your password is largely irrelevant (provided you didn't use "password" or "123456" in which case, you are just begging to be hacked), as it will eventually find its way onto one of those lists.
The same goes for usernames - most tend to be email addresses, of which numerous lists also exist... so maybe stop to think for a second before inanely commenting on here about how safe you are?
A password manager provides a convenient target for a hacker. Been in IT Security function for 40 years, so maybe the game has changed some. I doubt it. So ... having a constant password methodology is much safer than using a password manager. Passwords are a hindrance where you have no risk. But where your money is concerned, absolutely necessary. Make your password in 3 stages: root, site, diff. Root is always the same, and complex enough to work for most sites, even if you don't want to use one. Upper, lower, number, special chars.
hahahanoobs
Posts: 5,618 +3,395
And you aren't reading my comments. You're generalizing security and making inaccurate accusations instead of focusing on the details of if the article and what I've said about them.
hahahanoobs
Posts: 5,618 +3,395
They aren't. And these passwords have been collected since 2021 with the recent breach accounting for 1.8 billion passwords of the 10 billion.
The least someone could do if they were worried would be to change passwords to important accounts, but the best practice remains to use a password manager and use it to generate strong and unique passwords changing them every few years.
No - that doesn’t protect you from database leaks - changing you password often does help a bit - but is quite inconvenient…
Nothing is perfect, but 2FA is your best bet.
I am - and am giving you answers you aren’t comprehending.
hahahanoobs
Posts: 5,618 +3,395
2FA can and has been hacked.
Also makes getting into accounts without your phone a hassle and best avoided for the masses.
If everyone just used better passwords and stopped clicking on fishy links, we wouldn't even be taking about MFA...
Again… READ!!
Complex passwords won’t help you against DB leaks… MFA can be hacked yes… but it’s FAR harder to do!
hahahanoobs
Posts: 5,618 +3,395
Again with the inaccurate accusations.
This is a password leak...
Darkmatter
Posts: 47 +15
So, since they're mentioned in the article and nobody has asked yet, can I assume that using these password check sites are safe? Assuming someone isn't reading packets going to those sites, and assuming they aren't encrypted.
Oh, ironically, my 4 oldest passwords don't come up on Firefox as being breached, but my last newest, most secure password has been breached. 2FA is annoying, but sadly...
What would you say is the most secure PW manager? I had to change a huge number of sites PWs last time, and may have to again. I use Firefox, but also some VPN's have PW managers, although I'm not sure if mine does or not.
Oh, ironically, my 4 oldest passwords don't come up on Firefox as being breached, but my last newest, most secure password has been breached. 2FA is annoying, but sadly...
What would you say is the most secure PW manager? I had to change a huge number of sites PWs last time, and may have to again. I use Firefox, but also some VPN's have PW managers, although I'm not sure if mine does or not.
THIS is… and if your password leaks, why would it matter how complicated it is?
You do understand basic logic, right?
hahahanoobs
Posts: 5,618 +3,395
In this case it doesn't since a password on its own is useless. I've said this since the beginning.
A strong and unique password is just good practice in general, and would avoid a lot of problems...
And I’ve said it DOES as there are ALSO username lists out there… not to mention it’s pretty easy to get someone’s username..
That’s definitely true but…. It doesn’t avoid the problem of a leaked password list…
Endymio
Posts: 3,599 +3,492
Jesus, this isn't rocket science. You're doubly wrong, for not only do these "password" lists typically include paired credentials along with the password itself, but even when they don't, a raw password is still far from "useless". This list of 10B passwords is an infinitesimal fraction of the universe of possible complex passwords. If your 32-char complex password is -- by itself, without any other credentials -- leaked, it becomes some 45 orders of magnitude easier to crack. It takes the problem time from "longer than the universe's lifespan" down to "a few minutes on a cheap PC."
He's right; you're wrong. Give it a rest.
hahahanoobs
Posts: 5,618 +3,395
Just passwords....
Similar threads
- Locked
Latest posts
-
Dell Alienware AW3425DW 34" 240Hz Review- Scorpus replied
-
Thieves cut fiber lines in failed copper theft, causing Spectrum outage- Captain Trips replied
