Share this page:
Stay connected:
Welcome to the Citywire Money Forums, where members share investment ideas and discuss everything to do with their money.

You'll need to log in or set up an account to start new discussions or reply to existing ones. See you inside!

Notification

Icon
Error

here we go HL
Sara G
Posted: 11 June 2018 15:49:16(UTC)
#23

Joined: 07/05/2015(UTC)
Posts: 673

Thanks: 1252 times
Was thanked: 1290 time(s) in 469 post(s)
I use long and complex passwords (different for each account) and change them regularly - that way hopefully by the time it has been 'brute forced' I have changed it to something else.
Stephen B.
Posted: 11 June 2018 15:55:53(UTC)
#24

Joined: 26/09/2012(UTC)
Posts: 305

Thanks: 15 times
Was thanked: 227 time(s) in 132 post(s)
Unless you change them really frequently, e.g. every few days, it won't help much - if hackers do crack passwords they're likely to use them as quickly as possible before someone notices.
PaulSh
Posted: 11 June 2018 17:29:08(UTC)
#20

Joined: 02/12/2014(UTC)
Posts: 106

Thanks: 23 times
Was thanked: 147 time(s) in 81 post(s)
Stephen B.;63710 wrote:
...but still they can just plough through every possible password up to some length.

There are two separate scenarios here - one is an online breach attempt where someone is trying to gain access to your online account, and an offline one where someone has already stolen (or in the modern parlance, exfiltrated) a data file containing all of the password hashes.

In the first case, you would hope that accounts would be locked out after a relatively small number of failed attempts to gain access. In the second, though, it is pretty much down to the length and complexity of your password. As I said above, hopefully they are using salted hashes so a rainbow table attack can't be used, but even so, it's a question of password entropy. If you use actual words in your password then you had better use a lot of them.
Stephen B.
Posted: 11 June 2018 17:45:58(UTC)
#21

Joined: 26/09/2012(UTC)
Posts: 305

Thanks: 15 times
Was thanked: 227 time(s) in 132 post(s)
PaulSh;63718 wrote:
it's a question of password entropy. If you use actual words in your password then you had better use a lot of them.


That's my point, most of the entropy is in the length. Going from a lower-case letter to the full character set is a factor 4, adding an extra character is a factor 100. 15 characters is roughly 10^30 combinations - test a million combinations per second on each of a million computers and it would still take billions of years. 8 characters would take an hour.
2 PagesPrevious page12
+ Reply to discussion

Markets

Other markets