FabSwingers.com mobile

Join us FREE, we're FREE to use

Web's largest swingers site since 2006.

Already registered?
Login here

Back to forum list
Back to The Lounge

Passwords

Jump to newest
 

By (user no longer on site) OP   
over a year ago

Following from a previous thread, thought I would remind people about password safety.

Passwords used to be guessed, literally, and a more complicated password makes it harder to guess. This is easily demonstrated as follows. Imagine your password has to be a combination of upper case, lowercase, numbers and special characters (!@£$ etc).

1) A password that is 1 character long is a 1 in 82 chance to guess

2) A password that is 2 characters long is a 1 in 6724 chance to guess...

3) A password that is 8 characters long is a 1 in 2044140858654976!

Seems like a lot, but a computer can guess that 8 character password in about 8 hours. But the thing is, they already guessed it, and stored those guesses in a massive file. And so now, instead of guessing your password, they steal all the passwords in their encrypted format by hacking your apps and websites, and just look it up against a pre-cracked list. Takes seconds, if they can get hold of your encrypted password. And password breaches happen all the time.

Case in point: My Fitness Pal

Date: February 2018

Impact: 150 million user accounts

In February 2018, diet and exercise app MyFitnessPal (owned by Under Armour) exposed around 150 million unique email addresses, IP addresses and login credentials such as usernames and passwords stored as SHA-1 and bcrypt hashes. The following year, the data appeared for sale on the dark web and more broadly.

The bad news: I bet you already have had your password breached by someone. Go check, if you are on iPhone, go into SettingsPasswordsSecurity RecommendationsDetect compromised passwords. Yeah, Apple buy these lists too, and use them to inform you you are on them. Be horrified how many places have lost your data. On my list, Google, my daughters school, Cineworld....

The good news: When they have 150million accounts to look at, they will basically use other pre-prepared lists of people of influence, rich people, famous people, important people...and you will probably get overlooked..hopefully.

What you can do:

Well, creating, and storing these frankly mind boggling enormous lists of password cracks is expensive, and the longer your password is, the harder it is for someone to crack it in advance and the more data they need to pay Amazon or Microsoft to store it. So just make them so long that they can't afford to do it (yet). But long passwords are hard to remember, so you're stuck between a rock and a hard place, right?

Wrong, because the game has changed from guessing, to stealing it and comparing it, the ONLY thing that matters is length (phnarr)

Th1$is4HARDp4$$w)rd - seems great, and it is very hard to crack, and sufficiently long that not many criminal gangs can pay for the compute and storage to hold it, but you know what's better?

MargaretThatcheris100%sexy - it's slightly longer, and so easy to remember you will never need to write it down. Plus it's approximately 6723 times harder to crack than the one above...

a list of 9 character long passwords increase the 8 hours to 3 weeks. Up to 10 characters and its 5 years. 11 characters, 400 years.... Remember these times come down every week, but if you are using a 15 character password, that's currently 15billion years of computer to guess them all....

TLDR:

Use LONG passwords of at LEAST 12 characters that are EASY to remember, forget about complex character substitution.

Never re-use them

Reply privatelyReply in forumReply +quote
 

By (user no longer on site)
over a year ago

What's your password OP?

Reply privatelyReply in forumReply +quote
 

By (user no longer on site) OP   
over a year ago


"What's your password OP? "

All Uppercase no spaces

Reply privatelyReply in forumReply +quote
 

By (user no longer on site)
over a year ago


"Following from a previous thread, thought I would remind people about password safety.

Passwords used to be guessed, literally, and a more complicated password makes it harder to guess. This is easily demonstrated as follows. Imagine your password has to be a combination of upper case, lowercase, numbers and special characters (!@£$ etc).

1) A password that is 1 character long is a 1 in 82 chance to guess

2) A password that is 2 characters long is a 1 in 6724 chance to guess...

3) A password that is 8 characters long is a 1 in 2044140858654976!

Seems like a lot, but a computer can guess that 8 character password in about 8 hours. But the thing is, they already guessed it, and stored those guesses in a massive file. And so now, instead of guessing your password, they steal all the passwords in their encrypted format by hacking your apps and websites, and just look it up against a pre-cracked list. Takes seconds, if they can get hold of your encrypted password. And password breaches happen all the time.

Case in point: My Fitness Pal

Date: February 2018

Impact: 150 million user accounts

In February 2018, diet and exercise app MyFitnessPal (owned by Under Armour) exposed around 150 million unique email addresses, IP addresses and login credentials such as usernames and passwords stored as SHA-1 and bcrypt hashes. The following year, the data appeared for sale on the dark web and more broadly.

The bad news: I bet you already have had your password breached by someone. Go check, if you are on iPhone, go into SettingsPasswordsSecurity RecommendationsDetect compromised passwords. Yeah, Apple buy these lists too, and use them to inform you you are on them. Be horrified how many places have lost your data. On my list, Google, my daughters school, Cineworld....

The good news: When they have 150million accounts to look at, they will basically use other pre-prepared lists of people of influence, rich people, famous people, important people...and you will probably get overlooked..hopefully.

What you can do:

Well, creating, and storing these frankly mind boggling enormous lists of password cracks is expensive, and the longer your password is, the harder it is for someone to crack it in advance and the more data they need to pay Amazon or Microsoft to store it. So just make them so long that they can't afford to do it (yet). But long passwords are hard to remember, so you're stuck between a rock and a hard place, right?

Wrong, because the game has changed from guessing, to stealing it and comparing it, the ONLY thing that matters is length (phnarr)

Th1$is4HARDp4$$w)rd - seems great, and it is very hard to crack, and sufficiently long that not many criminal gangs can pay for the compute and storage to hold it, but you know what's better?

MargaretThatcheris100%sexy - it's slightly longer, and so easy to remember you will never need to write it down. Plus it's approximately 6723 times harder to crack than the one above...

a list of 9 character long passwords increase the 8 hours to 3 weeks. Up to 10 characters and its 5 years. 11 characters, 400 years.... Remember these times come down every week, but if you are using a 15 character password, that's currently 15billion years of computer to guess them all....

TLDR:

Use LONG passwords of at LEAST 12 characters that are EASY to remember, forget about complex character substitution.

Never re-use them"

Good tips

Reply privatelyReply in forumReply +quote
 

By (user no longer on site) OP   
over a year ago

I'm gonna expand on this a little :

TLDR:

*Use LONG passwords of at LEAST 12 characters that are EASY to remember, forget about complex character substitution.

*If you have to use so many numbers and special characters, frankly there is nothing wrong with using them all at the end and re-using that bit, for example:

- Mycatisanarsehole£99! - use for the vets maybe

- Thisappsucksass£99! - that crappy app you have to use at work

- Ihategettingwinks£99! - your FAB password maybe

all perfectly good, safe, and rememberable, and also linked to what the password is for but in a way that only makes sense to you.

*Get forced to change them a lot? Just add the month you last changed it at the end as even more characters

- Thisappsucksass£99!Feb

*Never re-use them

*Go check you exiting ones, and change any that are repeats, too short, or so hard to remember you wrote them down...

Reply privatelyReply in forumReply +quote
 

By *agerMorganMan
over a year ago

Canvey Island

Passphrase is better than a password in a million and one different ways.

Reply privatelyReply in forumReply +quote
 

By (user no longer on site)
over a year ago

Shit I best stop using Password12345 then

Reply privatelyReply in forumReply +quote
 

By (user no longer on site)
over a year ago

Interesting!

Reply privatelyReply in forumReply +quote
 

By *lynJMan
over a year ago

Morden

Where possible, use a two factor authentication. Eg a text sent to your phone with a one time code you have to enter to verify you're trying to log in.

Reply privatelyReply in forumReply +quote
 

By (user no longer on site)
over a year ago

My password is

FourNumbersFifteenLettersSixEmojis

Reply privatelyReply in forumReply +quote
 

By *otMe66Man
over a year ago

Terra Firma

All good advice

What are your thoughts on suggested passwords though service such as Google and Apple? I use these, do I have good protection, I think I do as they are all different, long, random and I don't need to remember them.

It would be good to know if i have too much confidence in those password services

Reply privatelyReply in forumReply +quote
 

By (user no longer on site)
over a year ago

So using password as a password is a no go? Noted

Reply privatelyReply in forumReply +quote
 

By *LiamMan
over a year ago

Midlands

If anyone wants to go on my account the password is, big1Liam

Reply privatelyReply in forumReply +quote
 

By (user no longer on site) OP   
over a year ago


"Where possible, use a two factor authentication. Eg a text sent to your phone with a one time code you have to enter to verify you're trying to log in."

If you have this option, please do use it. Sometimes it's optional to setup, but it's a further layer whereby even if you do have your password compromised, you are still safe unless they have specifically targeted you and have knobbled where the 2nd factor is sent to...

Reply privatelyReply in forumReply +quote
 

By (user no longer on site) OP   
over a year ago


"All good advice

What are your thoughts on suggested passwords though service such as Google and Apple? I use these, do I have good protection, I think I do as they are all different, long, random and I don't need to remember them.

It would be good to know if i have too much confidence in those password services "

Personally, I use these for burner sites where I don't expect to want to log in regularly or again for speed. They suggest very good passwords on the whole, but suffer from the "can't remember what it is" factor, so if you lose your phone, maybe you just lost your passwords to everything... Even your password manager needs a password... And often they are hidden behind thumbprint or facial recognition so you rarely use them. Need to set them up on a new phone? Hope you remember what the password was 2 years ago when you last actually typed it...

Reply privatelyReply in forumReply +quote
 

By *ryandseeMan
over a year ago

Yorkshire

[Removed by poster at 22/03/22 15:00:48]

Reply privatelyReply in forumReply +quote
 

By *ryandseeMan
over a year ago

Yorkshire

Although I do everything you have mentioned, this is a good thread and thanks for the thread and all the advice you shared. It's so important to be careful these days. I am sure lots of people will appreciate.

Reply privatelyReply in forumReply +quote
 

By *otMe66Man
over a year ago

Terra Firma


"All good advice

What are your thoughts on suggested passwords though service such as Google and Apple? I use these, do I have good protection, I think I do as they are all different, long, random and I don't need to remember them.

It would be good to know if i have too much confidence in those password services

Personally, I use these for burner sites where I don't expect to want to log in regularly or again for speed. They suggest very good passwords on the whole, but suffer from the "can't remember what it is" factor, so if you lose your phone, maybe you just lost your passwords to everything... Even your password manager needs a password... And often they are hidden behind thumbprint or facial recognition so you rarely use them. Need to set them up on a new phone? Hope you remember what the password was 2 years ago when you last actually typed it..."

Reply privatelyReply in forumReply +quote
 

By (user no longer on site)
over a year ago


"All good advice

What are your thoughts on suggested passwords though service such as Google and Apple? I use these, do I have good protection, I think I do as they are all different, long, random and I don't need to remember them.

It would be good to know if i have too much confidence in those password services

Personally, I use these for burner sites where I don't expect to want to log in regularly or again for speed. They suggest very good passwords on the whole, but suffer from the "can't remember what it is" factor, so if you lose your phone, maybe you just lost your passwords to everything... Even your password manager needs a password... And often they are hidden behind thumbprint or facial recognition so you rarely use them. Need to set them up on a new phone? Hope you remember what the password was 2 years ago when you last actually typed it..."

Are password managers any good?

Reply privatelyReply in forumReply +quote
 
 

By (user no longer on site)
over a year ago

I use a dedicated app that works across multiple platforms and can generate secure passwords. As long as I remember the password for that app (it's one long-ass once, but I use FaceID to unlock), all is good and the passwords are also encrypted. Works very well for me, but the only risk is, as Douglas Adams once said, a keyring is a very useful device that enables you to lose all your keys at once. Absent a blow to the head, one large enough to suffer memory loss and become sufficiently disfigured, all is good!

Reply privatelyReply in forumReply +quote
Post new Message to Thread
back to top