Jaimeh wrote: »

Shewolf075 wrote: »

Reminds me of that other competition, #10MILLIONSTORIES whoever won this one had a chance to become a character in the game https://www.elderscrollsonline.com/en-us/news/post/26235?Enter-the-

Did that actually come to fruition? I've seen another thread asking about it, but we never got official word as far as I remember...

Not that I know of.

Just remember you can't use "Beefstew" as a password ...

It's not stroganoff

@ArchMikem Unfortunately, your new password of "MilkyTea" isn't any good, either. It's too weak.

If you read the fine print of the million dollar prize the money was to be paid by installments not a lump sum 😞

barney2525 wrote: »

Seriously? In a day how many times do you use the 'common' words Spaceship and Turkey in the same sentence?

"Common," in the sense that these are officially recognized as part of the language, and your spellchecker won't flake out when presented with them. "Verisimilitude," "simulcacrum," and "ambulatory," are all common words, but even money if you can define those off the top of your head.

barney2525 wrote: »

Your analysis is based on the fact that you know the example password.

No, it's based on the hacker's ability to predict the password, based on behavior patterns that are common to many users.

barney2525 wrote: »

A Hacker does Not know the example password.

Correct. The purpose of this exercise is to examine how easy it will be to determine the password via tool assistance. At this point, being unfamiliar with cracking techniques puts you at a significant disadvantage in this conversation.

barney2525 wrote: »

He does Not know the person will even Use a punctuation mark at the end.

In the strictest sense, this is correct. However, this is extremely common behavior. Someone needs a password, they try, "swordfish," or, "12345" and find that the system doesn't accept that so the slap a couple punctuation marks on the end and call it a day.

Someone trying to crack the password doesn't need to know exactly what someone did, simply be able to predict what they're likely to do, and code their tools accordingly.

barney2525 wrote: »

He has a choice of several million common words, of which he has to select the specific 2 that go together, which he also Does Not know if the person used 2 real words.

Slightly under a quarter million, not two.

Dictionary attacks involve the use of a tool which guesses words in sequence. In this case, a dictionary attack with a brief ASCII brute force of five characters on the suffix will crack that password. (Also the space, but testing for dashes between words in a dictionary attack is pretty trivial.)

barney2525 wrote: »

Someone could just use easy to remember ArfffFF_BrrS?

That type of password will be extremely safe.

From a dictionary attack, sure. However, from a brute force attack, that only has 12 characters, only one of which isn't a standard alphanumeric, and it's still one of the highest frequency ASCII punctuations, because it's on your keyboard.

So, no, that's an incredibly insecure password. Again, the person hacking your account doesn't know what your password is, beyond the rules you had to follow in setting it up. This means they will likely start with a dictoinary attack, and then transition to brute force if that doesn't get the results their looking for.

There was a 1 million dollar competition paid over a couple of years and yeah some casual won it, no idea what he is doing now

They didn't eXist? Who by that many crowns

barney2525 wrote: »

Jayman1000 wrote: »

yodased wrote: »

Jayman1000 wrote: »

Mettaricana wrote: »

Id probly stay quiet or they'd try to steal my account...

It's impossible to steal an account if you just create a good password. Like wH35u7yfg0Wrk or something similar (don't actually use that one I just wrote here for obvious reasons ).

Such a random password is impossible to guess; your account will be completely safe and you will not have to fear theft at all, ever.

This is actually bad advice because that password is too random and difficult to remember. The best passwords are two random non sequitor words, seperated by a dash or underscore with numbers and a special character.

Spaceship_Turkey29! For example, its impossible to brute force, easy to remember and does not require compromising confidentiality by writing it down somewhere.

Spaceship_Turkey29! is not very safe. Ending with a ! would be a common thing to do so you can bet the hackers are trying such things first. The same with making the first letter of each word capitalized and using two common words like spaceship and turkey and seperating with underscore. Even adding that two digit number is a common thing to do. That password would probably range somewhere between weak to fair on the password scale.

Imo it's always a good idea to write down your passwords in a safe location if you should forget it and my post was made with this in mind, but I did not type that out, and I should have for clarity. Of course this requires you to understand how to store passwords in a safe location and the average non-tech savvy person are perhaps not skilled enough(?) or may never be able to understand properly(?); I realize that now.

If we could do a compromise of sorts I would say create from imagination four gibberish words and put them together, then add a number after one word. For example: KaptukHolif9TunGH. I would easily enough be able to memorize this and there would not really be anything common here for the hackers to assume a guess on. So while much less safe than my first suggestion, it is still immensely safe AND can easily be memorized.

Seriously? In a day how many times do you use the 'common' words Spaceship and Turkey in the same sentence?

Your analysis is based on the fact that you know the example password. A Hacker does Not know the example password. He does Not know the person will even Use a punctuation mark at the end. He has a choice of several million common words, of which he has to select the specific 2 that go together, which he also Does Not know if the person used 2 real words. Someone could just use easy to remember ArfffFF_BrrS?

That type of password will be extremely safe.

I feel like im going to repeat myself because I already spelled out the points that counter your criticisms in the very post you reply to here, but here goes.

Whether you use it in a sentence or not is not the point, although actually meaningful sentences would be catastrophic in a password, instead of "just" being weak like using Spaceship and Turkey in a password. Consider that spaceship and turkey are fairly common words which is a problem. Hacker will prioritize more common words and yes he also has to guess to capitalize them, but again that's a common thing, and adding a two digit number that is also a fairly common thing to do, as is the exclamation mark in the end. Separating the words with an underscore is indeed also pretty common. Hackers will use tools that can be programmed to prioritize guessing at such obvious common combinations. If you are going to use actually common words in your password you should probably use at least four words and then mix things up in unpredictable ways. Here's an example:

JUICE67! talkGun_FlasH

In contrast the following would be much much less safe because the the construction is fairly common (just like Spaceship_Turkey29! is, but at least here we use four words which makes it much safer just for that reason):

Juice_Talk_Gun_Flash67!

Making up own words is just as easy to remember though, and much safer because hacker will have no common words to assume from:

Qlip52KregfoMak_Tjip

I don't see how ArfffFF_BrrS is particularly easy to remember, there is no made up words here, just a string of letters, so there goes your advantage of ease to remember; might as well make it longer and totally random then. Repeating the same characters is usually also a bad idea anyway.

But you know the best compromise between extremely high safety and ease of use is to keep a different password for each service, make it completely random (for example uWe6Hg5as9jecBh, and save it in an safe password storage, then copy paste into your services if they allow it (most do), just remember to copy something else after so that your password is not kept in clipboard. If it's a browser service you can find programs that can also auto input the password in login fields.

Additionally if we are talking very important services like your bank, paypal and such you should consider adding a two factor authentication method, this will make it incredibly and extraordinarily safe. Many of such services have a convenient app that you can easily look up the one-time temporary code when logging in. ESO does this in a way when you try to login from a new device, sometimes it can just be reinstalling your graphics cards (I have had that happen multiple times), then ZOS will send you a mail with a one time authentication code. That therefore makes eso login service quite safe because it is very unlikely that a hacker would spoof the already authenticated device you are using. They would have to also know and hack your mail address as well and intercept the mail from zos and use the code before you do and before you can take action to change password.