How secure is your Woot password?
Since the site redesign you don't need to re-enter the CVV code for your credit card when ordering, just your password. So how secure is your Woot password. Think it is pretty good? Now go read this:
http://arstechnica.com/security/2012/08/passwords-under-assault/
Now answer it again. I sincerely hope that Woot keeps our stuff hashed, salted, encrypted, and behind the best security possible. But, since the change, I certainly made mine much, much harder (totally random, no cuteness). Have you done the same? Or are you still using monkey123?
You are not supposed to type out your password like that...you are supposed to type xxxxxx!
Seriously though, I do need to do a major overhaul on the passwords, all of them. I have not changed mine recently and I am due. I am not looking forward to the adventure but I do have it on my todo list.
I thought passwords were •••••••••. Have I been typing in the wrong thing all along?
@pattiq: I, for the most part, use LastPass to keep them all straight. I pay the money for the Pro version that has mobile apps. Even then, it is kind of a pain, in that I try and use the maximum password length allowed in highly important sites. So, good luck trying to enter 20 totally random alphanumeric characters without an error. So, I really need to have access to the account directly via the plug in.
Password123
So it's somewhat secure.
Well, I am completely screwed when Anonymous hacks Woot.
My password is secure. I will have to request a new one whenever I am logged out.
Mine's secure, it's password with a capital 2. Nobody will figure that out.
No else here uses: Woot! as their password?
But seriously, even if the password were stolen credit cards have zero liability for fraudulent purchases (Paypal does as well) so I'm not that worried.
@iggz: Way better then mine:
password1 = Instantly where
password123 = a year,
Woot! = 0.3375312767 seconds
per http://howsecureismypassword.net/
or everyone could post their passwords here and I can tell you how long it takes to crack them.
Dude! Not cool! Not cool at all!
First, you frakking hack my password! How the heck did you figure out that it was monkey123?!!
Then, on top of that, you go and post it here for everyone to see!
What the frak is wrong with you?!!
Do you know how many sites I use monkey123 on?!! It is gonna take me hours to change it everywhere!
Oh.
/delete last post
@caffeine_dude: I always thought that website was funny... "everyone come here! type your password for everything!"
@caffeine_dude: It would take a desktop PC about 6 thousand years to crack my password.
After that long, I won't care.
@caffeine_dude: I tested some of my passwords. Less than a day, 39 days, 6 years...one was 633 decillion years. Oddly enough, that's the easiest one to remember.
I winder what the hackers will buy for me?
Ugh, thanks to this stupid post I went and updated my password. Now I'll have to remember a new word after all these years. Grumble, grumble...
Same password as I use for my luggage - 123456
You mean 'BOC123' might not be a good password for Woot! ?
my password is a sentence that makes no sense.
I will just leave this here:
@miquinn: I agree.
@xdavex: I wonder if in accounts for moore's law.
I hope you have seen this, if not: http://xkcd.com/936/ edit @j5: posted it already.
@morriea: I am sure you are getting a boc
@panthiest: a sentence that makes no sense = 312 nonillion years
@thumperchick: BOC123 = 0.544195584 seconds
@mml666: 123456 = Instantly
@theghostofsnapsterpast: monkey123 = 7 hours
@j5:
Yes, but...
Those calculations assume that the individual attempting to crack your password is just going to use brute force guessing. In this case really the length is all that matters. RTFA. They aren't doing that anymore.
Large collections of passwords have been leaked, and the bad guys today are, sadly, smarter than before. They studied them. So, what they have discovered is that people are doing cute things like: since I'm a leet dude, I'll just change to leetspeak, and be l337d00d. So, among the dictionary attacks they add words with common substitutions. Another very common password is a proper name followed by a recent year. So, if one uses the first name of their first sexual experience followed by the year (i.e. Gertrude1983, or maybe Gertrude1983!! cause it was good) that is likewise easly broken. I used to think I was being cute using keyboard patterns. Nope, all those are amonst the first guessed.
@wilfbrim: The XKCD article is still accurate. A collection of randomly chosen words is significantly more secure than l337 sp34k encoding. Especially now with educated guessing algorithms.
Passwords don't work anymore. Security companies still put out articles about "better passwords" so that companies can due there "due diligence" if sued and to make people "feel" safe.
http://www.wired.com/gadgetlab/2012/11/ff-mat-honan-password-hacker/all/
I'm not concerned. My CC has my back.
Stats
- Asked
- Asked By
- wilfbrim
- Answered
- 26 times
- Viewed
- 861 times
- Voted Against
- 1 time
- Voted For
- 43 times
26 Answers answer
Sort By: