questionshow secure is your woot password?


You are not supposed to type out your password like are supposed to type xxxxxx!

Seriously though, I do need to do a major overhaul on the passwords, all of them. I have not changed mine recently and I am due. I am not looking forward to the adventure but I do have it on my todo list.


I thought passwords were •••••••••. Have I been typing in the wrong thing all along?



So it's somewhat secure.



Dude! Not cool! Not cool at all!

First, you frakking hack my password! How the heck did you figure out that it was monkey123?!!

Then, on top of that, you go and post it here for everyone to see!

What the frak is wrong with you?!!

Do you know how many sites I use monkey123 on?!! It is gonna take me hours to change it everywhere!


No else here uses: Woot! as their password?

But seriously, even if the password were stolen credit cards have zero liability for fraudulent purchases (Paypal does as well) so I'm not that worried.


I will just leave this here:

j5 j5

@pattiq: I, for the most part, use LastPass to keep them all straight. I pay the money for the Pro version that has mobile apps. Even then, it is kind of a pain, in that I try and use the maximum password length allowed in highly important sites. So, good luck trying to enter 20 totally random alphanumeric characters without an error. So, I really need to have access to the account directly via the plug in.


My password is secure. I will have to request a new one whenever I am logged out.


Mine's secure, it's password with a capital 2. Nobody will figure that out.


@iggz: Way better then mine:
password1 = Instantly where
password123 = a year,
Woot! = 0.3375312767 seconds
or everyone could post their passwords here and I can tell you how long it takes to crack them.


Well, I am completely screwed when Anonymous hacks Woot.


@caffeine_dude: I always thought that website was funny... "everyone come here! type your password for everything!"


Same password as I use for my luggage - 123456


@caffeine_dude: I tested some of my passwords. Less than a day, 39 days, 6 was 633 decillion years. Oddly enough, that's the easiest one to remember.


Ugh, thanks to this stupid post I went and updated my password. Now I'll have to remember a new word after all these years. Grumble, grumble...


@caffeine_dude: It would take a desktop PC about 6 thousand years to crack my password.
After that long, I won't care.


I winder what the hackers will buy for me?


You mean 'BOC123' might not be a good password for Woot! ?


@wilfbrim: The XKCD article is still accurate. A collection of randomly chosen words is significantly more secure than l337 sp34k encoding. Especially now with educated guessing algorithms.

j5 j5

my password is a sentence that makes no sense.


@miquinn: I agree.
@xdavex: I wonder if in accounts for moore's law.
I hope you have seen this, if not: edit @j5: posted it already.
@morriea: I am sure you are getting a boc
@panthiest: a sentence that makes no sense = 312 nonillion years
@thumperchick: BOC123 = 0.544195584 seconds
@mml666: 123456 = Instantly
@theghostofsnapsterpast: monkey123 = 7 hours


Yes, but...

Those calculations assume that the individual attempting to crack your password is just going to use brute force guessing. In this case really the length is all that matters. RTFA. They aren't doing that anymore.

Large collections of passwords have been leaked, and the bad guys today are, sadly, smarter than before. They studied them. So, what they have discovered is that people are doing cute things like: since I'm a leet dude, I'll just change to leetspeak, and be l337d00d. So, among the dictionary attacks they add words with common substitutions. Another very common password is a proper name followed by a recent year. So, if one uses the first name of their first sexual experience followed by the year (i.e. Gertrude1983, or maybe Gertrude1983!! cause it was good) that is likewise easly broken. I used to think I was being cute using keyboard patterns. Nope, all those are amonst the first guessed.


Passwords don't work anymore. Security companies still put out articles about "better passwords" so that companies can due there "due diligence" if sued and to make people "feel" safe.


I'm not concerned. My CC has my back.