[Please Read] Be careful

[Friv]

[I didn't know which section this really belongs in so i put it here]

As you might already know, some asshole(s?) have hacked Blaze's youtube channel and removed everything.

Well, today, another musician was attacked. TheElspongie's youtube channel was hacked, all of his videos taken down, and his channel defaced.

This is a reminder to make sure your accounts are safe and be careful of people asking for any of your information, even just your email, because you don't want to lose all of your subscribers, your views, or even your money.

-Ryan

*Edit: Read Navybrony's post below for tips on keeping your password secure*

[soup2504]

[I didn't know which section this really belongs in so i put it here]

As you might already know, some asshole(s?) have hacked Blaze's youtube channel and removed everything.

Well, today, another musician was attacked. TheElspongie's youtube channel was hacked, all of his videos taken down, and his channel defaced.

This is a reminder to make sure your accounts are safe and be careful of people asking for any of your information, because you don't want to lose all of your subscribers, your views, or even your money.

-Ryan

OH HEY! YOU HAVE THE SAME NAME AS ME!(I'm an idiot...)

[soultensionbenjamin]

Shit Just got Real

[Navron]

The only way I can see somebody's YT channel being hacked is:

- An incredibly easy to guess password.
- A keylogger.
- A password that's easy enough for its hash to be decrypted.
- Giving the login out and/or staying logged into a public computer.

If you keep your computer up to date on security updates and virus definition files for your AV program, in addition to performing regular scans, then the chances of a keylogger being installed are very slim.

Any password that's a word can be easily cracked via a dictionary attack. Small combinations of words and numbers can be cracked via a brute force attack.

From that point onwards, the time it takes to crack a password, and the decryption method used, is exponential the more complicated it is.

Military requirements for passwords include:
- 14 characters minimum.
- At least 2 uppercase letters.
- At least 2 lowercase letters.
- At least 2 numbers.
- At least 2 special characters (!@#$%^)

The only way the above type of password could be defeated, is by a keylogger, but, as said above, you can protect yourself from those.

[LFP]

I hack people on my free time but doing something like deleting all of the persons YouTube videos is just mean.

As navybrony said be careful when accepting files as they may contain a key logger.
Another thing you can do is to not use a word as your password as most modern bruteforce checks dictionaries and enters the words (with and without a number after it) from it before initiating the full bruteforce.
With a good graphics card it takes about a minute to BF the standard password, use numbers aswell as capitals and different language letters such as ñ ¿ ¡ (spanish) combinded with letters from another country ex: ö (swedish) in your password to keep it 'more' secure.

[Kagetori]

[I didn't know which section this really belongs in so i put it here]

As you might already know, some asshole(s?) have hacked Blaze's youtube channel and removed everything.

Well, today, another musician was attacked. TheElspongie's youtube channel was hacked, all of his videos taken down, and his channel defaced.

This is a reminder to make sure your accounts are safe and be careful of people asking for any of your information, even just your email, because you don't want to lose all of your subscribers, your views, or even your money.

-Ryan

*Edit: Read Navybrony's post below for tips on keeping your password secure*

If I still had anything worth losing on the internet, I'd totally tempt this lil' "hacker" to do it to me XD
Reminds me of good timez.

[Navron]

I tried to brute force my own password once.

Estimated time: 20yrs, 3mos.

[Artimeus]

Military requirements for passwords include:
- 14 characters minimum.
- At least 2 uppercase letters.
- At least 2 lowercase letters.
- At least 2 numbers.
- At least 2 special characters (!@#$%^)

UGH.

I can't count how times I've forgotten passwords for the multitude of systems I use that have these DOD requirements. Granted, they're very secure, but when you're logging into 5 systems daily without CAC access, and you can't cross-domain passwords... I want to choke puppies and punch small children. XD

[Legion]

From that point onwards, the time it takes to crack a password, and the decryption method used, is exponential the more complicated it is.

Military requirements for passwords include:
- 14 characters minimum.
- At least 2 uppercase letters.
- At least 2 lowercase letters.
- At least 2 numbers.
- At least 2 special characters (!@#$%^)

You just described almost every one of my passwords. Looks like I'm all set.

But seriously, I feel terrible for those guys. It sucks, that's all there is to say.

[Navron]

Military requirements for passwords include:
- 14 characters minimum.
- At least 2 uppercase letters.
- At least 2 lowercase letters.
- At least 2 numbers.
- At least 2 special characters (!@#$%^)

UGH.

I can't count how times I've forgotten passwords for the multitude of systems I use that have these DOD requirements. Granted, they're very secure, but when you're logging into 5 systems daily without CAC access, and you can't cross-domain passwords... I want to choke puppies and punch small children. XD

Haha, I know that feel bro. I know that feel.

Without giving away hints at my own password, I'd say create a system. One where you can flex down the line. Say...make something related to fruit, for example:

Apple12!Banana34#

Then, when it says you have to change your password after 10 days, you can move down the line of fruit.

Coconut12!Dates34#

That way you've got a system for remembering, without writing it down, or forgetting, and for each website, you could have a separate them. This one could be fruits, the next could be sports team names.

[icedog25]

Thanks for the warning. I'm not prominent enough in the community that I should be worrying too badly about this, but I've made my passwords more secure anyway. Better safe than sorry.

[Versilaryan]

A really easy way to make impossible to guess but easy to remember passwords is to use acronyms. Make a sentence, preferably one that has the website's title in it somewhere. It doesn't have to make sense; you just have to remember it.

I love MLR with a fiery passion, because I leave my window open Tuesday nights.

Oftentimes, I'll capitalize all the nouns to get more variety.

I love MLR with a fiery Passion, because I leave my Window open Tuesday Nights.

Turn it into an acronym.

IlMLRwafP,bIlmWoTN

Replace characters with symbols. Make sure you stay consistent with what replaces what.

1lMLRw@fP,b1lmW0TN

Bam. Easy to remember, looks like absolute gibberish. If you use the website's title in your sentence, you've got a different password to every website you visit without having to remember fifty million passwords.

[Kopachris]

What about passphrases? They're long, so they're (practically) impervious to brute force, they're impervious to dictionary attacks unless you pick a stupidly common phrase, and they're a whole lot easier to remember.

[Captain Ironhelm]

Thanks for the reminder!

[LunchBagMusic]

[Acsii]

xkcd comic

GOD DAMMIT I WAS JUST ABOUT TO POST THAT
But as the comic states this is actually true as there are that many words in any Latin language. And also numbers and symbols take up less bits so a computer can get through that bit in no time.

[natsukashi]

so do my substitues add or remove entropy for my 20+ symbol password? I don't get if it's the lenght that creates the entropy, or if it's simply that the substitutes somehow break the password and make it easier to crack. >_>

[R-Y-S-E]

I just make sure any words in my password are spelt wrong (not using numbers/symbols, just spelt wrong) =P

[prettiestPony]

so do my substitues add or remove entropy for my 20+ symbol password? I don't get if it's the lenght that creates the entropy, or if it's simply that the substitutes somehow break the password and make it easier to crack. >_>

Entropy in this context is a term used in communication theory to describe the complexity of a signal or piece of information. Basically, that ends up meaning how predictable it is, and consequently how compressible it is. The more predictable it is, the greater the compression possibility, and the lower the entropy. In practice, this often describes how close a string of characters comes to being completely random, because, of course, a completely random string is completely unpredictable. For cryptanalysis/cryptography, this translates into a measure of how difficult a password is to guess. In a password, you want high entropy because it makes it more difficult to crack.

To (finally) answer your question, substitutions add entropy (more or less), and length does too, but at a much higher rate. We're basically looking at the space of possibilities. Let me try a super simple example.

Let's suppose there're 100 English words that you can spell with two letters. (According this Scrabble link, there are about that many. Includes a bunch of weird things some people might not categorize as real "words", but oh well.) If the password cracker knows that your password is an English word that's two letters long, it will only take 100 guesses to figure it out. If you add in numbers for vowel substitutions (e.g. 1 for I, 3 for E, 0 for O, 4 for A), that increases the number of possibilities: instead of just "on, no, in, me" etc., we get "on, 0n, no, n0, in, 1n, me, m3". For each word with a vowel that can be replaced, that adds an extra possibility. So let's say that 90 of those 100 words have replaceable vowels (I'm not going to go check to see how many there actually are ). That means the password cracker now has 90 more possible words to check, for a total of 190 possibilities.

Hey, that's a pretty good improvement. But let's compare it to the number of possible three letter words. According to this other Scrabble link, there are about 1000 three letter words. So let's compare the difference: if we stick with two letters and add vowel substitutions, we get about twice as many possibilities. If we ignore vowel substitutions, but add on another letter, we get about ten times as many possibilities. The difference between these numbers will continue to grow (literally exponentially) as the number of characters in a password increases.

So here's the TL;DR: substitutions are better than not using substitutions; however, adding length is usually a much better strategy.

[natsukashi]

Okay! I'm now illuminated, thank you!