Other Talk "Otterville" plus Religion/Politics

YEAT: My eBay account was hijacked!!!

Old 07-23-06, 12:16 PM
  #26  
DVD Talk Legend
 
Join Date: Jan 2000
Location: Region 1
Posts: 16,291
Originally Posted by Buford T Pusser


That's one of my passwords at work.
Awesome. Next step, find out your user ID.
zuffy is offline  
Old 07-23-06, 12:20 PM
  #27  
DVD Talk Legend
 
Join Date: Jan 2000
Location: Region 1
Posts: 16,291
Originally Posted by Bandoman
No one is that stupid.
Once in a while, I would ran a password cracking on the users' password. You would not believe the password people uses.
zuffy is offline  
Old 07-23-06, 02:29 PM
  #28  
DVD Talk Hero
 
Join Date: Jul 2000
Location: Madison, WI ("77 square miles surrounded by reality")
Posts: 29,984
Originally Posted by Bushdog
Were you retarded enough to make your password something like "Password"???
Originally Posted by Bandoman
No one is that stupid.
Allen Ludden probably couldn't resist. If he were alive.
movielib is online now  
Old 07-23-06, 04:11 PM
  #29  
DVD Talk Hall of Fame
 
Join Date: Jun 2001
Location: The Money Pit
Posts: 8,159
Originally Posted by Bandoman
No one is that stupid.
At a minimum someone should at least have 8 characters of both letter and numbers. Like figg21newton.
vaporware is offline  
Old 07-23-06, 04:17 PM
  #30  
DVD Talk Legend
 
Join Date: Jan 2000
Location: Region 1
Posts: 16,291
Originally Posted by waporvare
At a minimum someone should at least have 8 characters of both letter and numbers. Like figg21newton.
Password1!

I met the complexity requirement of uppercase, lowercase, numeric and symbol
zuffy is offline  
Old 07-23-06, 05:45 PM
  #31  
DVD Talk Hero
 
Join Date: Jun 2000
Location: Words
Posts: 28,207
Bando1Blows!

I heard that is a popular one.

-p
NotThatGuy is offline  
Old 07-23-06, 09:57 PM
  #32  
DVD Talk Hero
 
Join Date: Mar 2001
Location: Lighten up, Francis! (Funland)
Posts: 26,856
Originally Posted by zuffy
Awesome. Next step, find out your user ID.

and then get in the building.
Buford T Pusser is offline  
Old 07-24-06, 08:21 AM
  #33  
DVD Talk Godfather
 
Michael Corvin's Avatar
 
Join Date: May 1999
Location: Louisville, KY
Posts: 57,044
Originally Posted by Bushdog
Were you retarded enough to make your password something like "Password"???
No, but I hear this one is popular: 12345
Michael Corvin is offline  
Old 07-24-06, 10:00 AM
  #34  
DVD Talk Gold Edition
 
Join Date: Nov 2003
Location: currently Philly originally from Puerto Rico
Posts: 2,896
this just happened to me on sunday. some jackass hacked into my account and listed 20+ chanel bags. WTF? they didn't change any personal info nor email or anything. thankfully ebay stopped the madness quick.
BuddhaWake is offline  
Old 07-24-06, 12:03 PM
  #35  
DVD Talk Ultimate Edition
 
Join Date: Dec 1999
Location: Orlando, FL
Posts: 4,160
Originally Posted by Michael Corvin
No, but I hear this one is popular: 12345
That's amazing, I have the same combination on my luggage!
jdodd is offline  
Old 07-24-06, 11:54 PM
  #36  
Senior Member
 
Join Date: Aug 2003
Location: Buckeye State
Posts: 768
I got a notice today and had to change mine. I didn't notice anything strange.
dcswirl is offline  
Old 07-25-06, 08:20 AM
  #37  
DVD Talk Platinum Edition
 
Join Date: Jan 2002
Location: IL
Posts: 3,509
Regarding passwords, check out this nifty password evaluator on Microsoft's site:

http://www.microsoft.com/athome/secu...d_checker.mspx

Really handy for determining secure passwords for your sites and systems.
Morf is offline  
Old 07-25-06, 09:25 AM
  #38  
Needs to contact an admin about multiple accounts
 
Join Date: Jun 2000
Location: Los Angeles, CA
Posts: 2,830
Originally Posted by dcswirl
I got a notice today and had to change mine. I didn't notice anything strange.
uhh, i hope you didnt click the link in that email. sounds like you just gave your password to someone. ebay doesnt send out emails requesting account information, they send it to your "MyEbay" account.
Cygnet74 is offline  
Old 07-25-06, 09:35 AM
  #39  
DVD Talk Gold Edition
 
Join Date: May 2000
Location: A secret rebel stronghold in the Republic of San Marcos
Posts: 2,370
Originally Posted by Morf
Regarding passwords, check out this nifty password evaluator on Microsoft's site:

http://www.microsoft.com/athome/secu...d_checker.mspx

Really handy for determining secure passwords for your sites and systems.

Cool. 'Cuz when I think "internet security", the first word that comes to my mind is Microsoft.
Fielding Mellish is offline  
Old 07-25-06, 10:07 AM
  #40  
DVD Talk Platinum Edition
 
Join Date: Jan 2002
Location: IL
Posts: 3,509
Originally Posted by Fielding Mellish
Cool. 'Cuz when I think "internet security", the first word that comes to my mind is Microsoft.
Regardless, the site I linked to is of great value to those of you who think you have good passwords or are looking for good passwords.
Morf is offline  
Old 07-25-06, 10:10 AM
  #41  
Senior Member
 
Join Date: Sep 2002
Posts: 916
lol microsoft's algothrim is length > 8 and at least one or more number/capitalized letter/special character.
nodoubt is offline  
Old 07-25-06, 10:48 AM
  #42  
DVD Talk Limited Edition
 
Ginwen's Avatar
 
Join Date: May 2002
Location: Kent, WA
Posts: 7,220
Originally Posted by dcswirl
I got a notice today and had to change mine. I didn't notice anything strange.
I hope you're joking, or at least didn't use the link in the email, since otherwise someone has your password.
Ginwen is offline  
Old 07-25-06, 11:05 AM
  #43  
DVD Talk Limited Edition
 
Join Date: Jun 2001
Location: Indianapolis, IN
Posts: 6,307
Originally Posted by Morf
Regardless, the site I linked to is of great value to those of you who think you have good passwords or are looking for good passwords.
According to the Microsoft checker...
uzkpklhh = weak
uzkpkl8h = medium
uzKpkl8h = strong
uzKpkl8huzKpkl8h = best

Seeing as I have but a rudimentary knowledge of computers in general, perhaps I'm missing something, but is there really enough of a difference in the first 3 choices to effect the password's security?
maxfisher is offline  
Old 07-25-06, 11:25 AM
  #44  
DVD Talk Platinum Edition
 
Join Date: Jan 2002
Location: IL
Posts: 3,509
Originally Posted by maxfisher
According to the Microsoft checker...
uzkpklhh = weak
uzkpkl8h = medium
uzKpkl8h = strong
uzKpkl8huzKpkl8h = best

Seeing as I have but a rudimentary knowledge of computers in general, perhaps I'm missing something, but is there really enough of a difference in the first 3 choices to effect the password's security?
uzkpklhh: weak because it is all lower-case letters. Easy for program to break.
uzkpkl8h: medium simply because now it contains a number
uzKpkl8h: strong because it now contains a number and an upper-case letter
uzKpkl8huzKpkl8h: best because of its length and combination of lower/upper-case letters and numbers

If something is all lowercase letters, each character only has 26 possibly entries (a-z). An 8-digit password has 26^8 (or 208,827,064,576 - that's 208 billion) possibilities.

If something now has lowercase AND numbers, there are now 36 possible entries for each character (a-z and 0-9), making 36^8 (or 2,821,109,907,456 - that's 2 trillion) possibilities.

If something has lowercase, numbers, AND uppercase letters, there are now 62 possible entries for each character (a-z, A-Z, and 0-9), making 62^8 (or 218,340,105,584,896 - that's 218 trilion) possibilities.

Add special characters, spaces, and make the password 14 or more characters long, the password becomes nearly impossible for a brute-force attack to compromise.

(Hope my math is right! It's been a LONG time since I've done this stuff)

Last edited by Morf; 07-25-06 at 11:28 AM.
Morf is offline  
Old 07-25-06, 11:32 AM
  #45  
DVD Talk Platinum Edition
 
Join Date: Jan 2002
Location: IL
Posts: 3,509
Originally Posted by nodoubt
lol microsoft's algothrim is length > 8 and at least one or more number/capitalized letter/special character.
Actually, that is not true.

12345678* only ranks medium, yet it is length > 8 and one special character.
Morf is offline  
Old 07-25-06, 11:44 AM
  #46  
Senior Member
 
Join Date: Sep 2002
Posts: 916
as long as you have one of each of the 3 and length > 8 and it's considered strong. length > 10? Best! i.e. A1234567890123! I'm not arguing that's not a good enough algorithm (as evidenced with your mathematical proof). I'm just pointing out that it takes no consideration of the actual password, i.e. Password123! vs. Uj25L8*yB. but i guess it really doesn't matter
nodoubt is offline  
Old 07-25-06, 11:46 AM
  #47  
DVD Talk Limited Edition
 
Join Date: Jun 2001
Location: Indianapolis, IN
Posts: 6,307
Originally Posted by Morf
uzkpklhh: weak because it is all lower-case letters. Easy for program to break.
uzkpkl8h: medium simply because now it contains a number
uzKpkl8h: strong because it now contains a number and an upper-case letter
uzKpkl8huzKpkl8h: best because of its length and combination of lower/upper-case letters and numbers

If something is all lowercase letters, each character only has 26 possibly entries (a-z). An 8-digit password has 26^8 (or 208,827,064,576 - that's 208 billion) possibilities.

If something now has lowercase AND numbers, there are now 36 possible entries for each character (a-z and 0-9), making 36^8 (or 2,821,109,907,456 - that's 2 trillion) possibilities.

If something has lowercase, numbers, AND uppercase letters, there are now 62 possible entries for each character (a-z, A-Z, and 0-9), making 62^8 (or 218,340,105,584,896 - that's 218 trilion) possibilities.

Add special characters, spaces, and make the password 14 or more characters long, the password becomes nearly impossible for a brute-force attack to compromise.

(Hope my math is right! It's been a LONG time since I've done this stuff)
How many variations can a program check though? I mean, if someone's trying to get into my eBay account and they set up a program to check for passwords with all lowercase letters, that's got to take some time. Let's say it can check 1,000 per minute, which seems unrealistically high to me. If your math's correct, it'd take over 395 years to check all the possible combinations. I'm not sure what criteria would be used to make this more efficient, but it still seems to me that my example string of 8 completely random lowercase letters (uzkpklhh) would be a hell of a lot better of a password than 'Password1', which the Microsoft checker ranks as strong.
maxfisher is offline  
Old 07-25-06, 11:55 AM
  #48  
DVD Talk Platinum Edition
 
Join Date: Jan 2002
Location: IL
Posts: 3,509
Originally Posted by maxfisher
How many variations can a program check though? I mean, if someone's trying to get into my eBay account and they set up a program to check for passwords with all lowercase letters, that's got to take some time. Let's say it can check 1,000 per minute, which seems unrealistically high to me. If your math's correct, it'd take over 395 years to check all the possible combinations. I'm not sure what criteria would be used to make this more efficient, but it still seems to me that my example string of 8 completely random lowercase letters (uzkpklhh) would be a hell of a lot better of a password than 'Password1', which the Microsoft checker ranks as strong.
No idea on how fast a program can generate and test passwords, sorry - I'm not a security expert.

Most sites (like eBay, I'd presume) have other built-in security features that, say, lock an account after 3 or more invalid attempts. So a brute-force attack won't really work, so don't really worry about your eBay password per se. In that case, uzkpklhh would probably be better than password1 because it is random, and the site probably only gives a person 3-5 chances to log in before locking or flagging the account.

Password1, while Microsoft says it is better, is theoretically better because it contains a combo of uppercase, lowercase and numbers, making it more difficult for a stupid brute-force attack to guess. But since a plain dictionary word makes up 89% of the password, any dummy could potentially guess it.

A good password mixes randomness, special characters, and length.
Morf is offline  
Old 07-25-06, 11:58 AM
  #49  
HN
DVD Talk Hall of Fame
 
Join Date: Oct 1999
Location: Los Angeles, CA
Posts: 8,359
Originally Posted by Buford T Pusser
What was the password?

ebay?

5683?


fuck?


shit?
yeat
HN is offline  
Old 07-25-06, 12:48 PM
  #50  
Suspended
 
Join Date: Oct 2003
Posts: 3,598
Originally Posted by HN
yeat


I had to check my ebay account just to make sure.

Already hit by a fradulent seller a month ago.
gimmepilotwings is offline  

Thread Tools
Search this Thread

Archive Advertising Cookie Policy Privacy Statement Terms of Service

Copyright 2018 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.