Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
All your passwords are belong to us (getcocoon.tumblr.com)
3 points by cocoon on March 16, 2011 | hide | past | favorite | 3 comments


Automated is correct. It certainly is not a come-on-and-crack-me password. When they move on to a brute force attack, with 14+ chars it is not doable. Check out this article:

John Pozadzides Tells All http://www.bnet.com/blog/businesstips/how-easy-is-it-to-hack...


He proposes the following scheme

    * !Ial2eNwNaBatcIPTWI (Twitter)

    * !Ial2eNwNaBatcIPFBK (Facebook)

    * !Ial2eNwNaBatcIPLIN (LinkedIn)
Why would this be good? When a hacker sees the name of one site in the password, couldn't they simply guess the others?


It's going to be automated, so a hacker will only see a password if they choose to log in manually to that account for some reason.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: