Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: The danger of the clause "FORGOT YOUR PASSWORD ?"

The danger of the clause "FORGOT YOUR PASSWORD ?" 4 years 8 months ago #37898

  • sose
  • sose's Avatar
  • Offline
  • Honored Member
  • Posts: 813
  • Thank you received: 4
  • Karma: 3
The clause "FORGOT YOUR PASSWORD ?" below the LOGIN box is a double edge sword, because people close to you or by searching public archives can allow people access your account.

Caution!!! if you are asked in a form ' what is your favourite food , please your answer could be x+2x
sose
Network Engineer
analysethis.co/index.php/forum/index
The administrator has disabled public write access.

Re: The danger of the clause "FORGOT YOUR PASSWORD ?" 4 years 8 months ago #37899

  • sose
  • sose's Avatar
  • Offline
  • Honored Member
  • Posts: 813
  • Thank you received: 4
  • Karma: 3
check out the case here involving wrong use of forgot your password www.post-gazette.com/stories/ae/celebrit...cyber-crimes-628159/
sose
Network Engineer
analysethis.co/index.php/forum/index
The administrator has disabled public write access.

Re: The danger of the clause "FORGOT YOUR PASSWORD ?" 4 years 7 months ago #37937

  • TheBishop
  • TheBishop's Avatar
  • Offline
  • Moderator
  • Posts: 1719
  • Thank you received: 8
  • Karma: 5
The other side of the coin here is that if security people weren't so overzealous with their password requirements then we wouldn't need the 'Forgot my Password' box and our systems would therefore actually be more secure
The administrator has disabled public write access.

Re: The danger of the clause "FORGOT YOUR PASSWORD ?" 4 years 7 months ago #37968

  • sose
  • sose's Avatar
  • Offline
  • Honored Member
  • Posts: 813
  • Thank you received: 4
  • Karma: 3
It not about being over zealous, the password crackers find it easier to break passwords that don't meet requirement. follow a pattern when formulating your passwords- like an old music first characters in each word with some capitalisation or symbols, and you can always remember your password
sose
Network Engineer
analysethis.co/index.php/forum/index
The administrator has disabled public write access.

Re: The danger of the clause "FORGOT YOUR PASSWORD ?" 4 years 7 months ago #37970

  • sose
  • sose's Avatar
  • Offline
  • Honored Member
  • Posts: 813
  • Thank you received: 4
  • Karma: 3
It is not about being over zealous but the password crackers find it easier to break passwords that dont meet requirement. Just make sure you follow a pattern when formulating your passwords and you will always remember them.
sose
Network Engineer
analysethis.co/index.php/forum/index
The administrator has disabled public write access.

Re: The danger of the clause "FORGOT YOUR PASSWORD ?" 4 years 7 months ago #37972

  • S0lo
  • S0lo's Avatar
  • Offline
  • Moderator
  • Posts: 1577
  • Thank you received: 7
  • Karma: 3
The thing here is that resetting the password through "FORGOT YOUR PASSWORD" feature should better be forwarded to the persons email through a link, to verify that he is the holder, NOT immediately on the webpage. Except for the case where he is reseting his own email, then it better be forwarded to another back up email, which in the case of the celebrities above didn't seam to happen.

Regarding password complexity. Long passwords (even if they are simple) are usually more effective than short passwords (even if they are complex). Lets take for example a six character password comprised of letters, numbers and signs, say Yu*e+5

When you see this password, one can say that it's fairly complex. It's not easy to guess it easily. But for a bruteforce attack to work on it, the cracker must search through all combinations of the characters a-z A-Z 0-9 ~!@#$%^&*()-={}|:"<>?[]\;',./

Thats 93 characters, say 100 (those are easily reachable in the keyboard, there are more offcourse). So the total number of combinations is 100 to power 6. Thats 1000000000000, one thousand billion trials max to find the password.

Now lets have another simple BUT longer password, an 8 character password but containing only letters (no numbers or signs), say OmiPoxma. Now that one is pronounceable and it might seam simpler than the Yu*e+5. But for a bruteforcer to break it, it has to try all possible combinations on a-z A-z. Total 54 characters, But thats done for 8 letters now. So total number of combinations is 54 to power 8, thats 72301961339136. Now, Compare these two numbers:

1000000000000 (one thousand billion trials)
72301961339136 (72 thousand billion trials)

By just adding 2 letters to the length of the password we have increased the difficulty 72 times more, ALTHOUGH we used LESS characters from the keyboard (nearly half).

Simply speaking, "lengthen your passwords" :)
Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
Last Edit: 4 years 7 months ago by S0lo.
The administrator has disabled public write access.
The following user(s) said Thank You: Rockape
  • Page:
  • 1
  • 2
Time to create page: 0.087 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup