/dev/blah

things i want to remember, things i want to share

Développeur Python et adepte Linux depuis 2005, passionné par beaucoup trop de choses. Profil Github

Entries tagged “passphrase”

Bad passwords.

written by tshirtman, on 1/20/14 12:24 AM.

Yesterday, my twitter account got hacked, it’s nice to have a story happen just so you can have something to put on your blog!

That was less nice that it made me send spammy DMs to all the sorry people that followed me, i had to clean that up after i changed that password in a hurry. I’m glad it was not somebody or something smart enough to change my mail/password before i did, it could have been quite worse.

But that taught me a lesson, i had fuzzy plans to change my weakest passwords for some time, these that i used for so long because i didn’t know any better back then, so no, i’ll never use this one anymore, and i’ll not stick to passphrases, that is, a succession of words that may or may not mean something, because if you think about it, and consider letters of the English language as letters of bigger alphabet with which you can do words (valid English sentences) with, you quickly see it’s a much larger alphabet than the ~60 symbols you get with ascii on a keyboard, a 4 words passphrase is a lot better than an 8 letters password, and it’s far easier to remember an 8 words (or more) passphrase than a 20 letters password.

Of course, you are not limited to English, or to valid words, but you are already making things way harder to break, so you can aim for easy to rembember sentences, they could be your favorite in a book, in a song, a movie, a poem, or even a speech, people building dictionaries of all the known literature to bruteforce your passwords using that will have a lot of fun…

Anyway, lesson learned, and a few passwords were changed, some weak passwords were used for quite important things like amazon (duh), i’m glad twitter was the thing that got hit.

Tip me if you like this :)

Tags

#FIXME 3G absurd ad_sense alterway aléatoire android animation anonymity atheism bach backlog bash bitcoins blog blogging boldness book books boulot bricolage bépo C canvas captcha captures carte SD censure christianity chroot CLI cli cloudwatt code colors comfort zone command line community company life conferences contest copwatch copwatchnord-idf core-devs cours ct705 culture deb debian debug deformation dehors dessin dev distribute distribution débutant déploiement développement ebooks eeepad eeepc effect ego empty en escher event firefly flappy bird flask fosdem foss fr fun game garden gdb geek culture git github goals graphics grrr gödel hack hackathon hacked hacking hooks i3 images IMAP inspirational install isync java jeu jeu video jinja2 jni keyboard keynav kivy kv lame learning lib libre life linux lol macosx magnet mail mailing-list mails maths mbsync meetings memory leak mesh meta mint mirroir MIT module motivational mouse museomix mutt nexus7 no-mouse notmuch nottoomuch offlineimap onycroit opencourseware osc packaging paris passphrase password patch pentacatyl people perte de données ping pip planning plugin positioning pr procrastination programmation progress project projet property proudhon proxy psf publisher/consumer pull-down pygame pyjnius pypi python pythonar qtile raid rapsberry pi reading recorder references release religion responsive review reviews réseau réseaux sociaux résurection salon screenshots script self service shows shutil shyness sizing solib sortie sousous!!! spam spritz stash status systeme système templating terminal texture texture coordinates Thomas Paine thread thème tiling time time management. tip tips tools transformer tutorial tv twitter typematrix typing ubuntu ubuntu-fr ultimate-smash-friends unity upload images useless usf utils value VDM video vie/mort vim virtualenv visite widget windows wm wmii work workflow workflow. zine études