GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

A goofy cartoon depicting special characters in passwords acting like "digital garlic" to scare away vampires and werewolves.

Download link

https://media.infosec.exchange/infosecmediaeu/media_attachments/files/110/136/027/822/298/556/original/54397dadbdcc52a1.png

Notices where this attachment appears

  1. Embed this notice
    Anthony Collette :donor: / Loistava (anthonycollette@infosec.exchange)'s status on Tuesday, 09-May-2023 08:58:19 JST Anthony Collette :donor: / Loistava Anthony Collette :donor: / Loistava

    “DIGITAL GARLIC” SCARES AWAY HACKERS

    Time Management for Hackers

    Attackers don’t bother brute-forcing passwords that are long or passwords that contain special characters.

    Every one of us — hackers included — only have 24 hours in every day. So how do criminal hackers make the best use of their time when brute-forcing passwords?

    Microsoft researcher Ross Bevington analyzed the usernames and passwords hackers entered from over 25 million brute-force attacks.

    Here's the breakdown of 30 days' worth of attacks against passwords:

    ➡️ 6% attacked passwords over 10 characters in length.
    ➡️ 7% attacked passwords which included special characters.
    ➡️ 39% attacked passwords with numbers in them.
    ➡️ 0% attacked passwords with spaces.

    Hackers definitely *stayed away* from passwords which were longer (94% of the time), and they *didn't bother* spending much time cracking passwords which contained special characters (only 7% of the time).

    Probably because of the common use of numbers at the end of passwords, hackers definitely honed in on digits.

    But hackers *didn't even attempt* brute-forcing passwords with spaces, most likely because including spaces in passwords is still fairly uncommon.

    From the article written by Catalin Cimpanu:

    "The researchers' findings suggest that longer passwords that include special characters are most likely safe from the vast majority of brute-force attacks, as long as they haven't been leaked online and are part of attackers' brute-forcing dictionaries."

    Should we include special characters (including spaces) in our passwords?

    Here we have high-quality evidence collected by Microsoft at scale. It shows decisively that password length and the inclusion of special characters act like digital garlic, keeping the vampires and werewolves at bay — keeping the bad guys away from our online accounts.

    How do ordinary consumers get this “digital garlic” in an easy way? They use a Password Manager.

    https://therecord.media/attackers-dont-bother-brute-forcing-long-passwords-microsoft-engineer-says/

    #Passwords
    #PasswordManagers
    #ComplexPasswords
    #SpecialCharactersInPasswords
    #TimeManagementForHackers
    #DigitalGarlic
    #Microsoft

    In conversation Tuesday, 09-May-2023 08:58:19 JST from infosec.exchange permalink
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.