fedii.me
  • Communities
  • Create Post
  • heart
    Support Lemmy
  • search
    Search
  • Login
  • Sign Up
Salamendacious@lemmy.world to Technology@lemmy.worldEnglish · 2 years ago

Security expert reveals surprising way to make your password stronger: use emojis

nypost.com

external-link
message-square
271
link
fedilink
302
external-link

Security expert reveals surprising way to make your password stronger: use emojis

nypost.com

Salamendacious@lemmy.world to Technology@lemmy.worldEnglish · 2 years ago
message-square
271
link
fedilink
It turns out that emoticons are considered a symbol, so they can beef up your passwords and make them more secure in combination with letters and numbers. Here’s how.
  • ammonium@lemmy.world
    link
    fedilink
    English
    arrow-up
    10
    ·
    2 years ago

    Four words is too low these days to protect against gpu bruteforcing

    • El Barto@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      arrow-down
      1
      ·
      2 years ago

      Got a source on that?

      Edit: plus brute forcing is just one scenario. I think the xkcd comic refers to using passwords in online services, and those usually have some sort of rate limiting.

      • ammonium@lemmy.world
        link
        fedilink
        English
        arrow-up
        9
        arrow-down
        1
        ·
        2 years ago

        https://thesecurityfactory.be/password-cracking-speed/

        8 character a-zA-Z is 45 bits of entropy (log2(56^8), about the same as the XKCD password if you take from a 2048 word list. That’s crackable in a minute on AWS.

        Password hashes get frequently stolen, don’t rely on rate limiting if it’s something you really care about.

        Here are the dice ware recommendations on the number of words: https://theworld.com/~reinhold/dicewarefaq.html#howlong

        • El Barto@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          1
          ·
          2 years ago

          Sure, but the average English speaker knows way more than 2048 words. Let’s not forget about case sensitivity, made-up or “inside joke” words, names, and specific industry vocabulary.

          • ammonium@lemmy.world
            link
            fedilink
            English
            arrow-up
            6
            ·
            2 years ago

            Even if you take four words of a 30000 word list (quick Google says that’s the number of words an average person knows), that’s still less bits of entropy than a 5 word diceware password (7776 word list). People are also really bad at randomness, so your own string of random words is likely going to be much worse.

            • El Barto@lemmy.world
              link
              fedilink
              English
              arrow-up
              3
              ·
              2 years ago

              Thanks for the explanation. What’s diceware?

              • poopkins@lemmy.world
                link
                fedilink
                English
                arrow-up
                4
                ·
                2 years ago

                It’s the concept of literally using a die to choose with randomness (humans are terrible at trying to be random); a link with details is in a previous comment.

                • El Barto@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  2 years ago

                  Thanks.

              • ammonium@lemmy.world
                link
                fedilink
                English
                arrow-up
                2
                ·
                2 years ago

                https://theworld.com/~reinhold/diceware.html

                • El Barto@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  2 years ago

                  Thanks.

    • lolcatnip@reddthat.com
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 years ago

      That only works if someone already has access to a system’s password database.

Technology@lemmy.world

technology@lemmy.world

Subscribe from Remote Instance

Create a post
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots


  • @[email protected]
  • @[email protected]
  • @[email protected]
  • @[email protected]
Visibility: Public
globe

This community can be federated to other instances and be posted/commented in by their users.

  • 4.13K users / day
  • 8.77K users / week
  • 14.6K users / month
  • 36.2K users / 6 months
  • 1 local subscriber
  • 76.3K subscribers
  • 16.5K Posts
  • 729K Comments
  • Modlog
  • mods:
  • L3s@lemmy.world
  • enu@lemmy.world
  • Technopagan@lemmy.world
  • L4sBot@lemmy.world
  • L3s@hackingne.ws
  • L4s@hackingne.ws
  • BE: 0.19.13
  • Modlog
  • Instances
  • Docs
  • Code
  • join-lemmy.org