TiggerApparently the best type of passwords are just 3 random words, treescooterracoon

www.ncsc.gov.uk/blog-post/the-logic-behind-three-random-words

Interesting read. Especially now with multiple accounts having random words require to remember can really help, maybe having random words in a different language (e.g. Chinese words written in Latin).
Thanks for sharing

Xex360Interesting read. Especially now with multiple accounts having random words require to remember can really help, maybe having random words in a different language (e.g. Chinese words written in Latin).
Thanks for sharing

correct horse battery staple

zlobbyThat would be peak irony! Or, you know what's even better? If they were hacked via some backdoor!
Oh, wait! There are no backdoors! ;)

No. Being AMD the peak irony would to be hacked through one of the Intel ones through an Intel machine.

Kohl BaasNo. Being AMD the peak irony would to be hacked through one of the Intel ones through an Intel machine.

I agree. :D

TiggerApparently the best type of passwords are just 3 random words, treescooterracoon

www.ncsc.gov.uk/blog-post/the-logic-behind-three-random-words

So... basically anything in German will do?

bugSo... basically anything in German will do?

That's basically unhackable then. :laugh: Guess these has to be the 3 longest German words:

Donaudampfschifffahrtselektrizitätenhauptbetriebswerkbauunterbeamtengesellschaft
Grundstücksverkehrsgenehmigungszuständigkeitsübertragungsverordnung
Donaudampfschifffahrtsgesellschaftskapitänswitwe

To be fair, most of these words are invented by buerocrats, not used by the average joe. Funny part is the buerocrats also create a shortened version of these words for their law books, and everyone then has to google what it actually means. F.e. "Telekommunikationsüberwachungsverordnung" = § 1 "TKÜV"

MarsM4NThat's basically unhackable then. :laugh: Guess these has to be the 3 longest German words:

Donaudampfschifffahrtselektrizitätenhauptbetriebswerkbauunterbeamtengesellschaft
Grundstücksverkehrsgenehmigungszuständigkeitsübertragungsverordnung
Donaudampfschifffahrtsgesellschaftskapitänswitwe

To be fair, most of these words are invented by buerocrats, not used by the average joe. Funny part is the buerocrats also create a shortened version of these words for their law books, and everyone then has to google what it actually means. F.e. "Telekommunikationsüberwachungsverordnung" = § 1 "TKÜV"

I'm just gonna leave this here: www.leselern-paten.org/die-hottentottenstottertrottelmutter/

bugI'm just gonna leave this here: www.leselern-paten.org/die-hottentottenstottertrottelmutter/

Nobody seen Suomi or Hungarian?

MarsM4NThat's basically unhackable then. :laugh: Guess these has to be the 3 longest German words:

Donaudampfschifffahrtselektrizitätenhauptbetriebswerkbauunterbeamtengesellschaft
Grundstücksverkehrsgenehmigungszuständigkeitsübertragungsverordnung
Donaudampfschifffahrtsgesellschaftskapitänswitwe

To be fair, most of these words are invented by buerocrats, not used by the average joe. Funny part is the buerocrats also create a shortened version of these words for their law books, and everyone then has to google what it actually means. F.e. "Telekommunikationsüberwachungsverordnung" = § 1 "TKÜV"

Well there is supercalifragilisticexpialidocious to consider too.

Chrispy_correct horse battery staple

Yeah I always use that one, its the safest :pimp:

Vayra86Yeah I always use that one, its the safest :pimp:

I wonder how many password brute-force scripts include that as a guess just in case :laugh:

ValantarI wonder how many password brute-force scripts include that as a guess just in case :laugh:

Not that one, in particular, but I wouldn't be surprised of they used 2-6 word combos. You can still foil that with capitalization, l33t 5p34k and some punctuation, without making the password hard to remember.

bugNot that one, in particular, but I wouldn't be surprised of they used 2-6 word combos. You can still foil that with capitalization, l33t 5p34k and some punctuation, without making the password hard to remember.

I meant that one in particular - after all, if there's one lesson to learn in these kinds of things it's to always make the stupid guesses.

You're probably right about the word combos, but even three words is a LOT of guesses. I've read that a native English speaker will know ~40 000 words (but use about half with some frequency), while a dictionary can contain 300 000 entries (though not all of those are "words" in a strict sense. So let's go with common words - two is 20 000^2, or 400 million guesses. That's not really secure, just a tad more than a six-letter password with only the 26 English non-capitals. But three? 8 trillion combinations. Six? 6.4*10^24 combinations. That's... 6 400 000 000 000 000 000 000 000 possible combinations. That sounds like a "maybe before the heat death of the universe" type of situation. (And we're still talking all lower case!) So I doubt any brute-force scripts include six-word combinations, unless they're using massively reduced word lists.

ValantarI meant that one in particular - after all, if there's one lesson to learn in these kinds of things it's to always make the stupid guesses.

You're probably right about the word combos, but even three words is a LOT of guesses. I've read that a native English speaker will know ~40 000 words (but use about half with some frequency), while a dictionary can contain 300 000 entries (though not all of those are "words" in a strict sense. So let's go with common words - two is 20 000^2, or 400 million guesses. That's not really secure, just a tad more than a six-letter password with only the 26 English non-capitals. But three? 8 trillion combinations. Six? 6.4*10^24 combinations. That's... 6 400 000 000 000 000 000 000 000 possible combinations. That sounds like a "maybe before the heat death of the universe" type of situation. (And we're still talking all lower case!) So I doubt any brute-force scripts include six-word combinations, unless they're using massively reduced word lists.

So 3 random words is pretty secure, can see why it is recommended.

ValantarI meant that one in particular - after all, if there's one lesson to learn in these kinds of things it's to always make the stupid guesses.

You're probably right about the word combos, but even three words is a LOT of guesses. I've read that a native English speaker will know ~40 000 words (but use about half with some frequency), while a dictionary can contain 300 000 entries (though not all of those are "words" in a strict sense. So let's go with common words - two is 20 000^2, or 400 million guesses. That's not really secure, just a tad more than a six-letter password with only the 26 English non-capitals. But three? 8 trillion combinations. Six? 6.4*10^24 combinations. That's... 6 400 000 000 000 000 000 000 000 possible combinations. That sounds like a "maybe before the heat death of the universe" type of situation. (And we're still talking all lower case!) So I doubt any brute-force scripts include six-word combinations, unless they're using massively reduced word lists.

I wanted to write 2-4 initially. But then I felt a little more generous ;)

In a nutshell, if I were to write such a tool, I would add at least some heuristics, looking for low-hanging fruits, in addition to brute forcing.

bugI wanted to write 2-4 initially. But then I felt a little more generous ;)

In a nutshell, if I were to write such a tool, I would add at least some heuristics, looking for low-hanging fruits, in addition to brute forcing.

Assuming zero prior knowledge of your target, and your target follows good security practices, you'd need to go quantum.

TiggerSo 3 random words is pretty secure, can see why it is recommended.

7 is better

It would take a computer about

4 quintillion years

to crack your password

so good luck hackin me wifi pword

Athloniteso good luck hackin me wifi pword

That's exactly seven words ;)

zlobbyNobody seen Suomi or Hungarian?

Finnish and Estonian always seems easy on the ears. Probably harder than h3ll to learn but it still sounds pretty cool imo. JRR Tolkien was a big fan of that language.

ValantarThat's exactly seven words ;)

Oh yeah so it is but it's not the seven I use though

AthloniteOh yeah so it is but it's not the seven I use though

That's what you're saying now, sure ;)