Think your passwords are secure enough?

[qubit]

About this, i never used that tehnology do they for instance rememebr the prints from multiple digits of your hand or just one. What if you are in an accident and you get your fingers burned and that is the only authentication method that you can access that phone tablet whatever ?

An iPhone or iPad will store up to 5 prints and also let you set an optional passcode as a backup.

 

[P4-630]

About this, i never used that tehnology do they for instance rememebr the prints from multiple digits of your hand or just one. What if you are in an accident and you get your fingers burned and that is the only authentication method that you can access that phone tablet whatever ?

My mom had this on her previous Acer laptop and it's on her new Asus laptop (didn't buy it because of it).
I tried it on her previous Acer laptop, could login with a finger scan, never used it permanently.
Nice feature but she doesn't use it.

I also think it's risky to use it since your fingerprints can get "damaged" from work/household work, winters-summers etc.

 

[CAPSLOCKSTUCK]

About this, i never used that tehnology do they for instance rememebr the prints from multiple digits of your hand or just one ? What if you are in an accident and you get your fingers burned and that is the only authentication method that you can access that phone tablet whatever ?

Jealous wife busted Foreign Office diplomat hubby’s affair after unlocking phone using thumbprint while he was ASLEEP
https://www.thesun.co.uk/news/16109...g-phone-using-thumbprint-while-he-was-asleep/

 

[Caring1]

Jealous wife busted Foreign Office diplomat hubby’s affair after unlocking phone using thumbprint while he was ASLEEP
https://www.thesun.co.uk/news/16109...g-phone-using-thumbprint-while-he-was-asleep/

So what did she get charged with?
Surely that's not legal, accessing his finger prints while asleep, and his personal property.

 

[qubit]

[QUOTE="P4-630, post: 3512315, member: 22154"I also think it's risky to use it since your fingerprints can get "damaged" from work/household work, winters-summers etc.[/QUOTE]
Yup, that happened to me a fair bit, making fingerprint authentication a little too "secure" for my liking. Had to fallback on the passcode.

@CAPSLOCKSTUCK the headline from our esteemed newspaper reads "green with envoy", lol. I wonder if they'll ever spot their cockup?

 

[CAPSLOCKSTUCK]

i would be very, very surprised if she is charged with anything......her "punishment" didnt befit her crime.



Perhaps he should have used a strong password using a strange collection of ch&rEcters

 

[Nobody99]

But who would store their biometric prints on an unsecured device? It is better to just use NFC chip or something like that that autmatically unlocks the system in proximity.

 

[silentbogo]

My mom had this on her previous Acer laptop and it's on her new Asus laptop (didn't buy it because of it).
I tried it on her previous Acer laptop, could login with a finger scan, never used it permanently.
Nice feature but she doesn't use it.

I also think it's risky to use it since your fingerprints can get "damaged" from work/household work, winters-summers etc.

On laptops there is a failover in most cases. I had both Acer and LG laptops with fingerprint reader, and both were based on AuthenTek capacitive reader.
The built-in software makes multiple scans of all 10 fingers during the initialization process, and you can log-in with either one (tested - works). Basically, if you cut/burn/lose one fingertip, you can always use the other ones.
I am not 100% sure, but you may be able to log-in with your toes =)
There was also a crappy, but interesting fingerprint-based password manager.

But who would store their biometric prints on an unsecured device? It is better to just use NFC chip or something like that that autmatically unlocks the system in proximity.

I know that old laptops with capacitive readers work in conjunction with TPM to encrypt data. Not so sure about phones.

NFC and Bluetooth are vulnerable to spoofing.

 

[dozenfury]

The main issue with pw and pw theft is that too many people take the bad approach of thinking up strong pw, but then using that same one everywhere. You really have to create unique passwords everywhere you use. Otherwise the security of it is only as strong as the weakest link, and there is always a weak security db/site out there getting hacked. So where people get in trouble is re-using the same strong password everywhere they login, and then for example a hobby site or similar they login to gets hacked and the hacker then has their pw and usually also email. Then it's simple for them to try those email/pw combos on big bank or shopping sites, etc. and far too often they are in. This is usually what happens (or keylogging), not so much brute force 1980's style anymore.

 

[Nobody99]

The thing I was talking about, just used in another way: https://www.nextpowerup.com/news/30...or-grabbing-fingerprints-pictures-of-thieves/

Prints can be replicated.

 

[BiggieShady]

Brute forcing of passwords simply isn't a thing anymore and hasn't been for decades, with the obvious exception of random unsecured servers that the general public won't be accessing anyway.

You are assuming malicious individual has more incentive to hack your mail account than to gain remote desktop access admin account on a server that has huge amounts of bandwidth available ... the important illegal activities ultimately have to originate from a zombie machine.
Even if the most common way of "hacking" someone's account is still by reading the content of a post-it note stuck on his monitor, it doesn't mean that brute force method is suddenly less viable ... with faster networks it gets more viable, fooling the router's or server's anti attack heuristics also gets less challenging with all free VPNs and global networks of zombie machines. Think about it.
It's not like everything is on virtual machines in the cloud (yet) and separated in restricted access subnets ... internet is a colorful place

 

[silentbogo]

About bruteforce attacks: It is more viable now than it ever was. If a single machine cannot handle that kind of workload, you can always "employ" more compute power for cheap (or for free).
Few years ago there was an article on XAKEP.RU about using AWS for crypto-workload. Alternatively - botnets (a.k.a. multi-purpose supercomputer at your fingertips).
Since the OP has started with GPU applications in password hacking, then it is totally appropriate to mention fake BitCoin pools.

Back in a day there was also a distributed service for RainbowTable "mining" and another one for "sharing" (you upload a partial table ~100MB in size, and they let you decrypt few MD5 hashes for free by using their extensive library of multilingual mixed password hashes). Can't remember website names, but I don't think they even exist now.

 

[jboydgolfer]

i have always found that instead of substituting letters for symbols, it always worked for me to just take a password like ....

1234, and change it to.

1Two3Four
or 0ne2thr33Four, etc..

 

[Frick]

I wouldn't trust an Android device of any type, even the purest Nexus devices with my bank login credentials. iPhones and iPads seem to be more secure, with Apple's walled garden paying off here, but I'm still not sure how much I'd trust them.

*knocks on wood* We'll see if things break there. You can't do everything on the app, but most things. Six digit numerical code, the good thing is that the keypad is randomized (the numbers switch places, so you can't guess the code by looking at the entering of the code). And you need to authorize every device with your card. So far it's worked, but then I don't really know of the innee workings of the system.

 

[Frick]

About this, i never used that tehnology do they for instance rememebr the prints from multiple digits of your hand or just one ? What if you are in an accident and you get your fingers burned and that is the only authentication method that you can access that phone tablet whatever ?

Dunno bout that, but I do know it's a hassle if the scanner stops working. It has happened to a bunch of friends of mine, and they have to RMA it.

 

[Ahhzz]

.....

Back in a day there was also a distributed service for RainbowTable "mining" and another one for "sharing" (you upload a partial table ~100MB in size, and they let you decrypt few MD5 hashes for free by using their extensive library of multilingual mixed password hashes). Can't remember website names, but I don't think they even exist now.

I remember that!!!!

 

[lorraine walsh]

I am using a password locking software to lock the y most folders. Like not the ones that have the daily pics, docs etc but the ones like official transcripts, bank statements and other personal data. I first encrypt my files and then add them to the folder that has password lock. Do not need to lock again and again the folder, I just drag the files into it and it automatically locks them. And both of these features are in the same encryption software.

 

[BiggieShady]

I am using a password locking software to lock the y most folders. Like not the ones that have the daily pics, docs etc but the ones like official transcripts, bank statements and other personal data. I first encrypt my files and then add them to the folder that has password lock. Do not need to lock again and again the folder, I just drag the files into it and it automatically locks them. And both of these features are in the same encryption software.

Since you like encrypting sensitive information, there are also email services like Proton Mail (https://protonmail.com/) that are completely encrypted: inbox is stored encrypted in the data center and communication is encrypted end-to-end through their web or mobile app ... in case you need a separate mail address for sensitive stuff (invoices, delivery statuses and such)
It uses (and maintains) Pretty Good Protection library for javascript