Jump to content
Why become a member? ×
Support your local Basschat

Nearly got scammed on here!!

RikiB

By RikiB,
in General Discussion

 Share

Recommended Posts

daveybass Mentor

daveybass

Posted
Posted
36 minutes ago, ambient said:


There are several websites you can use to calculate the fees the seller will incur. I’ll just pay whatever the extra is to ensure the seller gets what they wanted while protecting myself.

I think it’s around 3.5% so not a lot for peace of mind 

  • Like 1
Link to comment
Share on other sites
leschirons Veteran

leschirons

Posted
Posted

So, not being a techie, if I change my BC password and let my phone generate a new one, will that automatically save that to the Google password thing and also appear on my desktop PC?

Or do I have to physically put it in the PC?

Link to comment
Share on other sites
Reggaebass Grand Master

Reggaebass

Posted
Posted
45 minutes ago, leschirons said:

So, not being a techie, if I change my BC password and let my phone generate a new one, will that automatically save that to the Google password thing and also appear on my desktop PC?

Or do I have to physically put it in the PC?

I changed mine yesterday on my phone and had to log in separately on my iPad, so I don’t think it will carry across 

Link to comment
Share on other sites
PaulWarning Veteran

PaulWarning

Posted
Posted
55 minutes ago, leschirons said:

So, not being a techie, if I change my BC password and let my phone generate a new one, will that automatically save that to the Google password thing and also appear on my desktop PC?

Or do I have to physically put it in the PC?

 if you're using Google Chrome to generate a new password yes, if you've got sync turned on, well mine does

  • Like 1
  • Thanks 1
Link to comment
Share on other sites
NancyJohnson Grand Master

NancyJohnson

Posted
Posted

I've just had a clean out and update of passwords.  I tend to use Firefox and Thunderbird for web/email, lots of samey passwords and on checking, lots of passwords for dormant sites.  I've just used the Google random password generator to fast track changes and will work out how to synch everything later.

 

I'm a mod on a Facebook musician site and we took group membership private on that about a year ago following several nefarious attacks and p*rn-related posts.  It's only got 2,000 members (fnarr), but sometimes it was a royal PITA to keep spam down.

Link to comment
Share on other sites
tauzero Grand Master

tauzero

Posted
Posted
16 hours ago, pluckedout said:

All conceivable 10 character passwords can still be brute forced by a basic desktop computer in less than a day.

 

Really? On the basis of taking a second for each try, using 10-character passwords composed of any upper-case, any lower-case, any number, and any of the non-alphanumeric characters on a computer keyboard (I used 30 for the number), it would take 12,066,345,950,656,448 hours to do all combinations. That's a bloody long day.

Link to comment
Share on other sites
Woodinblack Grand Master

Woodinblack

Posted
Posted
11 hours ago, ambient said:

There are several websites you can use to calculate the fees the seller will incur. I’ll just pay whatever the extra is to ensure the seller gets what they wanted while protecting myself.

 

The most accurate one of which is Paypal.

  • Haha 1
Link to comment
Share on other sites
tauzero Grand Master

tauzero

Posted
Posted
3 hours ago, leschirons said:

So, not being a techie, if I change my BC password and let my phone generate a new one, will that automatically save that to the Google password thing and also appear on my desktop PC?

Or do I have to physically put it in the PC?

 

If you're logged in to a Google account on both phone and PC, and using the same browser, and you've got the sync settings, er, set (in the Settings menu), it should synchronise.

Link to comment
Share on other sites
JoeEvans Experienced

JoeEvans

Posted
Posted
7 minutes ago, tauzero said:

 

Really? On the basis of taking a second for each try, using 10-character passwords composed of any upper-case, any lower-case, any number, and any of the non-alphanumeric characters on a computer keyboard (I used 30 for the number), it would take 12,066,345,950,656,448 hours to do all combinations. That's a bloody long day.

Yes - my understanding is that there's a big difference between the theoretical time taken for a particular computer to work through all the combinations of a certain number of characters, and the actual time taken to submit each combination one after another when attempting to get into an online service.

Link to comment
Share on other sites
tauzero Grand Master

tauzero

Posted
Posted
1 minute ago, JoeEvans said:

Yes - my understanding is that there's a big difference between the theoretical time taken for a particular computer to work through all the combinations of a certain number of characters, and the actual time taken to submit each combination one after another when attempting to get into an online service.

 

When the interval between attempts is automatically increased each time you get it wrong, or where the username is locked out after a number of failed attempts, it becomes an even larger difference between generating the list and cracking the login.

  • Like 1
Link to comment
Share on other sites
asingardenof Grand Master

asingardenof

Posted
Posted
3 minutes ago, tauzero said:

 

Really? On the basis of taking a second for each try, using 10-character passwords composed of any upper-case, any lower-case, any number, and any of the non-alphanumeric characters on a computer keyboard (I used 30 for the number), it would take 12,066,345,950,656,448 hours to do all combinations. That's a bloody long day.

Assuming 56 alphabetic characters (all upper and lowercase letters), 10 numeric, and let's say 30 special as you suggest, that's 96 possible options per character entry. Assuming 10 characters, that gives us 96P10 or 4.093x10^19 possible combinations. Attempting them @ 1s would take something in the region of 12.8 trillion years. I'm guessing that computers might be able to do it slightly faster than this though...

Link to comment
Share on other sites
tauzero Grand Master

tauzero

Posted
Posted
1 minute ago, asingardenof said:

Assuming 56 alphabetic characters (all upper and lowercase letters), 10 numeric, and let's say 30 special as you suggest, that's 96 possible options per character entry. Assuming 10 characters, that gives us 96P10 or 4.093x10^19 possible combinations. Attempting them @ 1s would take something in the region of 12.8 trillion years. I'm guessing that computers might be able to do it slightly faster than this though...

 

There are 28 letters in the alphabet? Dammit, I've only been using 26 all my life.

 

I was giving a second a go on the basis of a computer doing it and that being the time between sending and response. It would take quite a bit longer if somebody was typing them in.

Link to comment
Share on other sites
asingardenof Grand Master

asingardenof

Posted
Posted
Just now, tauzero said:

 

There are 28 letters in the alphabet? Dammit, I've only been using 26 all my life.

 

I was giving a second a go on the basis of a computer doing it and that being the time between sending and response. It would take quite a bit longer if somebody was typing them in.

Dammit, I need more coffee. OK say 92 possible options means 8.3 trillion years. 

Link to comment
Share on other sites
tauzero Grand Master

tauzero

Posted
Posted
3 minutes ago, jrixn1 said:


https://en.wikipedia.org/wiki/Password_cracking
"the number of possible passwords per second which can be checked can be in the billions or trillions per second"
 

 

Out of context quote.

 

"If a hash of the target password is available to the attacker, this number can be in the billions or trillions per second, since an offline attack is possible. If not, the rate depends on whether the authentication software limits how often a password can be tried, either by time delays, CAPTCHAs, or forced lockouts after some number of failed attempts. Another situation where quick guessing is possible is when the password is used to form a cryptographic key. In such cases, an attacker can quickly check to see if a guessed password successfully decodes encrypted data."

 

If you're trying to access an account from outside, by logging in, you'll never do it.

Link to comment
Share on other sites
Woodinblack Grand Master

Woodinblack

Posted
Posted
16 minutes ago, asingardenof said:

Assuming 56 alphabetic characters (all upper and lowercase letters), 10 numeric, and let's say 30 special as you suggest, that's 96 possible options per character entry. Assuming 10 characters, that gives us 96P10 or 4.093x10^19 possible combinations. Attempting them @ 1s would take something in the region of 12.8 trillion years. I'm guessing that computers might be able to do it slightly faster than this though...

 

There are at least 250 different options even if you are confining yourself to an 8 bit character set. If you aren't, then there are 1000s of different characters. I haven't had problems using non latin characters anywhere for a long time.

Link to comment
Share on other sites
jrixn1 Mentor

jrixn1

Posted
Posted
14 minutes ago, tauzero said:

If you're trying to access an account from outside, by logging in, you'll never do it.

 

I agree.  I thought people were talking about recovering passwords from data i.e. when the hashed password file has been leaked.
If you don't have that file, then like you say, you can't brute force directly on the live site as it would take billions of years - and the site locks you out after three attempts anyway.
Perhaps a less worse method would be the other way round: pick a common password and then try it in combination with known usernames.
 

Link to comment
Share on other sites
MartinB Experienced

MartinB

Posted
Posted

So just to speak in general terms, and not implying anything about Basschat's security:
When you sign up to a new site/service, you don't know whether it's got sensible security precautions to guard against password guessing (e.g. lockout/timeout after a small number of failed attempts).
And you also don't know whether your password will be stored securely, i.e. not likely to be leaked and also not easily cracked if it does leak (by being properly encrypted etc.)

So as a general rule of thumb, why not do everything you can to protect yourself?
- Use a strong password; long and complex is best, but otherwise long and simple generally beats short and complex (see table below)
- Use a unique password, so in the event of compromise you'll only have a problem with one site
- Use multi-factor authentication, if available

Illustrative guide to how it long it takes to crack a leaked password:
image.png.2aa06fc08543839b7ce947a55366d65a.png

Terms and conditions apply; your mileage may vary; source: https://www.hivesystems.io/blog/are-your-passwords-in-the-green

  • Like 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...