Posts tagged passwords
I did some simple tests tonight using the “free” rainbow tables that come with Ophcrack. I was expecting at least one of my passwords to be cracked but neither were. I think there were a couple reasons for this
- The password on my XP machine is 15 characters – Ophcrack only goes up to 14 with the free tables for XP
- The password on my Windows 7 machine is not in the dictionary – Ophcrack only uses a “based on dictionary” hybrid table with the free tables for Vista+
The good thing here is that for the “trivial” user, they won’t be able to get my passwords since the non-free tables go for $99 a piece or they’ll need to obtain other tables online.
So is it Ophcrack crap? No, probably not, that would be a little harsh since I bet the free tables would crack a huge majority of the general public’s passwords.
Do you ever have a login that needs to be secure but you don’t want to create and remember a new random and cryptic password? I do all the time, especially for things that I don’t log in to frequently but still need to be secure. Remembering tons of 12+ random password, even with key store is a pain.
So I created a one time password protocol that I use all the time with popular sites like Twitter
- On computer @ site to login, click the “Forgot Password” link – enter the email you registered with the site
- Generate a random 12+ (100+ if you wanted!) alphanumeric/special char password using a random password generator (they’re all over online)
- Highlight and copy the password (CTRL-C/CMD-C)
- Log in to the email address, click the “Reset Your Password” link in the email you received from the site.
- Paste and submit the new password @ the reset screen
- Return to site login, enter username, paste password
- Copy something random back into the clipboard — like a space