Ranter
Join devRant
Do all the things like
				++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
				Sign Up
			Pipeless API
 
				From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
				Learn More
			Comments
		
- 
				
				 endor54475y@Demolishun some password managers (like KeePass) give you a password strength indicator endor54475y@Demolishun some password managers (like KeePass) give you a password strength indicator
- 
				
				How is that stupid? I can tell you someone somewhere has a password "password", what can you do with this information?
- 
				
				Since when is 😠a laughing emoji
 
 @theabbie it's the same as testing how safe your bank details are by posting them to a random website
- 
				
				@electrineer That's because bank details are enough to identify a person, just knowing a password without knowing the identity and the account which has that password is useless.
- 
				
				@theabbie so you say having password lists with your password in it dosen't make you fucked in a breach?
- 
				
				@coffeeholic That's what those tools are for, if you find that your password is breached, change them, Just knowing that someone somewhere has a specific password is useless.
- 
				
				@theabbie No you're really wrong.
 
 Maybe you meant "safe to a single entity that is unaware of how the given password can be utilised but not to a larger audience targeted by an experienced hacker".
 An attacker in most cases does not have a specific target... They don't know your name and they don't need to.
- 
				
				Ever wondered how brute force hijacking works? How they got the email addressess and the list of passwords for test?
 
 It's from ignorant people who thinks just giving out their emails on some random website is safe and another set of idiots who think testing their passwords on a random website without an email is also safe.
- 
				
				I'd like you to know that the operation of most account fraud and hijacking is targeted at a randomly populated crowd from a specific location. If a hacker could get an enormous amount of passwords from a state in your country that state is fucked!
 
 Sometimes ago I read an article about a district in Florida where majority of individuals reported their email accounts linked to their bank being hacked... After days of investigation it was found that over 45% of the victims has "cheeseburger" contained in their password.
 The 45% isn't random... They may be targeted with brute force with support from other cheeseburger assholes.
- 
				
				@GiddyNaya What kind of websites are you talking about?
 
 Suppose I create an online tool where people just enter a password and it gives the strength based on various factors.
 
 And people use it, what harm can I do even if I collect those passwords? I don't know who they are neither their email nor the service that password is used for.
 
 A password alone without anything else is just a useless string
- 
				
				@theabbie u might be that naive but I see u still don't get it. Those phishy sites are saving the input.
 Having 'actual' password in lists or dictionaries is valuable. (combine that with metadata...)
- 
				
				@coffeeholic That's too exaggerated, they won't be able to do shit with any random password, if they are able to find email of the same user, then maybe, but no one will fall for that.
- 
				
				@theabbie
 Which planet are you from?
 Are you forgetting the web owner knows your IP, country, city, and also your interest for password security?
 One of the many ways to grab email addresses of targets is using targeted ads with fake freebies. Tell me you don't know this?
 
 The hacker targets your mail service specifically because all roads points to Rome.
- 
				
				It's a lot easier to cycle through a list of known passwords than it is to cycle through all possible passwords.
- 
				
				@GiddyNaya And 0.1% of people fall for that, yes, a sophisticated attack will allow attacker to get password and email simultaneously, but, that doesn't mean everyone using such tool is stupid, You just need to be aware.
- 
				
				@coffeeholic Okay, but non-stupid people can use such online tools safely without getting their accounts hijacked, so, the assumption that all such people are stupid is wrong.
- 
				
				@theabbie Majority of internet users using tools such as "Online Password Strength checker" are vulnerable to account hijacking.
 
 Any user exposing themselves to such vulnerability ignorantly is stupid IMO
- 
				
				@GiddyNaya So, people who use haveibeenpwned must be stupid too, though it's safe. I have 600+ accounts, all with different passwords, I can put one in a tool and they would never know where that password belongs. Yes, it increases vulnerability, but that's negligible, this is least effective account hijacking trick.
- 
				
				@GiddyNaya dude we are going in circles.
 @theabbie haveibeen powned asks for email.. totaly different thing
- 
				
				@coffeeholic It also had a password checker, the successful tactic would be asking password then email for newsletter subscription about safety tips, but it's still safe for those who use different passwords for everything.
- 
				
				@theabbie they offer password hashes as downloads for this reason. They also claim that they hash the password you wrote and only send the beginning of the hash to the server. You get a range of hashes in return and can check if the rest of them matches yours. I guess it comes down to trust that this is what happens when an average user uses the feature.
- 
				
				@electrineer Even if an attacker creates such a tool, it won't be able to fool majority of users, not everyone using such tool is stupid.
Related Rants










 Did you say security?
Did you say security?
 10 points for next century option.
10 points for next century option.
When I see people using online tools to test the strength of their passwords I laugh at their stupidity ðŸ˜
rant
password strength
security
online tools