[ SECRET POST #2841 ]

[case]

⌈ Secret Post #2841 ⌋

Warning: Some secrets are NOT worksafe and may contain SPOILERS.

01.


__________________________________________________



02.


__________________________________________________



03.


__________________________________________________



04.


__________________________________________________



05.


__________________________________________________



06.


__________________________________________________



07.


__________________________________________________



08.


__________________________________________________



09.

















Notes:

Secrets Left to Post: 02 pages, 039 secrets from Secret Submission Post #406.
Secrets Not Posted: [ 1 - broken links ], [ 0 - not!secrets ], [ 0 - not!fandom ], [ 0 - too big ], [ 0 - repeat ].
Current Secret Submissions Post: here.
Suggestions, comments, and concerns should go here.

Comments

[fscom]

08. http://i.imgur.com/ul0oRsS.png

[(Anonymous)]

This is awesome. You'll never run out of pokemon for passwords.

[silvereriena]

Considering they keep adding generations, you are set for life, OP. :D

[(Anonymous)]

And in the very unlikely event that they stop, they can always resort to the original Japanese names of the pokemon for passwords. They're set no matter what.

[silvereriena]

Oooh, that's a good point. They probably changed the names in various other countries too!

[ibbity]

brb stealing this idea forever

[(Anonymous)]

Utterly genius.

[(Anonymous)]

I'd probably do something similar if I was more knowledgeable of Pokemon.

[(Anonymous)]

Oh, honey, as someone who works with computer security, I'd suggest you make your passwords a little bit more difficult. As cool as they are, Pokemon names are actually pretty easy to crack if they're just left as they are.

Might I suggest something like "Pokemon#"? Ex. "Pikachu25," "Mew151," "Chespin650" etc. That way you can memorize dex numbers at the same time and you make your password more difficult.

[morieris]

I was thinking the same...it may take a while to manually input all 700+ mon in a program designed to keep throwing words at a password field, but it could be done.

[cbrachyrhynchos]

Nah, just mine a wiki, or a bbs.

[cbrachyrhynchos]

No, hashcat has a module for all of those variations. Your only safe bet is to:

1. use a password safe like LastPass or KeePass
2. use random passwords for just about everything
3. use long random phrases for everything you can't put into a password safe.

If it's in a dictionary or on a wiki or BBS, it's crackable.

[kippi]

But most sites will choke out brute forcing. And if they don't, I don't trust them to not lose the password in some other way. Also, a lot of sites aren't worth the effort. I wouldn't really care if I lost say, my Twitter or my Tumblr. But I would care if I lost my Paypal or my email address.

[cbrachyrhynchos]

But most sites will choke out brute forcing.

The biggest data breaches of the last five years have involved the publication of entire password databases through a backdoor: Adobe, Gawker, Sony PSN, Microsoft, Linkedin, etc., etc.. Once the database is made public, crackers can run parallel brute-force attacks. (Heck, AT&T just revealed that a disgruntled employee walked out the door with a bunch of information.) Front-door timeouts are meaningless as of five years ago. At this point, you shouldn't trust any site not to lose their password database.

I wouldn't really care if I lost say, my Twitter or my Tumblr. But I would care if I lost my Paypal or my email address.

Unless you reuse passwords, which most people do, including a Gawker employee who used the same password for commenting and site administration.

[kippi]

At that point, does it really matter? You've already lost. Protecting against that was never your job, either. It rested on the shoulders of the site you were signed up at.

The fact that I give a shit about my email is why is has a decently complex and unique password, and the fact that I don't give a shit about my tumblr is why the password isn't that complex and is shared across a couple sites I also care equally as much about. That's what I meant, unless you use a password manager don't sweat having difficult passwords for shit that doesn't personally matter to you. Of course with a password manager you can just use unique random 30 character passwords for everything from your random virusy pornsites to your bank account, but password managers make me jumpy.

[(Anonymous)]

I don't know anything about password safes, but wouldn't exchanging certain characters for others already make the password much more secure? Like, instead of Pokemon the password would be P0#em0n, Pickachu could be Pi#a(hu. Put another random rule in ("Every third letter is upper case" - "Pi#A(hu"), and the password should be complicated enough to not be easily crackable, shouldn't it?

Given the huge amount of passwords one has, I find it easier to use memorable passwords, but make certain substitutions to make them safe.

[cbrachyrhynchos]

Slightly more secure. But the most memorable methods of inserting "random" characters into words are not random at all, and have already been programmed into password-cracking software. o=0 and c=( are already variants used in dictionary attacks. "Every third letter" isn't random at all. Never mind that 7-character passwords are within the brute-force realm where it's possible to try every combination of ascii characters with a current graphics card.

If you want memorable, you're better off going long with nonsense phrases that have no meaning except to yourself and have not appeared in print or on wikipedia. (The "correct horse battery staple" method.) Have your music player spit out four random song titles and pick a word from each "mothra lust mirror coffee," or scan your bookshelves and pick four words from different books "india effect stones goblin." Adding two characters gives you more bang for your buck than *randomly* (with dice) substituting one. Non-random l33t substitutions don't help much at all.

[diet_poison]

This would have been a great comment if it weren't so damn condescending. Sheesh.

[thistlechaser]

Yep, this. At least make it part of a sentence or something. "Pokemon is the first member of my team!", switch Pokemon for your pokemon of choice. Pull out the first letters and get something like Pit1stmomt! as your password, where P changes based on your pokemon.

[(Anonymous)]

I'm currently working through DS9 myself.

[dethtoll]

Someone once suggested using map numbers and level names from old classic shooters like Doom. It works because you'd have, at minimum*, 8 characters with numbers and capitals and occasionally special characters! So, E1M1Hangar, or MAP20Gotcha!, or E1L2RedLightDistrict, or whatever. And these old games with all their sequels and expansions had hundreds of maps, so there's never a shortage.

* E3M8Dis is only 7 characters, lol

[cbrachyrhynchos]

Nope, if it's on the internet, assume it's in a cracking dictionary.

[(Anonymous)]

I understand and appreciate the "themed password" idea, but I actually hope for your sake that this is not exactly what you do.

Now that you've posted this, someone could start attempting a brute force crack of every known F!Ser's passwords using Pokémon names. They might get to you pretty quickly.

Now, that doesn't mean it will happen. If you're altering the spellings slightly, the difficulty goes up a lot. And your data may not be worth the effort.

[(Anonymous)]

yeah that's something that's absolutely likely to happen. totally. there's no reason to worry about this for something as inane as a forum account or what have you. i wouldn't use this for your bank login, but the paranoia here is a bit batshit.

[thistlechaser]

It's not paranoia, it's good password habits. Have a system that you always stick to, even on sites you don't care much about.