Please be careful with words. Longer passwords don’t take “5 years” or “400 years”. They take UP TO that time. They can also be cracked in 5 seconds with luck. And that’s where some hacking/cracking really gets a lot of its success: luck. It’s weighted luck in that skill is involved to improve the odds, but still, luck is a factor.

@LironSegev

Жыл бұрын

its all about the odds and probabilities. The odds of your Upper Case, Lower Case, Special Character 9 character word or phrase being in the wordlist becomes smaller and smaller the more complicated it is. If you are that unlucky to pick a phrase that is in the wordlist, it can be seconds. But the probability of that is tiny.

@PhilMoskowitz

Жыл бұрын

And we're really talking about user passwords in a database. Even if it's a few seconds for each password, that's multiplied by millions of accounts.

@paradhoax

Жыл бұрын

@@LironSegev HI Mr Segev, Do you have any solution to unlock the bios password for Dell latest computers like 7400 etc...?! Ps : a software solution not removing the bios and flash it, I know this one. Thanks.

@jumbles1957

Жыл бұрын

Password entropy is Length * log (# of characters in character set)/log(2) Notice that length is the predominant term

@buggaboo2707

Жыл бұрын

@@PhilMoskowitz unless you can get administrative privileges, or the DB password. I mean even then perhaps everything is still encrypted, but I think most data is not secured properly

Great video exposing the dangers of poor, short passwords. The one issue I have with long passwords is the odds of making a mistake typing it in is very high, especially on a mobile phone keyboard. This is problematic when some sites lock your account after only a few tries.

@LironSegev

Жыл бұрын

true - unfortunately that's the price we have to pay these day for a security.

@LaurentiusTriarius

Жыл бұрын

I use very long passphrases in the form of little stories, when I do change them I take a piece of paper and copy it multiple times. Then I do the same on a keyboard. I found it easier to remember than shorter randomized letter and characters passwords.

@dragoniv

Жыл бұрын

Use a password manager--preferably, one that hasn't been hacked like one that rhymes with FastLass.

@klwthe3rd

Жыл бұрын

The answer to that is using a password manager like KeePass.

@roelsvideosandstuffs1513

Жыл бұрын

This

I got a lot out of this video. In particular, the relative risks of short and long passwords. Great job. Thank you, Liron.

I work in IT Security and i can't express how important this video is to everyone NOT using a longer password/password manager. That guide by Hive systems is beautiful but sadly you can't download it without a corporate email. Liron you should put a pdf downloadable link in your video description so everyone can have that image.

@LironSegev

Жыл бұрын

Thanks Kenneth! If you Google. Hive systems they jabe their yearly report and it's right there. Since I don't own it, it's probably best way to get that info.

@klwthe3rd

Жыл бұрын

@@LironSegev I clipped it using the snipping tool but I was hoping there would be a more professional download able pdf so I could share it with potential clients. Will go look again.

@LironSegev

Жыл бұрын

here is the link - you can download a high-res version: www.hivesystems.io/blog/are-your-passwords-in-the-green

@klwthe3rd

Жыл бұрын

@@LironSegev Yes but if you click on the download button, you'll see you can download the item without a corporate email. Thanks for your diligence anyway. 😁

I stumbled across this channel a while back. Must have been looking for help to do something with my computer. I subscribed immediately because the information, while technical, was also presented at a level I could use.

@LironSegev

Жыл бұрын

glad you stumbled :) Thats my aim: make tech simple so not only the geeks get it. We all use tech, so why shouldn't we all know this stuff? Appreciate you being here!

I find it irritating that some accounts require you to use special characters, while other accounts don't allow special characters.

As usual another awesome video! Thanks for all the work you put into making these videos👍!

@LironSegev

Жыл бұрын

My pleasure!

YOU ROCK MAN - And a digital life saver too!! Thank You Liron. I already subscribed, and gave you a thumbs up.

@LironSegev

Жыл бұрын

Appreciate you being here 🔥

Always great value Liron. Thanks mate

We studied this thing when I was a student and we calculated how much time it would take to brute force a password, I don't remember how, but I do remember that my password would take thousands of years to crack with the tech on that year lmao

@LironSegev

Жыл бұрын

perfect - 1000 years is plenty of time to change your password midway 🤣

@louf7178

Жыл бұрын

@@LironSegev Yes, because nothing is absolutely secure; high deterance is the practical goal. This is with any theft.

Great advice, long passwords are way more secure and can be easy to remember. It's taken a while to convince some people at tbe office of this, but they are getting there. Also, i find it funny how those rainbow tables of passwords prove just how similar the vast majority of people are. Your short, 'unique' password likely isn't as unique as you think it is.

I have a few Word files on my Windows machine that have short passwords I can remember easily and most are the same. So after the video, I need to make more complicated, unique passwords which of course are harder to remember. My solution is to use the password generator in my password manager, create a complex password, copy the password from the generator and paste into the secure notes section of the password manager. There is an entry heading suggesting the Word file name for each file password protected and the complex password is in the body of the entry. So to use it, I open the Word file and in the password field paste in the appropriate password from the secure notes section of the password manager. Once set up, it is just a paste operation. The password storage is secure. The password can be very complex and I don't have to worry about where the passwords are stored.

Thanks very much for your demonstration, huge eye opener for many!

Thanks Liron !! Very informative as always. I watch all of the videos and I appreciate all the hard work that goes into them. Keep up the great job !! 👍👍 ⭐️⭐️⭐️⭐️⭐️

Thanks for another great video! Do you have a link for the info graphic showing the correlation between password length and time to decrypt? Would love to share that with family & friends.

Again a big eye opener Liron so will be changing passwords to sentences that mine alone I hope. Those space passwords are clever.

@LironSegev

Жыл бұрын

yes!!! keep your stuff safe :)

Very fine, Liron. Congratulations for explains to education and conscientization on security.

Thank you. This is definitely a "needed", and I really appreciate it.

@LironSegev

Жыл бұрын

Appreciate you being here 🔥

I have watched a few of your vids, so I figured its about time I left a comment. I really love your videos. Not because of the content, but because of the way you present them. Even though, I rarely come across things here that I dont already know, I watch them anyway because of the way you present them. it makes it super easy to send it to my non techie friends, since I know they will be able to understand it easily.

@LironSegev

Жыл бұрын

I appreciate that!

Learned much on passwords today. Thank you. :)

All your videos are really good. Thanks very much.

Thanks for scaring me. My favourite method of composing a password is to take the first line of a book "Scarlett O'Hara was not beautiful, but men seldom realized" and use the first letter of each word (or the last). In this case it is sownbbmsr and then add some decoration "sownbbmsr!*!". I believe that would be resistant to a hash file. BTW the book in this case is Gone with the Wind.

Protip: Never check your password "strength" on a password strength testing website. Some will obviously be collecting all passwords and making a dictionary out of them.

@axolotique

Жыл бұрын

noted

Which password manager is the best or should just create your own? Thank you for all your great videos. I have learned a lot.

Very informative video, thank you .

OMG! Just made me realize why I use song titles and we'll known phrases and sayings. Thanks again. Your a genius. 👍

@LironSegev

Жыл бұрын

Happy to help and thanks for being here!

I really appreciate everything that your sharing on your KZread channel. They are very helpful. Thank you .

Hey Liron, could you do a video on expanding your battery life on smartphones please? It'll be very helpful and informative for us. Thanks.

Liron, what do you think about password managers like Bitwarden, Lastpass, etc?

Great video again 🙂 Thanks for giving people nice security advices. If I can add something , it's not creating a password with commom names or people surnames in it (eg: cat35€Michael^685) they can be found in permutation dictionnary-based attacks . And my favorite advice : I sometimes use long latin sentences . Yep , latin words are never included in dictionnaries.

@LironSegev

Жыл бұрын

100% - I am seeing more non-English words appearing in dictionaries these days, but absolutely use Latin words or any other language words that you can phonetically write in English.

@Hugh248

Жыл бұрын

I know lots of words that can be written using English letters, from another language i won't say which one though

@klwthe3rd

Жыл бұрын

@@LironSegev You are spot on. Even foreign words are finding their ways into rainbow tables these days.

@spocksvulcanbrain

Жыл бұрын

@@klwthe3rd And why wouldn't they. It's not as if hackers only attack those accounts from English-speaking users.

You have given me a very good idea for a password which I have modified upon so for that... Thankyou

I despair. I'm going to buy notepads, pencils and a flock of trained homing pigeons.

Very interesting and informative! Thank you!

@LironSegev

Жыл бұрын

Glad it was helpful!

Very valuable information. Thank you very much

Thats a very helpful video, but can you please tell me how did you transfer the word document from your windows to your kali?

I hate that browsers even ASK you to save passwords knowing that will be a honeypot for hackers to attack. Definitely worth disabling in the settings.

@LironSegev

Жыл бұрын

100%

@KWHCoaster

Жыл бұрын

I don't even like websites that let you save your account name/number.

Awesome information. Thank you! Now beginning the long task of changing ALL of my passwords..... this is going to take a while 🤔

Another fantastic video! Thanks for making our online life safer.

@LironSegev

Жыл бұрын

Happy to help!

Been using the mixed caharcter 8 letter password for some time but it certainly looks like moving to 9 or 10 characters is really worth while.

@LironSegev

Жыл бұрын

really does make a massive difference adding just one more character because of the additional permutations.

Thank you! What about the Credentials storage?

Holy smokes man! Thanks so much for sharing your findings and putting this information up. All of your videos are excellent for learning the ins and outs of online safety and security.

I use passwords that contain characters not on the extended ASCII list, such as: ½+¼=¾ or 3²+2³=17¹ ; the ¾, ², ³, ¹ won't be on your list of millions of passwords. Sometimes those characters are not allowed so I just use a very long password with lots of special ASCII characters. That's true on phones as well.

@buggaboo2707

Жыл бұрын

unicode

Thank you Liron, this is great

@LironSegev

Жыл бұрын

You're very welcome

Thank you for showing the vulnerability of storing one’s password in a browser. I have been suspect how hackers might backdoor into password keys.

Thank you very much for this very useful information. 🙏🙏

Appreciate the tips!

@LironSegev

Жыл бұрын

Happy to help!

Thank you for your time, sharing this critical information with us !!

@LironSegev

Жыл бұрын

My pleasure!

Thanks for this awesome video! Much appreciated. One question: What about using Latin words, Hebrew words, AND storing them in the password lock boxes, such as Mcafee, or Advast, any of the security companies instead of using Chrome, or Google. Yes, Chrome and Google are extremely handy to use, but, at what expense?

@LironSegev

Жыл бұрын

100% - I use phonetically spelt words such as Hamesh (5) or Bayit (home) - odds of people having those as part of a phrase are dramatically low

Great video! You showed how Google Chrome's way of saving passwords is not secure. Is that also true of Apple's iCloud Keychain?

Thank you so much for this!!

Superb vid. Thanks!

Always great info thank you.

15 yr old daughter's friend cracked her iphone's password. they asked permission she said yes. now she made a better password since i told her basically the same thing. yep she didn't believe when when i showed her the power of linux but listens to friends 😑😅 great video

thankyou so much for your VIDEO its so imperative..and everybody needs to KNOW

Amazing Video Liron, perhaps you can do a tutorial about Wi-Fi Router hacking and the best way of protecting a Router with a BETTER password, maybe using Kali Linux , please Liron, consider this buddy.

@LironSegev

Жыл бұрын

good idea

Excellent!!! Thanks for demoing.

@LironSegev

Жыл бұрын

My pleasure!

Almost seems like a waste of time having a bloody password. Great video mate but scared the crap out of me 😱

Excellent, as always!!🎉

@LironSegev

Жыл бұрын

Thank you so much 😀

So here I am, with 50 accounts with mostly different passwords. The whole account process is driving me crazy.

Very helpful!

Wow..awesome video..thanks...this will be going out to my contacts

@LironSegev

Жыл бұрын

Appreciate you being here and of course sharing!

Liron, several viewers have proposed using known-by-heart passages from favorite books, taking the 1st letter of each word to form the password. I use favorite lines from obscure poems in a similar way. How does this strategy score in your collection of password alternatives, please?

Thanks for the tips. The passwords I use have all those characteristics and are long, but I didn't realize the one about the "Browser'. Should I let "Edge" keep my Passwords and Google also, when I use these passwords?

@LironSegev

Жыл бұрын

I would use a Password Manager and not the browser

SpongeBob Narrator Guy: One eternity later Liron Segev: Alright so it's been 12 hours...

Very nice info, thanks. 👍👍👍

@LironSegev

Жыл бұрын

My pleasure

Thank you men 😊

Well, woah ! Thanks for the tips 👍👍

@LironSegev

Жыл бұрын

You bet!

You are the best. Very useful

@LironSegev

Жыл бұрын

Happy to help

The problem with such a long password is you forget what it is and have to go through the process of coming up with another one. I have had the correct password rejected on some accounts and had to come up with a new one.

My understanding was that the hackers didn’t actually have access to the password itself to work on like in this simple test, so aren’t they limited to a few tries and then locked out like the rest of us? Very interesting adding even one more to your pass can have that much effect.

@benidraco

Жыл бұрын

They are when they trie a online Atack but u can extract the Hash witch is the encryptet Password. They take the Hash copy it to a local achine and then u dont have to worry about this Systems and when u cracked the Password just log with that in.

thank you so much for knowledge

THANK you very much really eye opening!!! i will change all my passwords. Namaste from Holland

@LironSegev

Жыл бұрын

You're so welcome!

Super Great video Man , thanks

100 people think they are clever now by changing their passwords to "I subscribed to this channel!! lol

@LironSegev

Жыл бұрын

🤣

So, so true, especially of BikTek troll-hackers of their own customers.

Good evidence that we should all use two factor authorization whenever possible. Its inconvenient but well worth the extra minute of time.

@LironSegev

Жыл бұрын

100%

Gracias! I began 17 character passwords approximately 2 years ago for that reason.

BTW our "learning institutions should have teachers like you, then everyone would learn a lot!!!

Great Vid man

@LironSegev

Жыл бұрын

Appreciate you being here 🔥

I let my password manager to generate one with 100 characters, then i copy and paste when needed, just seconds and give me more security. Only ones I cannot allow that are Google and Microsoft, because when setting a new phone or PC could be crazy to write the complete password 😅

@Ken.-

Жыл бұрын

Not that this matters but a hash is only going to store so many possibilities, such that many shorter passwords will hash to the same as a 100 character long one.

I like having four random words and some random numbers in my password (1 English, 1 Italian, 1 French, 1 greeklish and some numbers sprinkled between them). I have some books i turn them in the same page and i pick 4 words in a way that i will remember them.

Thanks Liron

@LironSegev

Жыл бұрын

You got it

jokes on you my password is the first trillion digits of pi.

NIST recommends long passwords and forget complexity. All complexity does, is make it very hard to type (and remember). I like Canterbury tales for phrases, including blanks when possible: "A clerk had litherly biset his whyle" You'd have to have my book to even start to guess and sometimes even spelling varies from edition to edition.

what type of application are you using sir

Is it okay to copy & paste mega super long passwords from a list you keep in an encrypted excel spreadsheet? That way, i only need to memorize the mega super long password of the excel file.

I always use at least 10 characters, usually 12+, mixed case, numeric and special characters. And based on personal experiences or personal trivia. Yup, I NEVER let browsers save my passwords. I even don't like the idea of password managers (i.e. KeePass), putting all your eggs in one basket to me. I don't like storing passwords digitally anywhere, I prefer cryptic analog.

Excellent .

@LironSegev

Жыл бұрын

Many thanks!

What are you using? A PC, how many cores, a video card? Remember hackers kinda made up the leet speek (replacing 3, with E) so they know to look for that. As well you are also using a found password lost file, so if the password is not in there it won't find it. Not really all of the info there to really show what you are doing.

This is a type of brute force attack called a dictionary attack. You can also brute force without a pre-existing list of words by randomly generating strings as you try.

@LironSegev

Жыл бұрын

100%. I think of it as Brute force is the general type of attack, Dictionary is the method.

Great video

@LironSegev

Жыл бұрын

Thanks for hanging out here 👍

So isn't the solution 2-factor authentication. I always use a minimum of 12 characters, including, numbers, upper case, lower case, and special characters, plus 2 factors authentication on my phone. How can that be cracked?

@LironSegev

Жыл бұрын

2fa is a must but remember that even 2FA is not foolproof. There are ways to get around that too but 2FA makes it much harder for the average hackers/ scammer.

@JimboJones-qn4wd

Жыл бұрын

@@LironSegev Cheers mate, love, your work.

@chrisguli2865

Жыл бұрын

For max security use a 2nd phone 2FA with a phone number only you know and not in your own name. Avoid Google authenticator. Use another email you don't normally use and of course not one of the free ones. 2FAS has an additional password layer and you can back up the token file unlike with google auth. Increase the length to 23+ chars.

It's really the uniqueness rather than the number of characters when you're dealing with hashes.

@LironSegev

Жыл бұрын

true - by definitiion, the more number of characters you add to the mix the more uniqueness you introduce. Its a probability game IF the word is in the list in the first place of course

Good one

Aren't most portals limiting the number of failed login attempts? I thought it is like 3 or 5 attempts and your account is locked. So how can then these random tries break my password? Am I missing something?

what about simple pswd's, but 2 passes thru the encryption algo?

I use pwr generator and I try not to save my passwords in a browser, but I still do not trust if they aren't saved somewhere in cookies or the browser even though I always click NO to save my password. Please make a video where you explain how to check if these passwords aren't saved somewhere and how to turn off this function or completely get rid of it.

I knew from past experience that password protection in zip was very easily cracked (with the right utility) but have not tried other file types.

subscribed immediately

@LironSegev

Жыл бұрын

Appreciate you being here 🔥

Awesome 👍