To try everything Brilliant has to offer-free-for a full 30 days, visit brilliant.org/Ardens/ . You’ll also get 20% off an annual premium subscription.
One thing quantum computers are millions of times faster then regular computers and this is early quantum computers so in the future they could be much much faster so a brute force will go from taking 20 years to 2 seconds (yes they are that fast)
"Hey its me, your (insert family or associate). I meant put some money onto (account) for you. Whats the password again?" Hearing that with no expectations of an attack or when you are stressed/very busy is all it takes for you to speak before you think.
Especially now that PayPal, SoFi, etc are all using these third parties that just ask for your BANK PASSWORD to be able to transfer money from bank to their accounts, basically normalizing this behavior and calling it "secure"
you know that you can navigate a web page with only the keyboard and when filling in multiple things it's way faster then reaching for a mouse or touchpad so it's not bullshit if it's like they guessed the things with hints though in reality the dude probably just going to run a shortcut so they're just going to be using the mouse
Dumpster diving worked ... in the 60s and 70s. My University printed the new users passwords on a shared printer accessible to all professors and post graduates. The sheet got there until someone get to claim it allowing a lot of time for anyone to copy it.
@@neoleonor7140 Off course there were: IBM 360 was launched in 1964, PDP 11 was launched in 1970, Centurion in 1964. Even microcomputers: Sphere was from 1975.
@@BentleyGaming-roblox But there were mainframes: PDP-1 was from 1959, IBM 360 was from 1962. In my University they used a PDP-11 to control the particle accelerators (a Pelletron and a LINAC yeah old stuff) since the 70s.
As a sidenote, it's much more efficient to make a password longer, than to add special characters, as the amount of possible passwords is the number of allowed characters to the power of the amount of positions. So simply making a passworld longer increases cracking time exponentially, while forcing the user to use a special character increases the time linearly and also makes the password much harder to remember
When i rented from a friend of mine who was paranoid about his cyber security, his wifi pasword was literally 100 characters long...which required him to keep it in a digital document he messaged to me to copy and paste....completely obviating the point of such a long password
If anyone's curious, I did some math: There's 52 possible letters you can use (26 lowercase and 26 uppercase) and 42 numbers/symbols. If you have an 8 character password with just letters, then you have 52^8, or 5.3×10^13 possible combinations. With special characters and numbers, you'd then have 84^8, or 2.5×10^15 combinations. Adding a ninth character to a password with only letters brings the possibilities to 2.8×10^15, about 12% more than making a character special. Say we have the same 8 character password, but a number and special character are required. Most people would only put one of each in their password, so a hacker might reasonably assume this. Interestingly, the password is not much better, with a total of 10*32*52^6*8*7, or 3.5×10^14 passwords possible. This is an increase of 663%, whereas adding a 9th letter increases the number by 5,200%, and assuming any character could be anything increases by 4,637%. This last scenario typically only happens if someone has a password manager.
I mean, condoms prevent you from receiving malicious (viruses) or just unwanted in a particular case (sperm) genetic data, which is not far from cybersecurity
Level 11: Rule based attack Basically a dictionary attack, however, an attacker has a list of predefined rules such as "replace the letter a with @" or "add a number to the end to the password" or "capitalise the first letter". These are useful for working with those pesky password policies. Although these attacks can still take a long time depending on the target
Level 12: Password spraying attacks A lot of services will block you if you attempt to try to log into a person's account too many times. Hence, attackers will only try 2-3 common passwords per an account before trying the next one. This is really good if you have hundreds of known or easily guessable accounts
@@Arceus3251 I wouldn't be so sure - social engineering tactics are a tactic anyone in security-focal roles can absolutely capitalize on, and from there, you have an effective attack vector. Human error is notably the most likely breach of security, and when you compare "human stupidity" versus "the size of the universe", you will find the former _vastly more infinite._
Here's one insanely impractical one: Using CPU vulnerabilities like Meltdown, a threat actor can probe a locked machine and try a password character by character. Since the CPU has already loaded the correct passwort into memory, the actor can see if the character is correct, based on how long the response takes. A correct character gets a slightly slower response, at which point the actor can start trying the next character until the whole password is know.
6:05 Huh, I'd like to see at least ONE reference to the term 'adversary in the middle attack' actually being used. I've always heard MITM or on-path attack.
Don’t delete the data in the drive, format the drive instead so that data recovery tools can’t even detect the file even existed. Don’t use ‘quick’ format options as that doesn’t override data that was on the drive in the first place. Deleting and removing data have very different meanings. Deleting removed the symbolic link to the file (so programs like RecycleBin can detect the file and restore the contents in the exact same directory of where the file was deleted), erasing it makes any data unreadable.
there's tools that overwrite drives with random bit values and then format to totally shred any residual data as I think some filesystems can retain a cache or something
Fun fact: if you memorize alt codes, you can generate a secure numeric string using more fancy ASCII characters. I actually hide a couple of these characters in my passwords just because I can, and it's fun hearing blackmailers get confused when an old account finally gets breached. Just make sure you use alt codes you can easily remember, like 256, 69, or 42. I'm not on my computer RN, so I can't demonstrate what these examples would be, but if you're crazy enough, you can have a password that uses only alt codes, and I'm considering integrating it as part of the arg handbook
@@JamesTDG 204 and similar are fun too, along with emojis, just make sure you don't need that account on other devices because emojis can be hard to match sometimes
The best brute force hacking tool: RNG to make a variable length string + RNG to fill each character of it + GPU = profit, or just use the infinite monkeys with typewriters
1:40 Actually, you would be shocked how many people would toss away sensitive data on paper or hard drives. It's extremely likely, and usually with older generations, that their passwords are written down. Or passwords are literally just, password123.
Is funny that as I progressed in my university cs study. I now understand more and more of what people are referring to, which is great cause I genuinely enjoy uni and learn a lot off actual useful cool shet. Edit: also my professor once told me most attacks actually came from within, because people can’t do much when the “attackers” is within the protections
3:51 Length is more important, and the latest recommendations from NIST emphasize length, not numbers and symbols. It used to be assumed a (one) short password would be easier to remember even if complex, but now we use lots of accounts, and in the "real world" the old rules cause vulnerabilities by people writing them down (see dumpster diving, shoulder surfing) or reusing them (credential stuffing).
Level 13 super brute force if level 12 doesn’t work Super brute force well basically always work because in like a few tries it’s like brute force, but But it’s the most efficient possible it gets more efficient every time you do it
The "credential stuffing attack" is probably more dangerous now. Now that we have Ai, in theory, it can probably guess each person's tendency and common words used in the password. Making it guess similar passwords that the users probably have. And this is wayyy more efficient than brute forcing attacks or dictionary attacks. So everyone, dont just make different passwords, make them different enough
#2 Yeah destroying drives is better than not, but mechanical destruction can often still be reversed (does make it harder, though) It's like how shredding doesn't make the documents secure, the info is still there, it's just mixed up. With enough patience (and lots of tape), you can unscramble it. So then they started cross shredding too, but, again, the data is still there, it's just harder to recover. This is why really sensitive documents are splotched with the same type of off black ink. But if it was a color printer you need to splotch each base color, too, or else the data is still recoverable. Then you cross shred it making it completely unrecoverable. If it was written, though, the only thing you can do is write over it with different characters, one at a time. And it has to be letters, not scribbles, because the scribbles are too uniform and the writing divets can still be seen. The only fix is to write actual characters down, multiple per single character spot. And you can often still pick out the individual letters, so it just creates a phase space where the answer still exists, but you have to parse an absolutely ton of crap.
To be clear, any divice works for dumpster diving. Cheap smart divices hold your wifi passwords, usally unencrypted. Also the part about him destorying the divice isnt a joke. Deleting files from a hard drive doesn't delete them. And even writing over them isnt always effective. Ssd's should be fine with wiping tho (not sure check yourself)
As someone who developed a working cross-platform brute forcing script it is really easy to break into accounts even if its a "level 1" hacking method.
For brute force, do special characters really help that much? The alphabet, lower and upper case, give you 52 characters, numbers give you an additional 10, and so do the standard 10 special characters. Wouldn't it be better to just add more characters?
Phishing is almost always successful in accessing a victim's account if the target is a child or an older person. These scammers can even trick you into handing over your account's token, thinking you're giving away someone else's information or hacking somebody else's account. Your sucess rate is 101% if it's related to cracked softwares, game expoits or adding google extension by developer mode.
I feel like those "top most used passwords" lists are misleading. They're obviously not sourced from proper databases, since those passwords are irretrievable. So they must be sourced from either full database dumps of insecure databases, or lists of compromised credentials. The latter, especially is always going to lean towards easy passwords. The former, dumps from databases that were insecurely storing passwords, might be a more accurate view of the kinds of passwords used in general, but it's still only a small view.
If you're reading this, it's been too long. Change your passwords before you forget again for six months. There's always a high likelihood your current credentials were included in a data breach. ALWAYS.
2:03 No, if you just delete it permanently, it is retrievable, and recoverable, even if it’s overwritten, so instead you smash the hard drive or SSD and destroy it into oblivion, or in more violent situations, the entire computer.
I thought brute force attacks were almost complete useless now due to systems having limited wrong attempts before locking the account and sending out warnings.
I hate that some companies will limit how LONG your passwords can be. Good luck every trying to get through the chorus of YMCA, but no, can't have passwords more rhan 18 characters long!
To try everything Brilliant has to offer-free-for a full 30 days, visit brilliant.org/Ardens/ . You’ll also get 20% off an annual premium subscription.
first 🤓🤓🤓
brilliant stop sponsoring every fucking youtube video i watch
@@number1-willstetsonsimp you're not the only one
One thing quantum computers are millions of times faster then regular computers and this is early quantum computers so in the future they could be much much faster so a brute force will go from taking 20 years to 2 seconds (yes they are that fast)
@@Torger726 hi n
you forgot the "call the person and openly ask for their password" it works more often than some would think...
"Hey its me, your (insert family or associate). I meant put some money onto (account) for you. Whats the password again?"
Hearing that with no expectations of an attack or when you are stressed/very busy is all it takes for you to speak before you think.
Idk man, fairly sure I'd notice if my dead father called me.@@starplane1239
So. What is your password?
Bold of you to assume I know my password
Especially now that PayPal, SoFi, etc are all using these third parties that just ask for your BANK PASSWORD to be able to transfer money from bank to their accounts, basically normalizing this behavior and calling it "secure"
"Dumpster diving attack has something to do with retrieving passwords from the cache or something, right? Oh, it's literal dumpster diving. Nevermind"
Level 11: Typing a bunch of stuff without touching the touch pad or mouse and then muttering "I'm in."
Works every time.
thats why i use it all the time
you know that you can navigate a web page with only the keyboard and when filling in multiple things it's way faster then reaching for a mouse or touchpad so it's not bullshit if it's like they guessed the things with hints though in reality the dude probably just going to run a shortcut so they're just going to be using the mouse
@@cameleon2mur80yapping
Bro on some penguins of Madagascar ass shit
@@gemstonepuppetcrying
The most powerful technique of all: Social engineering.
Can have the tightest security in the world, but a man's lips is the loosest.
but what about a woman's lips?
@@averagejoey2000bad down
isnt social engineering almost the same as phishing?
@@kylesnotepic Phishing is a form of social engineering
@@averagejoey2000same as a man of similar demographics
Dumpster diving worked ... in the 60s and 70s. My University printed the new users passwords on a shared printer accessible to all professors and post graduates. The sheet got there until someone get to claim it allowing a lot of time for anyone to copy it.
Aren't there no computers in the 60s or 70s
@@neoleonor7140there were, but very basic
@neoleonor7140 there was in 1962 I think
Before 1962 we only used PCs for Rockets and shi-
@@neoleonor7140 Off course there were: IBM 360 was launched in 1964, PDP 11 was launched in 1970, Centurion in 1964. Even microcomputers: Sphere was from 1975.
@@BentleyGaming-roblox But there were mainframes: PDP-1 was from 1959, IBM 360 was from 1962. In my University they used a PDP-11 to control the particle accelerators (a Pelletron and a LINAC yeah old stuff) since the 70s.
As a sidenote, it's much more efficient to make a password longer, than to add special characters, as the amount of possible passwords is the number of allowed characters to the power of the amount of positions. So simply making a passworld longer increases cracking time exponentially, while forcing the user to use a special character increases the time linearly and also makes the password much harder to remember
This assumes a brute force attack. Dictionary attacks don't care that much about it.
When i rented from a friend of mine who was paranoid about his cyber security, his wifi pasword was literally 100 characters long...which required him to keep it in a digital document he messaged to me to copy and paste....completely obviating the point of such a long password
The safest password I ever used was a three verse poem. Easy to remember because it rhymes and insanely long.
If anyone's curious, I did some math:
There's 52 possible letters you can use (26 lowercase and 26 uppercase) and 42 numbers/symbols. If you have an 8 character password with just letters, then you have 52^8, or 5.3×10^13 possible combinations. With special characters and numbers, you'd then have 84^8, or 2.5×10^15 combinations. Adding a ninth character to a password with only letters brings the possibilities to 2.8×10^15, about 12% more than making a character special.
Say we have the same 8 character password, but a number and special character are required. Most people would only put one of each in their password, so a hacker might reasonably assume this. Interestingly, the password is not much better, with a total of 10*32*52^6*8*7, or 3.5×10^14 passwords possible. This is an increase of 663%, whereas adding a 9th letter increases the number by 5,200%, and assuming any character could be anything increases by 4,637%. This last scenario typically only happens if someone has a password manager.
@@AkiraTheCatgirl0 kudos to you for actually crunching the numbers
That condom analogy caught me off guard lmaooo
On a cyber security video, why does this not surprise me…
So true, imagine watching the video in public and with no headphones
I mean, condoms prevent you from receiving malicious (viruses) or just unwanted in a particular case (sperm) genetic data, which is not far from cybersecurity
@@kwameappiahkumi5833 no living soul should ever watch any videos in public
Lmaol!!!!!
so many people got into my alt account to dox me that they can't even dox me anymore because there's 200 devices all in different places
That's pretty funny NGL
@@actuallyasriel if you think that is funny you haven't seen my sandbox the viruses are breaking each other by infecting the other viruses
@@cameleon2mur80
*Natural selection*
@@cameleon2mur80 Bro that's not a sandbox that's a petri dish
yo i got a biologist and a historian in the comments lets go
number 1 lesson in cybersecurity, you are always the vunerability. called the phishing attack one right off the bat
Did you update the report?
Level 11: Rule based attack
Basically a dictionary attack, however, an attacker has a list of predefined rules such as "replace the letter a with @" or "add a number to the end to the password" or "capitalise the first letter". These are useful for working with those pesky password policies. Although these attacks can still take a long time depending on the target
Level 12: Password spraying attacks
A lot of services will block you if you attempt to try to log into a person's account too many times. Hence, attackers will only try 2-3 common passwords per an account before trying the next one. This is really good if you have hundreds of known or easily guessable accounts
8:11 unexpect user on your family plan💀
ikr
"I know jackshit about cyber security"
I hold a degree in cyber security. This is significantly more than "jackshit"
Very informative, cheers!
If anyone knew as much as he said here, people's secuirty would be way safer and have a better life
@@dubbyplays It'd put me out of a job, though
@@Arceus3251 I wouldn't be so sure - social engineering tactics are a tactic anyone in security-focal roles can absolutely capitalize on, and from there, you have an effective attack vector.
Human error is notably the most likely breach of security, and when you compare "human stupidity" versus "the size of the universe", you will find the former _vastly more infinite._
Here's one insanely impractical one:
Using CPU vulnerabilities like Meltdown, a threat actor can probe a locked machine and try a password character by character. Since the CPU has already loaded the correct passwort into memory, the actor can see if the character is correct, based on how long the response takes. A correct character gets a slightly slower response, at which point the actor can start trying the next character until the whole password is know.
I like to imagine that Shitbird is used for Twitter
The real twist is that this video was not sponsored by a VPN or a password manager.
6:05 Huh, I'd like to see at least ONE reference to the term 'adversary in the middle attack' actually being used. I've always heard MITM or on-path attack.
Same
It was a joke I think
3:59 Imagine having that exact password and it randomly showing up here
Don’t delete the data in the drive, format the drive instead so that data recovery tools can’t even detect the file even existed. Don’t use ‘quick’ format options as that doesn’t override data that was on the drive in the first place.
Deleting and removing data have very different meanings. Deleting removed the symbolic link to the file (so programs like RecycleBin can detect the file and restore the contents in the exact same directory of where the file was deleted), erasing it makes any data unreadable.
there's tools that overwrite drives with random bit values and then format to totally shred any residual data as I think some filesystems can retain a cache or something
Formatting doesn't affect the data, it's still visible to recovery tools. You need to overwrite it as well or use full disk encryption
Can i physicaly burn it
@@svyetochkaum I'm sure that'd work as long as you do significant damage
@@svyetochka Yes. This is significantly more effective than any software-based solution.
Fun fact: if you memorize alt codes, you can generate a secure numeric string using more fancy ASCII characters. I actually hide a couple of these characters in my passwords just because I can, and it's fun hearing blackmailers get confused when an old account finally gets breached. Just make sure you use alt codes you can easily remember, like 256, 69, or 42.
I'm not on my computer RN, so I can't demonstrate what these examples would be, but if you're crazy enough, you can have a password that uses only alt codes, and I'm considering integrating it as part of the arg handbook
@@JamesTDG 204 and similar are fun too, along with emojis, just make sure you don't need that account on other devices because emojis can be hard to match sometimes
Having the password at 4:04 was either brilliant or accidental but I love it either way.
what password? i didnt notice any other paswords except k_O8v3
Man in the middle rolls better on the tongue. I'll keep using it or else also rename hangman to hangperson
no hangman is more iconic
its a joke....
transwomen are holding up our infrastructure so they had to change it smh
But he did use it....
lol let’s play a game of hangperson
7:29 Okay, that one was unexpected!
just under 1234567 and above 1234567890
**visible confusion**
6:13
*That one illegal hacker woman that was offended by the name be like*
The fuck are you talking about
@@jaceyjohnson8922 man-in-the-middle > adversary-in-the-middle... Like who cares that it is "man" in this case, it is man as in human and not man
The scrungle
@@gabrielarrhenius6252I think you mean huperson
@@jaceyjohnson8922 are you stupid or something
2:45 might as well worry about your vrginity getting stolen too
😏
i hate when hackers break into my home and do that
The best brute force hacking tool: RNG to make a variable length string + RNG to fill each character of it + GPU = profit, or just use the infinite monkeys with typewriters
The monkeys said they were hungry. Anyone got infinite bananas I could borrow
7:03 nice choice of anime right there
¿Name of the anime?
Anime?
@@bratluv57 Clannad
@@Camilux07 Clannad
1:40 Actually, you would be shocked how many people would toss away sensitive data on paper or hard drives. It's extremely likely, and usually with older generations, that their passwords are written down.
Or passwords are literally just, password123.
People laughing about the "treat your passwords like condoms" part but the one that made me laugh the most was "shitbird"
1:30 evidently you haven't seen my mother's work laptops
Still have my old laptops sitting around because E-waste poisoning is no joke.
@@SupersuMC Hers have the password taped over the camera, really shows her priorities
man i love your references,
"unless you are taking a train in tokyo during rush-hour" XD
Ayoo, I'm glad to see you're back! Hope to see more. Great video
sponsor ends at 5:26. you're welcome
It's usually exactly one minute long so if you skip one minute 70% of the time you'll skip just the ad
I love how “shitbird” is a common password.
When the police goes on a manhunt, I hope they change it to person-thingy-hunt too.
"Unless you're on a train. In Tokyo,at rush hours, and then having your password stolen should be the least of your worries" had me cracking up
2:10
I did this once to get on the family computer.
didn't we all
Is funny that as I progressed in my university cs study. I now understand more and more of what people are referring to, which is great cause I genuinely enjoy uni and learn a lot off actual useful cool shet.
Edit: also my professor once told me most attacks actually came from within, because people can’t do much when the “attackers” is within the protections
8:13 Always use your passwords like a .... , well, thanks, I leaned it well.😂
the "unexpected member of the family plan"
2:03 Green me stay alone ramp
I would love to see a video like this with the best hash function specific for storing passwords!
Another unusual type of attack is Clairvoyance
3:51 Length is more important, and the latest recommendations from NIST emphasize length, not numbers and symbols. It used to be assumed a (one) short password would be easier to remember even if complex, but now we use lots of accounts, and in the "real world" the old rules cause vulnerabilities by people writing them down (see dumpster diving, shoulder surfing) or reusing them (credential stuffing).
Level 2: You do not reliably destroy data by beating it. First, fry it in the microwave, then bake it in the offen and then smash it.
That Winney the Poo meme about S.Q.L. or "sEqUeL" was a personal attack.
Where's squeal
Rainbow table is not pasword:ifyouhackemeyouaregay
hacks you immediately (for legal reasons this is a joke)
p♂️ass♂️word
I mean thats rainbow so i guess
Which gay is this? The umbrella term for the lgbt+ or the dude who doesn't wear socks
The guys who says "homo" after doing something straight.
the art for this one is awesome.....................
Its been a minute, but hes back...
Level 11: An Hacking Organization level captable to Defeat AES-256 in just couple days
Level 12: A Guy who eats AES-256 as breakfast
My collage teachers still call it man-in-the-middle attacks
I dont think many people know, or care, about politicizing IT terminology
@@piroman85 so true, so when it happens it is just stupid
@ReaverSoul no
@@gabrielarrhenius6252 He is, you're just stupid.
Level 12: Asking (remember to say the magic word)
Level 13 super brute force if level 12 doesn’t work Super brute force well basically always work because in like a few tries it’s like brute force, but But it’s the most efficient possible it gets more efficient every time you do it
5:27 where the sponsor ends
Thank you, sir
You are the goat 💯
2:03 Just Format your HDD (without fast formatting), not destroying your computer
That is not a guarantee. For hard drives, if you really want to be secure, you need to destroy them. One way is degaussing.
The "credential stuffing attack" is probably more dangerous now.
Now that we have Ai, in theory, it can probably guess each person's tendency and common words used in the password. Making it guess similar passwords that the users probably have.
And this is wayyy more efficient than brute forcing attacks or dictionary attacks.
So everyone, dont just make different passwords, make them different enough
Very smooth ad-roll intro
What is your math confort level? 4:30
Me: 1+1
Yippie!! Finally I can crack the password of my pc I lost 2 years ago and didn't totally just found it
#2
Yeah destroying drives is better than not, but mechanical destruction can often still be reversed (does make it harder, though)
It's like how shredding doesn't make the documents secure, the info is still there, it's just mixed up. With enough patience (and lots of tape), you can unscramble it. So then they started cross shredding too, but, again, the data is still there, it's just harder to recover.
This is why really sensitive documents are splotched with the same type of off black ink. But if it was a color printer you need to splotch each base color, too, or else the data is still recoverable.
Then you cross shred it making it completely unrecoverable.
If it was written, though, the only thing you can do is write over it with different characters, one at a time.
And it has to be letters, not scribbles, because the scribbles are too uniform and the writing divets can still be seen. The only fix is to write actual characters down, multiple per single character spot. And you can often still pick out the individual letters, so it just creates a phase space where the answer still exists, but you have to parse an absolutely ton of crap.
*6:31** this should be "squeel". I heard one guy pronounce it like that*
To be clear, any divice works for dumpster diving. Cheap smart divices hold your wifi passwords, usally unencrypted. Also the part about him destorying the divice isnt a joke. Deleting files from a hard drive doesn't delete them. And even writing over them isnt always effective. Ssd's should be fine with wiping tho (not sure check yourself)
The Shoulder Surfing sounds so dumb that I thought you made it up
As someone who developed a working cross-platform brute forcing script it is really easy to break into accounts even if its a "level 1" hacking method.
“If brute force doesn’t work, you aren’t using enough of it”
For brute force, do special characters really help that much? The alphabet, lower and upper case, give you 52 characters, numbers give you an additional 10, and so do the standard 10 special characters. Wouldn't it be better to just add more characters?
complex passwords are difficult for the user, versus passphrases which are easy for the user but hard to crack. Your thoughts on that?
Dictionary Attack
PC: Use a dictionary to steal someones password
School:*GETS HEADSHOT BY 1800 PAGES OF WORDS*
I mean if somebody threw my country's dictionary at me I'd probably die or get severe brain damage
@@damy2433 I know right?
Don't forget about side channel attacks
3:59 which is now made to a couple seconds thanks to your video
Shitbird is a reference to talltales walking dead game series
Number 11: Oopsie daisy, your company accidentally made the database indexable on search engines
So that's why micros*ft tracks everything one does including his keyboard!
Dumper Diving works wonders in immersive sim games.
Phishing is almost always successful in accessing a victim's account if the target is a child or an older person. These scammers can even trick you into handing over your account's token, thinking you're giving away someone else's information or hacking somebody else's account. Your sucess rate is 101% if it's related to cracked softwares, game expoits or adding google extension by developer mode.
I feel like those "top most used passwords" lists are misleading. They're obviously not sourced from proper databases, since those passwords are irretrievable. So they must be sourced from either full database dumps of insecure databases, or lists of compromised credentials. The latter, especially is always going to lean towards easy passwords. The former, dumps from databases that were insecurely storing passwords, might be a more accurate view of the kinds of passwords used in general, but it's still only a small view.
Brute force goes hard, not only in this context.
brute force + quantum computer = absolute disaster
6:10 ah yes feminism 😂
no way ardens is alive!
06:30 Oh heck, that one got me. Exactly how I feel on the matter, too.
what a thorough and engaging review, learned a lot!
i pulled off the shoulder surfing on my friend
can't beleive that happened
Brute force is my favorite method.
One time I logged in my friends school computer that way.
"This is impossible! Never in my life would I be able to get this right!"
Guessing: 😏
just remember: your strongest password security is only as strong as your dumbest employee.
Why did my wifi crash once you said wifi eavesdropping??
Ardens what did you do ?
here's my foolproof measure against phishing attacks; I just don't check my email lol
If you're reading this, it's been too long. Change your passwords before you forget again for six months.
There's always a high likelihood your current credentials were included in a data breach. ALWAYS.
What position are you trying to get in your field of work if you dont mind me asking
I used the looking over shoulder tactic to snipe my sister's tablet password.
2:03 No, if you just delete it permanently, it is retrievable, and recoverable, even if it’s overwritten, so instead you smash the hard drive or SSD and destroy it into oblivion, or in more violent situations, the entire computer.
4:13 Tsar bomba with 1 second prep time
I thought brute force attacks were almost complete useless now due to systems having limited wrong attempts before locking the account and sending out warnings.
2:44 oh yes, the classic doujin plot
I hate that some companies will limit how LONG your passwords can be. Good luck every trying to get through the chorus of YMCA, but no, can't have passwords more rhan 18 characters long!
Thanks for letting me know those stuff, now I will go evil
Alternative method: Tortur- "Enhanced Interrogation Techniques"
Incredible use of memes, 100/10
aaaa why are your drawings so adorablee ,w,
What about mentioning the current attempts to remove passwords alltogether using Passkeys?
Brute force is like bogo, it could take between 1 and infinity attempts to get the right answer