I think it's worth mentioning that, if possible, you should change the default username. Some systems (routers, security cameras ect.) force you to change the default password the first time you login. But why stop there? Sometimes it should be mandatory to change the default username. That will improve security even further, since admin, root and similar are the most used usernames when talking about "non-personal" logins.
Nice one Willie, spot on! We've done audits and using a rig with a couple of GPU cards most of simple passwords get cracked in no time at all. 16 character minimum pass phrases is what is currently recommended over here for agencies with low security clearance.
You should obvioulsy use passphrases that are more random "harry potter and the chamber of secrets" is also a strong password according to the websites. However it's a common movie title and in would be "guesses" almost immediately. When chosing passphrases one should choose random words or better generate a list of random words for the passphrase.
now to get the big companies to change their password requirements so that they will accept passphrases rather than just the same basic 8 characters plus a number and special character. I am looking at you Microsoft.
Is "YankeeDoodleWenttoTown76" stronger than "Yankee Doodle Went To Town 76" ? In my mind, I feel the first is stronger because it's compressed into one word, with the same amount of letters, that doesnt exist in the dictionary
This is kind of related. Do you have a video or explanation of how to setup and use Windows Hello for Domain joined computers? I want to allow the use of Windows Hello PIN but no matter what I do under User Account>Sign-in it states controlled by your org and PIN option is not available. Any help or guidance would be appreciated. PS. Love your videos and watch them all the time, have helped so much in other areas.
I mean,,, I just typed in a random long password with a huge random combination of letters, capital letters, numbers and symbols and the site says it will take 688 trillion trillion trillion trillion trillion trillion years.. But does it really?? Because I often see video's where cybersecurity experts say that even if you have a very random password like that, it won't really matter how long it is cuz they say, strong computers can even guess those eventually, ofc not taking 688 trillion x6 years to do it. and therefor you always need to use some kind of 2FA at least to protect it quite a bit better. is this true? or is lets say a password of 40 random characters really "unguessable" if that is even a word xD?
@@WillieHowe Ofcourse, though sadly 2FA is not available for every site or service so when you just have a password like what I said in my last message, I really doubt it would take so many trillion years to crack it. Or is it really that hard?
@@PeterJohnson87 It depends on how the site store your password, some sites use hashing and salting but other sites just store your password in plaintext.
Pls someone explain, If the password requirements are: min 12 chars chosen from lower case, upper case letters, number, special characters. (2x26 letters, 10 numbers and let say 10 special characters are allowed, that makes a choice of 72 characters, That makes 72 to the power of 12 a huge number of possible passwords. And according to my comprehension of math, there is an equal possibility a random password would be 123456789012 , ABCDEFGHIJKL or aaaaaaaaaaaa or gijGf1-i%15F why I can't use then just lower case or no special characters in most systems when creating my password? These are all equally guessable with a brute force attack.
![Felix "Unfair" | [Stray Kids : SKZ-PLAYER]](http://i.ytimg.com/vi/Oswujxm2Ag0/mqdefault.jpg)
I think it's worth mentioning that, if possible, you should change the default username.
Some systems (routers, security cameras ect.) force you to change the default password the first time you login.
But why stop there?
Sometimes it should be mandatory to change the default username.
That will improve security even further, since admin, root and similar are the most used usernames when talking about "non-personal" logins.
Thanks! I don't share videos often but I will be using this one for years as a great teaching aid!
Nice one Willie, spot on! We've done audits and using a rig with a couple of GPU cards most of simple passwords get cracked in no time at all. 16 character minimum pass phrases is what is currently recommended over here for agencies with low security clearance.
Thanks. Your explanation and illustration is easy to understand, and appreciate the value of passphrase.
You should obvioulsy use passphrases that are more random "harry potter and the chamber of secrets" is also a strong password according to the websites. However it's a common movie title and in would be "guesses" almost immediately. When chosing passphrases one should choose random words or better generate a list of random words for the passphrase.
How would this method compare to the LastPass generator? Passwords are not phrase based, but could be 100+ characters.
Sentences like that, though, will end up in cracking dictionaries sooner or later, so it's only secure if you randomly select uncommon words.
Thank you for this, sharing with friends and family.
I need to ask you, how do you get your desk top computer which I have a dell, out of slow mode?
Nice. Not sure if using spaces is accepted in all software though? Also common phrases from music or movies is meant to be a no no.
Nice explanation. Keep up the great work! Be safe!
Great video Willie, stay safe.
now to get the big companies to change their password requirements so that they will accept passphrases rather than just the same basic 8 characters plus a number and special character. I am looking at you Microsoft.
So is a actually secure 100+ character long password better than passphrases and passphrases are just better for ppl who have 12- character passwords?
Is "YankeeDoodleWenttoTown76" stronger than "Yankee Doodle Went To Town 76" ? In my mind, I feel the first is stronger because it's compressed into one word, with the same amount of letters, that doesnt exist in the dictionary
Great video and great topic. Thanks.
great Video, what if you forget your passphrase?
This info is really good man
Expecting mor such videos on various security aspects in d dats to come
I liked d way u explained with examples n the websites
This is kind of related. Do you have a video or explanation of how to setup and use Windows Hello for Domain joined computers? I want to allow the use of Windows Hello PIN but no matter what I do under User Account>Sign-in it states controlled by your org and PIN option is not available. Any help or guidance would be appreciated.
PS. Love your videos and watch them all the time, have helped so much in other areas.
When a computer is joined to a work domain, Windows Hello is disabled. It is a part of Global policy. There is no supported way around it.
How to remove passpharse in microsoft surface laptop?
I need please help
Excellent
How it’s increasing from 618 trillion years down to 200 trillion years.?
I mean,,, I just typed in a random long password with a huge random combination of letters, capital letters, numbers and symbols and the site says it will take 688 trillion trillion trillion trillion trillion trillion years.. But does it really?? Because I often see video's where cybersecurity experts say that even if you have a very random password like that, it won't really matter how long it is cuz they say, strong computers can even guess those eventually, ofc not taking 688 trillion x6 years to do it. and therefor you always need to use some kind of 2FA at least to protect it quite a bit better. is this true? or is lets say a password of 40 random characters really "unguessable" if that is even a word xD?
@@WillieHowe Ofcourse, though sadly 2FA is not available for every site or service so when you just have a password like what I said in my last message, I really doubt it would take so many trillion years to crack it. Or is it really that hard?
@@PeterJohnson87 It depends on how the site store your password, some sites use hashing and salting but other sites just store your password in plaintext.
Air lock system
Dude u need to get to the point man to much bla bla butt I'm still subscrbing lol 👍 points
Pls someone explain, If the password requirements are: min 12 chars chosen from lower case, upper case letters, number, special characters. (2x26 letters, 10 numbers and let say 10 special characters are allowed, that makes a choice of 72 characters, That makes 72 to the power of 12 a huge number of possible passwords. And according to my comprehension of math, there is an equal possibility a random password would be 123456789012 , ABCDEFGHIJKL or aaaaaaaaaaaa or gijGf1-i%15F why I can't use then just lower case or no special characters in most systems when creating my password? These are all equally guessable with a brute force attack.