I think it's worth mentioning that, if possible, you should change the default username. Some systems (routers, security cameras ect.) force you to change the default password the first time you login. But why stop there? Sometimes it should be mandatory to change the default username. That will improve security even further, since admin, root and similar are the most used usernames when talking about "non-personal" logins.
Nice one Willie, spot on! We've done audits and using a rig with a couple of GPU cards most of simple passwords get cracked in no time at all. 16 character minimum pass phrases is what is currently recommended over here for agencies with low security clearance.
You should obvioulsy use passphrases that are more random "harry potter and the chamber of secrets" is also a strong password according to the websites. However it's a common movie title and in would be "guesses" almost immediately. When chosing passphrases one should choose random words or better generate a list of random words for the passphrase.
now to get the big companies to change their password requirements so that they will accept passphrases rather than just the same basic 8 characters plus a number and special character. I am looking at you Microsoft.
Is "YankeeDoodleWenttoTown76" stronger than "Yankee Doodle Went To Town 76" ? In my mind, I feel the first is stronger because it's compressed into one word, with the same amount of letters, that doesnt exist in the dictionary
This is kind of related. Do you have a video or explanation of how to setup and use Windows Hello for Domain joined computers? I want to allow the use of Windows Hello PIN but no matter what I do under User Account>Sign-in it states controlled by your org and PIN option is not available. Any help or guidance would be appreciated. PS. Love your videos and watch them all the time, have helped so much in other areas.
I mean,,, I just typed in a random long password with a huge random combination of letters, capital letters, numbers and symbols and the site says it will take 688 trillion trillion trillion trillion trillion trillion years.. But does it really?? Because I often see video's where cybersecurity experts say that even if you have a very random password like that, it won't really matter how long it is cuz they say, strong computers can even guess those eventually, ofc not taking 688 trillion x6 years to do it. and therefor you always need to use some kind of 2FA at least to protect it quite a bit better. is this true? or is lets say a password of 40 random characters really "unguessable" if that is even a word xD?
@@WillieHowe Ofcourse, though sadly 2FA is not available for every site or service so when you just have a password like what I said in my last message, I really doubt it would take so many trillion years to crack it. Or is it really that hard?
Pls someone explain, If the password requirements are: min 12 chars chosen from lower case, upper case letters, number, special characters. (2x26 letters, 10 numbers and let say 10 special characters are allowed, that makes a choice of 72 characters, That makes 72 to the power of 12 a huge number of possible passwords. And according to my comprehension of math, there is an equal possibility a random password would be 123456789012 , ABCDEFGHIJKL or aaaaaaaaaaaa or gijGf1-i%15F why I can't use then just lower case or no special characters in most systems when creating my password? These are all equally guessable with a brute force attack.
