If you like the Picture Game, you'll love this.

[EthioKnight]

Hi there,
As the title says, this is a cool site, administered by a close friend, that you can play 'the game' on. It has a scoreboard system and challenges. Give it a whirl

http://motopicturing.com

[csmith12]

I joined and submitted a bunch of new tasks. I hope this takes off.

[PsHYk]

im down... =D
quick question... by bar girl you think they mean a girl at the bar or a bartender type or a waitress from a bar? XD

[Avenged7Fold]

Awesome! Just joined, although all of the current tasks are limited by age/location :P

[EthioKnight]

Quote:

Originally Posted by PsHYk

im down... =D
quick question... by bar girl you think they mean a girl at the bar or a bartender type or a waitress from a bar? XD

No idea...but I'm assuming something along the lines of a random chick at a bar/club that you can work your 'magic' on to pose by your bike...

[CZroe]

Hmm. No security icon. Harvesting usernames and passwords of forumers stupid enough to register with the same details, huh?

Just kidding, but it's a valid concern that may be limiting participation.

[EthioKnight]

Participation is surprisingly on the up and up (kinda proud of myself actually lol)...as to safety concerns, well, I can only speak for myself by saying that I have a unique system for generating new passwords for different websites, so I'm good

[CZroe]

Quote:

Originally Posted by EthioKnight

Participation is surprisingly on the up and up (kinda proud of myself actually lol)...as to safety concerns, well, I can only speak for myself by saying that I have a unique system for generating new passwords for different websites, so I'm good

I do too. In fact, I used it for about a decade before I realized that anyone targeting me could probably figure out my system with a couple intercepted plain-text passwords (they'd see a site-specific suffix). I now have a new system so it's less clear what I'm doing or which character(s) change from site to site. The old system worked fine for preventing one leak from being mined against other accounts by an automated system (email spammers; Facebook bots; PayPal hijacks; etc) but, if a someone wanted access to my account specifically, they could potentially figure it out by setting up something like that.

[I'm Fred]

Quote:

Originally Posted by CZroe

I do too. In fact, I used it for about a decade before I realized that anyone targeting me could probably figure out my system with a couple intercepted plain-text passwords (they'd see a site-specific suffix). I now have a new system so it's less clear what I'm doing or which character(s) change from site to site. The old system worked fine for preventing one leak from being mined against other accounts by an automated system (email spammers; Facebook bots; PayPal hijacks; etc) but, if a someone wanted access to my account specifically, they could potentially figure it out by setting up something like that.

Here's mine:

Take dices, shake them until you get a random serie of 6-8 numbers. Write them down, voila!

[CZroe]

Quote:

Originally Posted by I'm Fred

Here's mine:

Take dices, shake them until you get a random serie of 6-8 numbers. Write them down, voila!

Uhh, it sounds like two steps backwards so I think you're playing with me. Even ignoring the fact that you have them written down, numeric passwords are orders of magnitudes less-secure and could be brute-forced in seconds when run against a static resource (a file system can't force you to wait three minutes after five failed attempts). Not only that but you aren't even using 0, 7, 8, and 9 with that method!

[I'm Fred]

Quote:

Originally Posted by CZroe

Uhh, it sounds like two steps backwards so I think you're playing with me. Even ignoring the fact that you have them written down, numeric passwords are orders of magnitudes less-secure and could be brute-forced in seconds when run against a static resource (a file system can't force you to wait three minutes after five failed attempts). Not only that but you aren't even using 0, 7, 8, and 9 with that method!

That would be a concern for my passwords if I didn't forget to say to mix random letters inbetween numbers. Also, bruteforcing wouldn't work on forums/website that, like you said require to wait a certain amount of time after a certain amount of tries, so that's not a problem either

[CZroe]

Quote:

Originally Posted by I'm Fred

That would be a concern for my passwords if I didn't forget to say to mix random letters inbetween numbers. Also, bruteforcing wouldn't work on forums/website that, like you said require to wait a certain amount of time after a certain amount of tries, so that's not a problem either

No need to brute-force if I find your list, considering that you'd have to carry it around with you to have any chance of getting logged in using other services and machines and have to keep a backup copy somewhere to avoid losing access to all your services. That's why you aren't supposed to write anything down. You are supposed to make a password you can't forget with accommodations that make it more secure and a application-specific suffix that you can figure out if need be. If a password policy requires you to write something down and will not let you use your system, only then is it OK (must change weekly, can't use a previous password, must be XX% different, etc; hey: they asked for it).

As it is, I hope you don't save them electronically. I could easily brute-force access to your documents on an encrypted NTFS filesystem and get your entire list of passwords if you stored it electronically.

[I'm Fred]

Quote:

Originally Posted by CZroe

No need to brute-force if I find your list, considering that you'd have to carry it around with you to have any chance of getting logged in using other services and machines and have to keep a backup copy somewhere to avoid losing access to all your services. That's why you aren't supposed to write anything down. You are supposed to make a password you can't forget with accommodations that make it more secure and a application-specific suffix that you can figure out if need be. If a password policy requires you to write something down and will not let you use your system, only then is it OK (must change weekly, can't use a previous password, must be XX% different, etc; hey: they asked for it).

As it is, I hope you don't save them electronically. I could easily brute-force access to your documents on an encrypted NTFS filesystem and get your entire list of passwords if you stored it electronically.

As soon as you use them a couple of times you remember them quite easilly, atleast that's me

Also, you would need to have access to that said document. Meaning you'd need a remote access to my computer to put your hands on a lets say word document on my computer. So you'd first have to KNOW i have that said password file in my computer, and know it's name/where it is located. Then you'd need to RAT me.

And then you'd need to brute-force a combination of 12 random letters/numbers, which would take you ages. All that, to get access to my forum passwords?

[CZroe]

Quote:

Originally Posted by I'm Fred

As soon as you use them a couple of times you remember them quite easilly, atleast that's me

Also, you would need to have access to that said document. Meaning you'd need a remote access to my computer to put your hands on a lets say word document on my computer. So you'd first have to KNOW i have that said password file in my computer, and know it's name/where it is located. Then you'd need to RAT me.

And then you'd need to brute-force a combination of 12 random letters/numbers, which would take you ages. All that, to get access to my forum passwords?

Your friends and family don't need remote access. L0phtcrack has been around a long time!

[alex.s]

You lost me at "Hi there".

[nycsteve]

the good ole salted and peppered passwords!

[Sapper]

This site is down. Thread should be closed.

[Alex]

Agreed.

/closed