Microsoft: 99.9% of compromised accounts did not use multi-factor

Page 2 of 5 FirstFirst 1234 ... LastLast
  1. Golden's Avatar
    Posts : 1,635
    Windows 10 Pro x64
    Thread Starter
       #10

    TairikuOkami said:
    Paypal for example allows to use only 20 characters long password, that can be easily breached within days
    That doesn't sound feasible to me.

    For a 20 character password, assuming you are able to use the full mixture of numeric, alphanumeric and special characters on a keyboard, then:

    96^20 = 4.42 x 10^39 possibilities

    Assuming a single unit capable of 100 trillion guesses a second, then:

    4.2 x 10^39 / 100 x 10^13 = 4.42 x 10^13 seconds or 12,277,845,385 hours or 511,576,892 days or 1,401,580 years
      My Computers

  2. meebers's Avatar
    Posts : 1,291
    W10 20H2 .928 & W10 Insider
       #11

    What happens IF your 20 character password is the first one they guess??, would not assume that it would be the very last one
      My Computers

  3. Josey Wales's Avatar
    Posts : 24,772
    Win 10 Pro 19043.962
       #12

    z3r010 said:
    I just don't understand the resistance to 2FA, the majority of sites/applications only need to authenticate every 30 days or so and it is just so much more secure than a password alone, IMO not to use it when it's on offer is absolute stupidity.
    I do not either, it is not that hard.
      My Computer

  4. Golden's Avatar
    Posts : 1,635
    Windows 10 Pro x64
    Thread Starter
       #13

    meebers said:
    What happens IF your 20 character password is the first one they guess??, would not assume that it would be the very last one
    It doesn't quite work like that - each character has to be tested separately. There is no feasible way you can guess something like this in one go : ?Uj7%MfU<8X+vGFB+2Q
      My Computers

  5. meebers's Avatar
    Posts : 1,291
    W10 20H2 .928 & W10 Insider
       #14

    Josey Wales said:
    I do not either, it is not that hard.
    I wouldn't say is is hard, but maybe a little inconvenient. I use quicken to automatically download account data at once, now since I use 2FA, each account has to be done separately. Sign in, select where to send code, retrieve code, enter code and then download data. Keep telling myself it is "worth" it.

    - - - Updated - - -
      My Computers

  6. TV2's Avatar
    TV2
    Posts : 1,771
    W10 Pro 20H2
       #15

    Golden said:
    There is no feasible way you can guess something like this in one go : ?Uj7%MfU<8X+vGFB+2Q
    Hey! That's my password!
      My Computers

  7. Try3's Avatar
    Posts : 7,530
    Windows 10 Home x64 Version 20H2 Build 19042.928
       #16

    TV2 said:
    password
    Hey! That's mine.

    Denis
      My Computer

  8. jimbo45's Avatar
    Posts : 10,503
    Windows / Linux : Arch Linux
       #17

    Hi folks

    Banks and other financial institutions send you a code to another device e.g a phone to complete login process.
    I don't think the process itself is particularly onerous -- it's the entering of some random code -- with banks it's often simply a 5 or 6 digit number so it's relatively easy.

    The code doesn't have to be complex etc -- since the response has to be made from a designated phone or device.

    Why make a reasonably secure process bonkersly complicated.

    Cheers
    jimbo
      My Computer

  9. sygnus21's Avatar
    Posts : 5,422
    Win 10 Pro (x64) 20H2 (19042.928)
       #18

    TairikuOkami said:
    Paypal for example allows to use only 20 characters long password, that can be easily breached within days.... [snip]
    PayPal also allows (suggests) 2FA.

    The "resistance" I had to 2FA is the inconvenience of having to read an email or text to receive the 2FA code to complete the sign in process. At first I turned 2FA off after setting it up, but the world we live in today has made me embrace it. As annoying as it is, it at least adds a another layer of protection. And at the very least I'm notified of an attempted login.

    Anyway, I see nothing wrong with companies asking users to use 2FA to protect themselves. Agree with Kari and z3r010, the resistance around this is stupid.
      My Computers

  10. swarfega's Avatar
    Posts : 7,104
    Windows 10 Pro 64-bit
       #19

    z3r010 said:
    I just don't understand the resistance to 2FA, the majority of sites/applications only need to authenticate every 30 days or so and it is just so much more secure than a password alone, IMO not to use it when it's on offer is absolute stupidity.
    I always use 2FA when available.
      My Computers


 
Page 2 of 5 FirstFirst 1234 ... LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 22:14.
Find Us




Windows 10 Forums