this post was submitted on 23 Aug 2023
540 points (99.3% liked)

Technology

59151 readers
3555 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

The scraped data of 2.6 million DuoLingo users was leaked on a hacking forum, allowing threat actors to conduct targeted phishing attacks using the exposed information.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 107 points 1 year ago (35 children)

Oh no. Now they know the aliased email address, unique password, and that I didn't try very hard to learn spanish.

(please note: this is a joke, I don't see anything about them getting passwords)

[–] [email protected] 32 points 1 year ago (33 children)

Something to note here - with AI, if you’re using any sort of heuristic for your password, it’s pretty simple to work out a pretty good set of possibilities which makes brute force even easier and puts you at risk across the board.

Always come up with random passwords that are as random as possible. If there’s a path you took to get to a password, in theory it can be worked backward.

For example I know some people who only change a single letter when changing their passwords which is ultimately trivial to guess if the old password was compromised (hence the need to change the password or the need to proactively work against this possibility)

[–] [email protected] 1 points 1 year ago (1 children)

That's why correcthorsebatterystaple is the best way to do passwords imo, just 4 random words with a random special character dividing them and a random number tacked onto the end. Good luck brute forcing that or using AI to guess 4 randomly generated words in the correct order.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

we were talking about password changes, not creation though

Guessing someone’s password with no prior history vs with an “averaged” prior history of the world/some large dataset are two different sized sets.

If you’ve got a feel for how the majority of people are changing their passwords, guessing those passwords is significantly easier when compared to traditional brute force

Edit:

Passphrases are fairly good too but I want to see some real word examples of AI trained on some password dumps to see how much better it performs in comparison to traditional brute force and through targeted info gathering. I’m curious to see if there’s any user friendly techniques that’d work against AI specifically and it’s ability to find patterns most people wouldn’t pick up on

load more comments (31 replies)
load more comments (32 replies)