Bought a Domain.

Posted on 9:08 PM by \\Camwi_003.exe*64

www.HacksByCamwi.com has been bought by me and I bought a web host, 300 Gigs Space, 3,000 Gigs Bandwith.

Also, Camwi_003@HacksByCamwi.com also goes to me.


Expect More website updates as time goes on.

My GCombat Minigun

Posted on 7:36 PM by \\Camwi_003.exe*64

Needless to say, Its epic, Its easy if you don't know how to make one.

Windows XP Commands for cmd.exe

Posted on 4:44 PM by \\Camwi_003.exe*64

ADDUSERS Add or list users to/from a CSV file
ARP Address Resolution Protocol
ASSOC Change file extension associations
ASSOCIAT One step file association
AT Schedule a command to run at a later time
ATTRIB Change file attributes

BOOTCFG Edit Windows boot settings
BROWSTAT Get domain, browser and PDC info

CACLS Change file permissions
CALL Call one batch program from another
CD Change Directory - move to a specific Folder
CHANGE Change Terminal Server Session properties
CHKDSK Check Disk - check and repair disk problems
CHKNTFS Check the NTFS file system
CHOICE Accept keyboard input to a batch file
CIPHER Encrypt or Decrypt files/folders
CleanMgr Automated cleanup of Temp files, recycle bin
CLEARMEM Clear memory leaks
CLIP Copy STDIN to the Windows clipboard.
CLS Clear the screen
CLUSTER Windows Clustering
CMD Start a new CMD shell
COLOR Change colors of the CMD window
COMP Compare the contents of two files or sets of files
COMPACT Compress files or folders on an NTFS partition
COMPRESS Compress individual files on an NTFS partition
CON2PRT Connect or disconnect a Printer
CONVERT Convert a FAT drive to NTFS.
COPY Copy one or more files to another location
CSCcmd Client-side caching (Offline Files)
CSVDE Import or Export Active Directory data

DATE Display or set the date
Dcomcnfg DCOM Configuration Utility
DEFRAG Defragment hard drive
DEL Delete one or more files
DELPROF Delete NT user profiles
DELTREE Delete a folder and all subfolders
DevCon Device Manager Command Line Utility
DIR Display a list of files and folders
DIRUSE Display disk usage
DISKCOMP Compare the contents of two floppy disks
DISKCOPY Copy the contents of one floppy disk to another
DNSSTAT DNS Statistics
DOSKEY Edit command line, recall commands, and create macros
DSADD Add user (computer, group..) to active directory
DSQUERY List items in active directory
DSMOD Modify user (computer, group..) in active directory

ECHO Display message on screen
ENDLOCAL End localisation of environment changes in a batch file
ERASE Delete one or more files
EXIT Quit the CMD shell
EXPAND Uncompress files
EXTRACT Uncompress CAB files

FC Compare two files
FDISK Disk Format and partition
FIND Search for a text string in a file
FINDSTR Search for strings in files
FOR /F Loop command: against a set of files
FOR /F Loop command: against the results of another command
FOR Loop command: all options Files, Directory, List
FORFILES Batch process multiple files
FORMAT Format a disk
FREEDISK Check free disk space (in bytes)
FSUTIL File and Volume utilities
FTP File Transfer Protocol
FTYPE Display or modify file types used in file extension associations

GLOBAL Display membership of global groups
GOTO Direct a batch program to jump to a labelled line

HELP Online Help
HFNETCHK Network Security Hotfix Checker

IF Conditionally perform a command
IFMEMBER Is the current user in an NT Workgroup
IPCONFIG Configure IP

KILL Remove a program from memory

LABEL Edit a disk label
LOCAL Display membership of local groups
LOGEVENT Write text to the NT event viewer.
LOGOFF Log a user off
LOGTIME Log the date and time in a file

MAPISEND Send email from the command line
MEM Display memory usage
MD Create new folders
MKLINK Create a symbolic link (linkd)
MODE Configure a system device
MORE Display output, one screen at a time
MOUNTVOL Manage a volume mount point
MOVE Move files from one folder to another
MOVEUSER Move a user from one domain to another
MSG Send a message
MSIEXEC Microsoft Windows Installer
MSINFO Windows NT diagnostics
MSTSC Terminal Server Connection (Remote Desktop Protocol)
MUNGE Find and Replace text within file(s)
MV Copy in-use files

NET
Manage network resources
NETDOM Domain Manager
NETSH Configure network protocols
NETSVC Command-line Service Controller
NBTSTAT Display networking statistics (NetBIOS over TCP/IP)
NETSTAT Display networking statistics (TCP/IP)
NOW Display the current Date and Time
NSLOOKUP Name server lookup
NTBACKUP Backup folders to tape
NTRIGHTS Edit user account rights

PATH Display or set a search path for executable files
PATHPING Trace route plus network latency and packet loss
PAUSE Suspend processing of a batch file and display a message
PERMS Show permissions for a user
PERFMON Performance Monitor
PING Test a network connection
POPD Restore the previous value of the current directory saved by PUSHD
PORTQRY Display the status of ports and services
PRINT Print a text file
PRNCNFG Display, configure or rename a printer
PRNMNGR Add, delete, list printers set the default printer
PROMPT Change the command prompt
PsExec Execute process remotely
PsFile Show files opened remotely
PsGetSid Display the SID of a computer or a user
PsInfo List information about a system
PsKill Kill processes by name or process ID
PsList List detailed information about processes
PsLoggedOn Who's logged on (locally or via resource sharing)
PsLogList Event log records
PsPasswd Change account password
PsService View and control services
PsShutdown Shutdown or reboot a computer
PsSuspend Suspend processes
PUSHD Save and then change the current directory

QGREP Search file(s) for lines that match a given pattern.

RASDIAL Manage RAS connections
RASPHONE Manage RAS connections
RECOVER Recover a damaged file from a defective disk.
REG Registry: Read, Set, Export, Delete keys and values
REGEDIT Import or export registry settings
REGSVR32 Register or unregister a DLL
REGINI Change Registry Permissions
REM Record comments (remarks) in a batch file
REN Rename a file or files.
REPLACE Replace or update one file with another
RD Delete folder(s)
RDISK Create a Recovery Disk
RMTSHARE Share a folder or a printer
ROBOCOPY Robust File and Folder Copy
ROUTE Manipulate network routing tables
RUNAS Execute a program under a different user account
RUNDLL32 Run a DLL command (add/remove print connections)

SC Service Control
SCHTASKS Create or Edit Scheduled Tasks
SCLIST Display NT Services
ScriptIt Control GUI applications
SET Display, set, or remove environment variables
SETLOCAL Control the visibility of environment variables
SETX Set environment variables permanently
SHARE List or edit a file share or print share
SHIFT Shift the position of replaceable parameters in a batch file
SHORTCUT Create a windows shortcut (.LNK file)
SHOWGRPS List the NT Workgroups a user has joined
SHOWMBRS List the Users who are members of a Workgroup
SHUTDOWN Shutdown the computer
SLEEP Wait for x seconds
SOON Schedule a command to run in the near future
SORT Sort input
START Start a separate window to run a specified program or command
SU Switch User
SUBINACL Edit file and folder Permissions, Ownership and Domain
SUBST Associate a path with a drive letter
SYSTEMINFO List system configuration

TASKLIST List running applications and services
TIME Display or set the system time
TIMEOUT Delay processing of a batch file
TITLE Set the window title for a CMD.EXE session
TOUCH Change file timestamps
TRACERT Trace route to a remote host
TREE Graphical display of folder structure
TYPE Display the contents of a text file

USRSTAT List domain usernames and last login

VER Display version information
VERIFY Verify that files have been saved
VOL Display a disk label

WHERE Locate and display files in a directory tree
WHOAMI Output the current UserName and domain
WINDIFF Compare the contents of two files or sets of files
WINMSD Windows system diagnostics
WINMSDP Windows system diagnostics II
WMIC WMI Commands

XCACLS Change file permissions
XCOPY Copy files and folders

Big Valve Update.

Posted on 7:55 PM by \\Camwi_003.exe*64

Updates for Portal, Half-Life 2: Episode 2, Team Fortress 2 and the Steam Client have all been released by Valve. The updates include:

    Portal and Half-Life 2: Episode 2
  • Added a new advanced video option that allows the user to easily change the field of view to any value they wish between 75 degrees and 90 degrees
  • Updated the particle rendering code and particle data files to make them compatible with the particle editor included in the Source SDK
    Team Fortress 2
  • Changed video options initialization to fix some HUD resolution problems in mods
  • Fixed crash issuing the last disguise command when not connected to a server
  • Fixed rare crash on exit
  • Fixed a couple of issues with gamestats reporting incorrect values
  • Fixed an exploit that allowed clients to crash servers
    Steam Client
  • Fixed input coordinates being off for the overlay in full screen OpenGL games on the secondary monitor
  • Fixed possible game overlay crash
  • Fixed incorrect reporting of app metadata
Restart your Steam Client to grab this set of updates.

My hard disk is broken! WHAT DO I DO?

Posted on 7:29 PM by gamei56

Hey.

Ever had a broken hard disk? Bet you did.

Well if you ever happen to have one, just... NEVER go to those hard disk repairing laboratories unless your data is extremely important and your life depends on that data. Those labs are so expensive, your whole computer's value will not even match up to the price they charge you for data recovery.

Ok. Let's start off with the symptoms:

  • Frequent freezes
  • Stuck on Windows loading bar forever
  • Corrupt files
  • Blue screens (NOTE: the blue screen can be caused by many things, not only by the HDD)
  • Appear to be repartitioned and unformatted
Don't format your computer just yet. Even if you think all hope is lost for your data, there is still little hope. Try out steps first.
  1. BEFORE YOU DO ANYTHING, take out your hard disk and shake it lightly. If you hear any metal clinging, then it's a good idea to just leave it alone, because it's probably broken and not fixable unless you give it to the hard disk repair laboratories.
  2. Try using a different cable for the hard disk.
  3. Run CHKDSK (short for microsoft checkdisk). It is a very useful tool and can fix your hard disk without having to do anything! Just know that running CHKDSK from the broken hard disk is a bad idea since your computer will probably hang during CHKDSK. The smartest way is either to run CHKDSK from the Windows Install Disk (recovery console) or move your hard disk to a different computer and run CHKDSK there.
  4. Try using a different third-party tool to recover your data. If it doesn't work... then I'm afraid there's not many choices left.
  5. Freeze the hard disk. Make SURE you put the hard disk in a waterproof bag and stick it in your normal freezer. Leave it for an hour and take it out. Let it warm to room temperature. Then put it in the computer and if it works, you just did a miracle. Quickly back up your data.
  6. Nothing's working... now. Try replacing the hard disk controller. This is a really extremely hard task. I'm not sure how to do this because I've never done it, but purchase a hard disk that is exactly the same to the hard disk. Remove the external PCB (the disk controller) on the broken hard disk and replace it with the new hard disk. Go easy with it- there's a high probability of breaking it.
If these steps aren't working, then I suggest you just give up on it unless those files are extremely high priority. It's really hard to recover data from a severely damaged hard disk... also costly as well.

If you happen to have any questions or if you happen to find something fascinating, then send me an email at gamei56@msn.com. I'd love to hear your stories.

Hello, my name is Monkey!

Posted on 7:10 PM by gamei56

Hello!

My internet alias is Monkey, and I have been with the computer since I was 3. I have been interested with technology ever since I used Windows 3.1. I had a few Garry's Mod servers before, and Camwi happened to join. We became friends online and we played online with each other. He invited me to contribute on Hacks&tweaks By Camwi. So I accepted the invitation and, well, here I am.

I am part of a few development teams and a few communities. I am a part of the M&W RP development team and the C&C RP development team. M&W RP is a community that I made with a friend named Wolly. You probably figured out already that M&W RP stands for Monkey and Wolly's RP now. C&C RP stands for Command and Conquer Roleplay, and I haven't made this one. C&C RP seems to have interesting ideas before it formed, and I am good friends with the development team before C&CRP was thought of.

I am part of the FPBU community's management team- standing for Facepunch Builder's Union. It is a Garry's Mod Build community that was formed on August 2007. I hosted and did my best to keep a server alive for the community, but unfortunately I gave up on it since I could not afford a proper server for it anymore. Consisting of 253 members, it is probably the biggest build group in Garry's Mod. This is where I met Camwi.

School hasn't ended yet for me- I live in Canada. Cold, dry place. Long winters, long summers, we just skipped Spring. We have no natural disasters here. The worst I've seen when I got here after immigration is a tornado watch. Never hit.

'immigration'

Yes. I was an immigrant in Canada. I am actually from South Korea. Not a very well known country, but I guess you could know it since they almost won the last World Cup, and the current U.N. head is a Korean. But I am now holding a Canadian citizenship and resigned Korean citizenship. This is old news now though.

So! I look forward to post more. But right now, I won't be as active since my computer broke, and I am leaving to Korea very soon.

Thanks for reading, and best regards,

Monkey

New Disturbed Album - Indestructible

Posted on 6:45 PM by \\Camwi_003.exe*64



Yes, its out, And its a little more heavy than the Ten Thousand Fists Album, but is Quite good, Includes the Current hit song "Inside The Fire."

You can find the album by PMing me on Myspace.




http://en.wikipedia.org/wiki/Indestructible_(Disturbed_album)

How to save a wet cell phone.

Posted on 5:01 PM by \\Camwi_003.exe*64

Ever dropped your cell phone in the sink, or even worse, the toilet? Did you ever leave it in your pocket and run it through the washer? It usually means you have to replace your phone, but sometimes if you're fast, you can save the phone.

Here's How.


  1. Get it out of the water as soon as possible. The plastic covers on cell phones are fairly tight, but water can enter the phone over time. But this time may be quite short - 20 seconds or less. So grab your phone quickly! If you can't get to it in time, your best bet is to remove the battery while it is still under water. Water helps dissipate heat from shorts that can damage the phone, so most damage occurs when the inside of the phone is merely wet and there is a power source.
  2. Remove the battery. This is one of the most important steps. Don't take time to think about it; electricity and water do not mix. Cutting power to your phone is a crucial first step in saving it. Many circuits inside the phone will survive immersion in water provided they are not attached to a power source when wet.
  3. If you have a GSM carrier, remove your SIM card. Some or all of your valuable contacts (along with other data) could be stored on your SIM. To some people this could be more worth saving than the phone itself. SIM cards survive water damage well, but some of the following steps are unnecessary i.e. don't heat it. Just pat it dry and leave it aside until you need to connect your phone to your cellular network. (This step does not apply to CDMA carriers such as Verizon, Alltel, US Cellular,Sprint, etc.)
  4. Dry your phone. Obviously you need to remove as much of the water as soon as possible, so you can save it from getting into the phone. Shake it out without dropping it, then use a towel or paper towel to gently remove as much of the remaining water as possible. Dry the excess moisture by hand.
  5. Remove any covers and external connectors to open up as many gaps, slots, and crevices as possible.
  6. Use a vacuum if possible. Do not use a hair dryer (even on a "cool" mode) to dry out the phone, as this may force moisture further into the small components, deep inside the phone. If moisture is driven deeper inside, corrosion and oxidation may result when minerals from liquids are deposited on the circuitry. Using a hairdryer might be a temporary fix, but this will eventually cause component failure inside the phone. Instead, remove all residual moisture by drawing it away with a vacuum cleaner held over the affected areas for up to 20 minutes in each accessible area. This is the fastest method and can completely dry out your phone and get it working in thirty minutes. Be careful not to hold the vacuum too close to the phone, as a vacuum can create static electricity, which is even worse.
  7. Use a substance with a high affinity for water to help draw out moisture. Leave the phone in a bowl or bag of uncooked rice over night. The rice would absorb any remaining moisture. If available, it is preferable to use desiccant instead. Desiccant will absorb moisture better than rice. It may be found under a brand name such as "Damp Rid" or "Dry Right".
  8. Let the phone sit on absorbent towels, napkin, or other paper. Remember that the goal is to evacuate all the moisture and humidity, not to trap it or add even more. Check every hour for 4 to 6 hours. If moisture is evident, repeat the vacuuming step and desiccant steps.
  9. Test your phone. After you have waited a day or so, make sure everything is clean and dry looking and re-attach the battery to the phone and see if it works. If your phone does not work, try plugging it into its charger without the battery, if this works, you need a new battery. If not, try taking your cell phone to an authorized dealer. Sometimes they can fix it. Don't try to hide the fact that it has been wet. There are internal indicators that prove moisture.


General Tips.

  • In most cases, if you pulled the battery out in time, cleaning the inside of your phone with cleaning alcohol (alcohol will displace the water) or contact spray will fix your problem. If there is even one drop of water left inside, it can ruin your phone by corroding it and making the wrong contact. If your phone is powering up but still acting strange after you have cleaned it, then you've missed some liquid or the corrosion has already occurred and disassembly and cleaning with a toothbrush and appropriate solvent may fully fix it. For the fainthearted, a skilled technician or engineer can often fix such an issue easily and quickly.
  • Excessive heat can damage your phone even more! Most phones have warnings about leaving them in your car or exposing them to heat. The main point is to completely dry the phone before applying power.
  • Use the LOWEST heat setting! or better still don't use heat at all, use a vacuum cleaner to rapidly draw all the residual moisture out, this usually takes about 20 minutes of care and patience turning the phone every few minutes to ensure all holes and outlets get accessed.
  • If your phone falls in the ocean or other salt water, rinse with fresh water before crystals can form after removing battery.
  • If your phone has been subjected to salt water crystallizing, gently tap the board and the chips with a plastic object (back of a small screw driver for example). The vibration of the taps will set some of the foreign objects free and they will fall out. Be careful and don't smash the board or the chips. A sharp enough blow will break the chips. Tapping very gently multiple times in multiple locations, especially around the chips, is a preferred method. And follow up with appropriate solvent cleaning afterwards to clean away any oxidation residue.
  • Try opening your phone if you can. You'll probably need a TORX screwdriver for that, but it's worth it. This may void your warranty, but it is likely the water damage already has.
  • If you know someone at your local high school's physics department, try putting your wet cell phone in the vacuum chamber at 2 psi for 1 hour. That will dry out parts you can't access as will the tip above regarding a vacuum cleaner if you have no vacuum chamber available.
  • Try holding a compressed air can STRAIGHT (upside down, sideways, or at an angle will shoot out a freezing liquid) and shoot into the crevices, speaker, mic, and keypad. Any excess water stuck should come out. If the can gets cold and you're not done, let the can sit a while before continuing, as cold air could make excess moisture condense onto parts deeper inside. This process should be followed by the other methods that use a vacuum chamber or vacuum cleaner to more thoroughly remove any deeper residual moisture and humidity as the phone must be totally dry inside to ensure no further failure later on. The contents of many "canned air" products can be poisonous. Follow all recommendations on the can label.
  • Since your warranty is void anyway, if you have further problems with your phone functions after trying the best methods to dry it out inside as soon as it got wet, then buy (RAZR needs Torx #4, #5, and #6) screwdrivers to open your case, since these are almost always specialized. Pick up a can of Contact Spray (electric contact cleaner)and douse the inside. It dries rapidly. Scrub any residue with a soft-bristle toothbrush. Spray with compressed air, and/or vacuum it out for several minutes to suck out further moisture and then carefully put it back together. Do not leave your phone wet for an extended period of time. Dry it out as soon as possible.
  • Place the phone in a vacuum chamber and active the chamber. Typically universities and specific industries will have a vacuum chamber available if you happen to know the right person. Water "boils" at room temperature, given enough time, meaning that it evaporates through bubbles even though it isn't heated. This method should be successful when the vacuum is maintained at room temperature for about 30 minutes.


  • Do not power on the phone. This is important as it will prevent a charge from running from the battery to the phone which may subsequently cause the phone to short.
  • Don't heat the battery or it could leak or explode. Lithium-ion batteries are sensitive. If you use an oven or hairdryer, make sure to remove the battery first.
  • If you use alcohol make sure to do so outside, and do not apply heat in any form, not even the gentle heat of a monitor. Do not hook up the battery until the alcohol smell dissipates.
  • Do not apply too much heat to your phone, as mentioned above. You don't want to melt or burn your phone.
  • Most modern phones have more than one liquid damage indicator (stickers that change color when wet) on them, only one visible to you (and sales/technician agents), and chances are, if the sticker under the battery is triggered, then the odds are that the internal stickers you can't access are tripped as well. This will still result in you paying a voided-warranty fee in the long run. Warranties don't cover water damage, insurance does. And not all insurance companies or plans will honor water damaged phones.
  • Even if all these steps are followed, minerals dissolved in the water can precipitate on solder and component pins, causing corrosion or shorting. Components pins are packed so closely together in a modern cell phone that even a small encrustation can create a short, rendering the phone inoperable.
  • Be warned that manufacturers place stickers that will display "void" once peeled and some will change colors in the presence of a liquid (usually turns blue or red). This helps techs know that you have dropped it in the water, as most cell phone insurance coverage policies don't cover water damage. Also note that these stickers have been known to change colors in extreme humidity as well.
  • Do not put the phone (or any electronic or metal-containing object) into the microwave. You will destroy electronic components and potentially the microwave.
  • For the semi-mechanically inclined remove screws and as a minimum crack the case open to allow moisture to escape. Cell phones are normally somewhat water proof so they can be used in the light rain and humid environments. This means that once moisture has entered the phone it is very hard for it to dry out. Getting the phone out of the water and IMMEDIATELY REMOVING THE BATTERY gives you the best chance of success.




Good Luck, and try to not be so clumsy.




Notepad++, Everyone Needs this.

Posted on 8:44 PM by \\Camwi_003.exe*64

Notepad++ is a free (free as in "free speech", but also as in "free beer") source code editor and Notepad replacement, which supports several programming languages, running under the MS Windows environment.

Get it here.

The supported languages by Notepad++ are: C, C++, Java, C#, XML, HTML, PHP, Javascript, RC file, makefile, nfo, doxygen, ini file, batch file, ASP, VB/VBS, SQL, Objective-C, CSS, Pascal, Perl, Python, Lua, Unix Shell Script, Fortran, NSIS and Flash action script. Notepad++ main features are: Syntax Highlighting and Syntax Folding, User Language Define System, Regular Expression Search, WYSIWYG (If you have a color printer, print your source code in color), Unicode support, Full drag-and-drop supported, Brace and Indent guideline Highlighting, 2 edits and synchronized view of the same document, User Language Define System.

Lets Talk Passwords, Predator By Request only.

Posted on 8:36 PM by \\Camwi_003.exe*64

Security companies and IT people constantly tells us that we should use complex and difficult passwords. This is bad advice, because you can actually make usable, easy to remember and highly secure passwords. In fact, usable passwords are often far better than complex ones.

So let's dive into the world of passwords, and look at what makes a password secure in practical terms.

How to hack a password

The work involved in hacking passwords is very simple. There are 5 proven ways to do so:

  1. Asking: Amazingly the most common way to gain access to someone's password is simply to ask for it (often in relation with something else). People often tell their passwords to colleagues, friends and family. Having a complex password policy isn't going to change this.
  2. Guessing: This is the second most common method to access a person's account. It turns out that most people choose a password that is easy to remember, and the easiest ones are those that are related to you as a person. Passwords like: your last name, your wife's name, the name of your cat, the date of birth, your favorite flower etc. are all pretty common. This problem can only be solved by choosing a password with no relation to you as a person.
  3. Brute force attack: Very simple to do. A hacker simply attempts to sign-in using different passwords one at the time. If you password is "sun", he will attempt to sign-in using "aaa, aab, aac, aad ... sul, sum, sun (MATCH)". The only thing that stops a brute force attack is higher complexity and longer passwords (which is why IT people want you to use just that).
  4. Common word attacks: A simple form of brute-force attacks, where the hacker attempt to sign-in using a list of common words. Instead of trying different combination of letters, the hacker tries different words e.g. "sum, summer, summit, sump, sun (MATCH)".
  5. Dictionary attacks: Same concept as common word attacks - the only difference is that the hacker now uses the full dictionary of words (there are about 500,000 words in the English language).
  6. No, I WILL NOT HELP YOU. This is strictly Informational.

When is a password secure?

You cannot protect against "asking" and "guessing", but you can protect yourself from the other forms of attacks. A hacker will usually create an automated script or a program that does the work for him. He isn't going to sit around manually trying 500,000 different words to see if one of them is your password.

The measure of security must then be "how many password requests can the automated program make - e.g. per second". The actual number varies, but most web applications would not be capable of handling more than 100 sign-in requests per second.

This means it takes the following time to hack a simple password like "sun":

  • Brute-force: 3 minutes
  • Common Word: 3 minutes
  • Dictionary: 1 hour 20 minutes

Note: "sun" has 17,576 possible character combinations. 3 letters using the lowercase alphabet = 263

This is of course a highly insecure password, but how much time is enough for a password to be secure?

  • a password that can be hacked in 1 minute is far too riksy
  • 10 minutes - still far too risky
  • 1 hour - still not good enough
  • 1 day - now we are getting somewhere. The probability that a person will have a program running just to hack your account for an entire day is very little. Still, it is plausible.
  • 1 month - this is something that only a dedicated attacker would do.
  • 1 year - now we are moving from practical risk to theoretical risk. If you are NASA or CIA then it is unacceptable. For the rest of us, well - you do not have that kind of enemies, nor is your company data that interesting.
  • 10 years - Now we are talking purely theoretical.
  • A lifetime: 100 years - this is really the limit for most people. Who cares about their password being hacked after they have died? Still it is nice to know that you use a password that is "secure for life"

But let's take a full swing at this. Let's look at "100 year - secure for life". It has good ring to it and it makes us feel safe. There is still the chance that the hacker gets lucky. That he accidently finds the right password after only 15 years instead of 100. It happens.

Let's step that up too and go for the full high-end security level. I want a password that takes 1,000 years to crack- let's call this "secure forever". That ought to be good enough, right?

Making usable and secure passwords

Now that we have covered the basics, let's look at some real examples, and see just how usable we can make a password, while still being "secure forever".

Note: The examples below are based on 100 password request per second. The result is the approach that is the most effective way to hack that specific password - either being by the use of brute-force, common words or dictionary attacks.

First let's look at the common 6 character password - using different methods:

In this example complexity clearly wins. Using a password with mixed case characters, numbers and symbols is far more secure than anything else. Using a simple word as your password is clearly useless.

Does that mean that the IT-departments and security companies is right? Nope, it just means that a 6 character password isn't going to work. None can remember a password like "J4fS<2",>

To make usable passwords we need to look at them differently. First of all what you need is to use words you can remember, something simple and something you can type fast.

Like these:

Using more than one simple word as your password increases you security substantially (from 3 minutes to 2 months). But, by simply using 3 words instead of two, you suddenly got an extremely secure password.

It takes:

  • 1,163,859 years using a brute-force method
  • 2,537 years using a common word attack
  • 39,637,240 years using a dictionary attack

It is 10 times more secure to use "this is fun" as your password, than "J4fS<2".

If you want to be insanely secure; simply choose uncommon words as your password - like:

A usable and secure password is then not a complex one. It is one that you can remember - a simple password using 3+ words.

It is not just about passwords

One thing is to choose a secure and usable password. Another thing is to prevent the hacker from hacking password in the first place. This is a very simple thing to do.

All you need to do is to prevent automatic hacking scripts from working effectively. What you need to do is this:

  1. Add a time-delay between sign-in attempts. Instead of allowing people to sign-in again and again and again. Add a 5 second delay between each attempt.

    It is short enough to not be noticeable (it takes longer than 5 seconds to realize that you have tried a wrong password, and to type in a new one). And, it forces the hacker to only be able make sign-in requests 1 every 5 seconds (instead of 100 times per second).
  2. Add a penalty period if a person has typed a wrong password more than - say - 10 times - of something like 1 hour. Again, this seriously disrupts the hacking script from working effectively.

A hacker can hack the password "alpine fun" in only 2 months if he is able to attack your server 100 times per second. But, with the penalty period and the 5 second delay, the same password can suddenly sustain an attack for 1,889 years.

Remember this the next time you are making web applications or discussing password policies. Passwords can be made both highly secure and user-friendly.