Please be careful with words. Longer passwords don’t take “5 years” or “400 years”. They take UP TO that time. They can also be cracked in 5 seconds with luck. And that’s where some hacking/cracking really gets a lot of its success: luck. It’s weighted luck in that skill is involved to improve the odds, but still, luck is a factor.

Great video exposing the dangers of poor, short passwords. The one issue I have with long passwords is the odds of making a mistake typing it in is very high, especially on a mobile phone keyboard. This is problematic when some sites lock your account after only a few tries.

I work in IT Security and i can't express how important this video is to everyone NOT using a longer password/password manager. That guide by Hive systems is beautiful but sadly you can't download it without a corporate email. Liron you should put a pdf downloadable link in your video description so everyone can have that image.

I got a lot out of this video. In particular, the relative risks of short and long passwords. Great job. Thank you, Liron.

I find it irritating that some accounts require you to use special characters, while other accounts don't allow special characters.

I have a few Word files on my Windows machine that have short passwords I can remember easily and most are the same. So after the video, I need to make more complicated, unique passwords which of course are harder to remember. My solution is to use the password generator in my password manager, create a complex password, copy the password from the generator and paste into the secure notes section of the password manager. There is an entry heading suggesting the Word file name for each file password protected and the complex password is in the body of the entry. So to use it, I open the Word file and in the password field paste in the appropriate password from the secure notes section of the password manager. Once set up, it is just a paste operation. The password storage is secure. The password can be very complex and I don't have to worry about where the passwords are stored.

I stumbled across this channel a while back. Must have been looking for help to do something with my computer. I subscribed immediately because the information, while technical, was also presented at a level I could use.

We studied this thing when I was a student and we calculated how much time it would take to brute force a password, I don't remember how, but I do remember that my password would take thousands of years to crack with the tech on that year lmao

I use passwords that contain characters not on the extended ASCII list, such as: ½+¼=¾ or 3²+2³=17¹ ; the ¾, ², ³, ¹ won't be on your list of millions of passwords. Sometimes those characters are not allowed so I just use a very long password with lots of special ASCII characters. That's true on phones as well.

I despair. I'm going to buy notepads, pencils and a flock of trained homing pigeons.

15 yr old daughter's friend cracked her iphone's password. they asked permission she said yes. now she made a better password since i told her basically the same thing. yep she didn't believe when when i showed her the power of linux but listens to friends 😑😅 great video

As usual another awesome video! Thanks for all the work you put into making these videos👍!

Thanks for scaring me. My favourite method of composing a password is to take the first line of a book "Scarlett O'Hara was not beautiful, but men seldom realized" and use the first letter of each word (or the last). In this case it is sownbbmsr and then add some decoration "sownbbmsr!*!". I believe that would be resistant to a hash file. BTW the book in this case is Gone with the Wind.

Protip: Never check your password "strength" on a password strength testing website. Some will obviously be collecting all passwords and making a dictionary out of them.

Great video again 🙂 Thanks for giving people nice security advices. If I can add something , it's not creating a password with commom names or people surnames in it (eg: cat35€Michael^685) they can be found in permutation dictionnary-based attacks . And my favorite advice : I sometimes use long latin sentences . Yep , latin words are never included in dictionnaries.

I have watched a few of your vids, so I figured its about time I left a comment. I really love your videos. Not because of the content, but because of the way you present them. Even though, I rarely come across things here that I dont already know, I watch them anyway because of the way you present them. it makes it super easy to send it to my non techie friends, since I know they will be able to understand it easily.

Been using the mixed caharcter 8 letter password for some time but it certainly looks like moving to 9 or 10 characters is really worth while.

I hate that browsers even ASK you to save passwords knowing that will be a honeypot for hackers to attack. Definitely worth disabling in the settings.

Which password manager is the best or should just create your own? Thank you for all your great videos. I have learned a lot.

Great advice, long passwords are way more secure and can be easy to remember. It's taken a while to convince some people at tbe office of this, but they are getting there. Also, i find it funny how those rainbow tables of passwords prove just how similar the vast majority of people are. Your short, 'unique' password likely isn't as unique as you think it is.

So isn't the solution 2-factor authentication. I always use a minimum of 12 characters, including, numbers, upper case, lower case, and special characters, plus 2 factors authentication on my phone. How can that be cracked?

OMG! Just made me realize why I use song titles and we'll known phrases and sayings. Thanks again. Your a genius. 👍

Thats a very helpful video, but can you please tell me how did you transfer the word document from your windows to your kali?

Again a big eye opener Liron so will be changing passwords to sentences that mine alone I hope. Those space passwords are clever.

YOU ROCK MAN - And a digital life saver too!! Thank You Liron. I already subscribed, and gave you a thumbs up.

Thanks for another great video! Do you have a link for the info graphic showing the correlation between password length and time to decrypt? Would love to share that with family & friends.

Liron, what do you think about password managers like Bitwarden, Lastpass, etc?

The problem with such a long password is you forget what it is and have to go through the process of coming up with another one. I have had the correct password rejected on some accounts and had to come up with a new one.

Awesome information. Thank you! Now beginning the long task of changing ALL of my passwords..... this is going to take a while 🤔

100 people think they are clever now by changing their passwords to "I subscribed to this channel!! lol

I let my password manager to generate one with 100 characters, then i copy and paste when needed, just seconds and give me more security. Only ones I cannot allow that are Google and Microsoft, because when setting a new phone or PC could be crazy to write the complete password 😅

Great Vid man

Excellent, as always!!🎉

Very interesting and informative! Thank you!

What are you using? A PC, how many cores, a video card? Remember hackers kinda made up the leet speek (replacing 3, with E) so they know to look for that. As well you are also using a found password lost file, so if the password is not in there it won't find it. Not really all of the info there to really show what you are doing.

So here I am, with 50 accounts with mostly different passwords. The whole account process is driving me crazy.

Thank you. This is definitely a "needed", and I really appreciate it.

Almost seems like a waste of time having a bloody password. Great video mate but scared the crap out of me 😱

Learned much on passwords today. Thank you. :)

Great video! You showed how Google Chrome's way of saving passwords is not secure. Is that also true of Apple's iCloud Keychain?

Appreciate the tips!

Aren't most portals limiting the number of failed login attempts? I thought it is like 3 or 5 attempts and your account is locked. So how can then these random tries break my password? Am I missing something?

Another fantastic video! Thanks for making our online life safer.

You have given me a very good idea for a password which I have modified upon so for that... Thankyou

Liron, several viewers have proposed using known-by-heart passages from favorite books, taking the 1st letter of each word to form the password. I use favorite lines from obscure poems in a similar way. How does this strategy score in your collection of password alternatives, please?

Hey Liron, could you do a video on expanding your battery life on smartphones please? It'll be very helpful and informative for us. Thanks.

Thank you! What about the Credentials storage?

Thank you for showing the vulnerability of storing one’s password in a browser. I have been suspect how hackers might backdoor into password keys.

My understanding was that the hackers didn’t actually have access to the password itself to work on like in this simple test, so aren’t they limited to a few tries and then locked out like the rest of us? Very interesting adding even one more to your pass can have that much effect.

I use pwr generator and I try not to save my passwords in a browser, but I still do not trust if they aren't saved somewhere in cookies or the browser even though I always click NO to save my password. Please make a video where you explain how to check if these passwords aren't saved somewhere and how to turn off this function or completely get rid of it.

THANK you very much really eye opening!!! i will change all my passwords. Namaste from Holland

Thanks very much for your demonstration, huge eye opener for many!

Always great value Liron. Thanks mate

Very fine, Liron. Congratulations for explains to education and conscientization on security.

SpongeBob Narrator Guy: One eternity later Liron Segev: Alright so it's been 12 hours...

Thanks for this awesome video! Much appreciated. One question: What about using Latin words, Hebrew words, AND storing them in the password lock boxes, such as Mcafee, or Advast, any of the security companies instead of using Chrome, or Google. Yes, Chrome and Google are extremely handy to use, but, at what expense?

Is it okay to copy & paste mega super long passwords from a list you keep in an encrypted excel spreadsheet? That way, i only need to memorize the mega super long password of the excel file.

Shares the app flatform u click at ur up bar of ur screen??????

Thanks Liron !! Very informative as always. I watch all of the videos and I appreciate all the hard work that goes into them. Keep up the great job !! 👍👍 ⭐️⭐️⭐️⭐️⭐️

I really appreciate everything that your sharing on your KZbin channel. They are very helpful. Thank you .

I do not understand why systems allow over perhaps ten or so bad password attempts before a significant time delay kicks in. This is what appears to happen on my Linux based cctv system anyway. I get five tries before I get a stern warning and a time out in the corner

Holy smokes man! Thanks so much for sharing your findings and putting this information up. All of your videos are excellent for learning the ins and outs of online safety and security.

I like having four random words and some random numbers in my password (1 English, 1 Italian, 1 French, 1 greeklish and some numbers sprinkled between them). I have some books i turn them in the same page and i pick 4 words in a way that i will remember them.

Wow..awesome video..thanks...this will be going out to my contacts

I have a custom built computer that will go through the rockyou wordlist in less then a second. I use a wordlist called weakpass which is 110 gigs, that has almost 10 Billion passwords. My PC goes through it in 17 minutes. I'm using an NVIDIA RTX 4090 GPU with 128 processors!

So, so true, especially of BikTek troll-hackers of their own customers.

All your videos are really good. Thanks very much.

NIST recommends long passwords and forget complexity. All complexity does, is make it very hard to type (and remember). I like Canterbury tales for phrases, including blanks when possible: "A clerk had litherly biset his whyle" You'd have to have my book to even start to guess and sometimes even spelling varies from edition to edition.

Good evidence that we should all use two factor authorization whenever possible. Its inconvenient but well worth the extra minute of time.

Amazing Video Liron, perhaps you can do a tutorial about Wi-Fi Router hacking and the best way of protecting a Router with a BETTER password, maybe using Kali Linux , please Liron, consider this buddy.

what about simple pswd's, but 2 passes thru the encryption algo?

Thank you very much for this very useful information. 🙏🙏

Very valuable information. Thank you very much

Very nice info, thanks. 👍👍👍

Thank you Liron, this is great

In 4:06 you said brute force?? Is it brute force or is it actually a dictionary attack?

Superb vid. Thanks!

Always great info thank you.

Super Great video Man , thanks

The best password is a made up word that doesn’t exist or a word broken up by special characters. Even a combination including random digits. Anything that uses a proper word, sequence of keys, etc even with substitute digits for letters will always appear on a list for brute force

What program is that at 7:16?

I use a password safe its on usb key not the cloud that generates 16 character alpha numeric special character passwords in combination with a yubikey and always implement two factor pin if vendor supports it or qrcode implemented codes with pin generated two factor and I still feel exposed 😕

Brute force time can be massively reduced by eliminating strings not equal to the password length. 15 char passwords. Only compare to 15 char brute force strings

Very informative video, thank you .

Gracias! I began 17 character passwords approximately 2 years ago for that reason.

It is high time a new secure way to protect our computer. How about unplugging the input cable after use.

hey i do keep all my passowords on chrome with an encrypted 22 letter with letters and numbers passphrase, all the passwords are google generated so 12 characters + numbers and special characters. am i safe? (ofc i do have 2FA on literally everything)

Excellent!!! Thanks for demoing.

If u live in a country with special dialects and special letters, u would have it easier making passwords since the words or phrazes u use isnt in any dictionaries and wordbooks. If u dont, then borrow letters from a another country :)

I am always wondering how my password (set with a language even google translate doesn't recognize spell phonetically in Latin alphabet ) fair against dictionary attack.

Well, woah ! Thanks for the tips 👍👍

This is a type of brute force attack called a dictionary attack. You can also brute force without a pre-existing list of words by randomly generating strings as you try.

How do I get my hands on this word list, I need to test the strength of my current password, thanks!

What if the number of "try" attempts are limited?

For years, for my client documents I have used one time only passwords that are around 10-15 characters long, and use a mixture of upper and lower case letters, numbers and special characters (?:*&% etc.). The stuff I do for my for clients is highly confidential... I then found out that one of my clients, when sharing the files with his colleagues would put a copy of the password into the filename "for ease". 😱

Thank you so much for this!!

You are the best. Very useful

hi, would u plz make a video on how to turn off the windows search indexer in windows 10, because it eats all the cpu when the pc left idle?

זה היה מעניין, תודה רבה!

what type of application are you using sir