We've all been there: you've got an unopened can, an unscrewed screw, something to be measured, an unopened bottle, and you don't know what time it is--an everyday conundrum! Solve all those problems and more with the All-Access Card! This tiny credit card-sized tool has juist about everything: can opener, knife edge, screwdriver, ruler, can opener, 4-position wrench, butterfly screw wrench, saw blade, sun compass, and another wrench just to show off! We're giving away 10 All-Access Cards (a $9 value each) free for people who enter our weekly giveaway at gimme.scamstuff.com More on the All-Access Card: www.scamstuff.com/products/10-function-credit-card-tool-kit Congrats to the winners of last week's Lace Escape Tool giveaway: Lavi Glassman, Louis Buck, Corey Posnanski.

I have the best defense of all against bank hacking: a negative balance.

Fun fact: according to the password strength check website I found, the title of this episode is a pretty secure password.

My favorite, I think from Steve Corell: I Change all my passwords to "incorrect". So whenever I forget, it says, "your password is incorrect"

"The Longer the better" - Jason Murphy 2017

Not a fan of online password managers. Sounds like a company with a massive target on its back to me. No company is flawless; breaches and exploits are going to happen. It's just a matter of time, especially if it gains popularity.

"I AM VERY PROUD OF MY PASSWORD MAKING SKILLS" -- Brian sings after typing his most secret password on a site, who's owner he does not know and intention he has not learned. That password is now on a secret list to hack Brian Brushwood somwhere in Russia or USA :)

"Starwar's Password?" "I 've retired that one... Long ago..." So close... Should have said, ""A long time ago in a galaxy far, far away."

My steam account was literally hacked today but meh two-step verification on my email stopped that bugger! The hacker then tried to sign into my email! My SMS two-step verification stopped the hacker again! This is the second time a hacker has lost lol!

This episode is spot on! When I do penetration testing, password reuse is one of my favorite things to exploit! What's even better is when people used to use the same password everywhere, but now has switched to using a password manager... USING THEIR OLD PASSWORD AS THE MASTER PASSWORD! Talking about making my job easy.

when I was younger my first Runescape password was "Farts"

Serious question: How worried should I be about LastPass (or any other password managing software) being compromised and/or stealing my passwords themselves?

episode about password security, and then at 14:02 they enter their passwords at some randon website over a "Not secure" network. nice job

That’s insane. When I was a kid, I used “Star Wars” for the password on my old computer. (The computer and hard drive are long gone.) as an adult, I realize that it wasn’t the most amazing password in the world. But, I had no idea so many other people had the same password.

This video (or, more accurately, the day of the week this video was uploaded on) confused my world. I thought "what, the Modern Rogue uploaded, is it Friday?! Is life even real?! Is the universe a hologram?! How am I eating this food when 'there is no spoon?!'" So, as you can tell, when you change your uploading schedule by one day, it can give a person an existential crisis. A little warning next time.

"strip him of EVERYTHING" -Brian, 2017

"What are you Shaggy?" haven't heard that reference in years

I'm very happy with how your channel is coming about. Been a fan since around 100k, and I'm really happy for your success! I hope that even when you get really big you keep making videos like this!

Putting your passwords for all your vital things into a random jank looking website that is not a verified https domain is the smartest thing I have seen all week. Besides that fun video gentlemen.

Plottwist: there was a keylogger installed on that laptop

Around 20 random characters with no correlation to each other forcefully memorized for each account ever. I win.

I've been using LastPass forever, swear by it. It's amazing how many passwords you have when you start logging them. Having each one unique and not having to remember them is awesome. I wish 2FA was more prevalent, particularly in the banking industry. Enjoyed the vid. Keep up the good work :)

This show is like a crossover between mythbusters and teleshopping

As an IT guy, your password won't do shit to protect you. As long as their database has a breach, we are all fucked up

Also is using a different language for your password better or worse as its a detail thats easy to figure out about you (that you know that language) or is it better becouse its less wide spread like english is?

Modern Rogue: "Your password sucks" Me: *Sweats Nervously*

Actually there was a flaw in the design of the Enigma machine which allowed the Allies to crack it, but yes the flawed human users were a contributing factor. Numberphile has a great video on it, well worth a watch.

MR: Says phrase passwords are secure vs random passwords Also MR: Look at how secure this character jumble is

Love your videos, Modern Rogue! Keep up the good work.

One of the things I do with my passwords is nicknames of people important to me, combined with a date that's important to our relationship, combined with a description of the activities we did on that day. It's things only known to me and that other person, and it's generally long, which is as you said is one of the biggest factors in security.

We need an episode on cigars!

One of the easiest combinations to use is Pass-phrasing, pick two to three random words, add/remove spaces, add/remove capitals, add/remove special characters and you have a nearly impossible password that's still relatively easy to remember.

if you get an old password for gmail and the victim has a youtube account you can use when was this account created as a security question! the answer will be on the youtube about page.

When you said "why wouldn't a person have a second lock on their door, would they just rather leave it open all the time? haHAA" you have to think about how practical it is for certain services to ask for multiple "keys" to a "door". Sure, I'll use as many security measures to secure my bank account, but I'm not going to barricade my door every time I go to the store to pick up milk. All and all this might have sounded like an angry rant, but I really enjoyed this video and I feel like you overlooked practicality. :)

Brian's email password: Length: 13 Uppercase: No Symbols: No Lowercase: 8 Numbers: 5 ??????X??[0-9][

You guys always have the best passwords... er... sponsors!

LastPass is cool because you only have to remember 1 master password and the rest can be 100 Digit random characters that you never have to remember.

The most important thing with passwords is to have a different password for each site you're using. Because the number one way that people get hacked is because there is one leak, on one website, and they will use a bot to sign in to a banking site, or amazon using the emails, and passwords they got from that leak. It's very rare for someone to be specifically targeting you, so even changing a single character in each password is going to make your accounts more secure. If you really want to be secure use a password generator, and write your passwords onto a piece of paper, or use an encrypted password manager.

Anyone know his cats name

According to that Password Meter site used in the video, "Summer2017!" is a 100% strong password. Please don't assume an algorithm on a website can tell you if your password is strong or not.

The number one way to not get hacked is don't tell anyone your password. How do most drug dealers get caught? They told someone they shouldn't have. Everyone would be safer if they kept their collective fucking mouths shut

You know, learning German, I was thinking the whole time of passwords in English and German, then I realized that mixing words from other languages into one password would work amazingly! It may not be a word the software would guess at all (particularly obscure words), and it's very unlikely that it would pick random words from 3 or 4 languages and mix 4 full dictionaries to find it! *I STUMBLED UPON THE PERFECT SECRET!* Random foreign obscure swears! Especially if you also add umlauts, accents, and Ñ if possible in that password service.

Are you guys actually kidding? Why would you give all your passwords to one website? Someone can just hack that website.

I can't stop laughing at the way Brian said, "You have a bad friend." XD XD XD XD

Making all your weaknesses able to be found in one place.....smart... legitimately same scenario as having all your passwords the same because they only have one obstacle to overcome to get all your info... thats like hiding something from a tolder inside their toy box.... the net is what hackers play with, just because its out of your hands doesnt make it safe, write it down, put it on paper, hide paper.... unaccessible to hackers period

I use a password manager because of a personal recommendation from a friend. Highly recommend finding one. LastPass is solid, as is 1Password, and Nord's password manager. The trick is, you have to actually use it. The other trick is, be aware that the master password you use is crucial to keep secret. Do not write it anywhere unless it's on paper in a safe or something. Make it something memorable, but also difficult to guess, etc. LastPass and 1Password are named that way because the master password should be the only password you need to remember. From there, you can (and should) use strong passwords for everything, which you don't need to remember.

This reminds me to change my YT password since its shit

Yeah you guys ant the MR keep uploading stuff like this man. How can I not love you guys

sup

Best possible protection is to not keep your entire life on a bloody phone!

Look at my username, you think my password is short?

An extremely annoying thing about making long passwords is not that they are long, but instead some websites won't allow you to use say more than 16 characters. This includes many sensitive information websites that you'd totally want more room to have a password as long as you'd like. If a free forum hosting website that nobody really cares about doesn't really limit password length, why in the world does a damn bank limit them? Some even go as far to limit certain characters. WHY? MORE IS BETTER YOU FOOOOOOLS.

hash and salt my friends, hash and salt

8:20 "SMS is no longer" um it never was. always been an insecure openly broadcasted mess but since it's been commercialized by the providers the general public didn't care much

Just search random password generator on google and save it

Love that disclaimer at the end about the passwords. You know someone was trying to look at them and be naughty lol

"Hmm, why did Brian change all his... !" "Ooooooooh."

A bit a of a trick I've used for passwords (as a math major and a nerd) is that I write 2 or 3 numbers nearby my computer, and then I have a series of equations that I run those numbers through, now only I know the equations is easy to remember, so if I forget my password is 123893754803245623643924132, It's relatively easy to type those 2 or 3 numbers through the calculator on my phone in an order that only I know but use for all my passwords. So I can safely keep all my passwords written down without actually writing them down. And since letters are more secure than numbers I can have different number strings correlate to letters or words.

I've been using Last Pass for months now and absolutely love it! Add a VPN and you feel invincible online...

If they told me to put in my passwords for that contest, I'd be like, "Well, all of my passwords are just randomly-generated gibberish stored in LastPass", haha. Of course, before I found LastPass, I was one of those poor sods who didn't even have a wall-- I mean, used the same password for every website, with small variations when there were "rules" to be followed. Bonus points if you caught the reference.

I am glad you made an episode about this since secure passwords are so undervalued. I also understand lastpass sponsored the video but I think you are doing a disservice to people by not listing options.

I literally used to login to my preschool teacher’s computer whenever she left the classroom. She’d change the password almost everyday, yet I could still get in. Good times...

Hey guys, I'm actually NOT sponsored to say this like they are but I have to agree with the MR guys, LastPass is fantastic for keeping track of super secure passwords. I've used it for about a year and it's really a life saver.

I often write a word and then encrypt it with a Caesar Cipher (like Vigenere Cipher) and then use the result as a password. So that way it is pretty much a seemingly random letter sequence (often with a couple numbers added for good measure) and not a word someone could guess.

Upvoted purely for the new sponsor, LastPass is awesome!

Another thing... Well two things that are kinda related. First is using guest checkout. For most sites, if you can go without a password, you're better off. It would be nice if this was more of a standard than not for commerce sites. Furthermore, most of our site interactions aren't storing useful information. Social media sites SHOULDN'T store birthdates, phone numbers, addresses, etc. but rely solely on people sharing their usernames personally with their family, friends, etc. It's a bad practice that shouldn't have ever been put into place. Treat everything you can as a burner account. (the closest we have other than the above mentioned "guest accounts" is that some credit cards offer rotational one time use CC numbers, [and in m line of work I have seen this used for one particular business where an email is sent with a one time use CC number, and I have also dealt with a business specific CC number where only one business is whitelisted for transactions with it, but these rely on the CC companies and users rather than using a "guest pass" system as a business end default). If you want to set up an account for the purposes of saved history and such, that's fine. Keep it separate from transactional data. I know with NJ, paying state taxes allows for people to log in and see certain information with just a business name and a tax ID #, but you can't actually pay your taxes or do any sort of modification/transactions without logging in with the business name and password. A differentiation between what information needs to be encrypted and what does not should also be a standard. My netflix account and playlist shouldn't require much to get in, but to access the account or pay my bill should. (and since often that is autopaid, really, you could have an 800 number with some automated menu to update any billing related issues, which would remove access to this info from the web. In short, if we didn't USE a highly insecure system (the web) to story highly sensitive data, passwords wouldn't be a huge issue.

Just so you guys know, you misspelled "vastly" in the 2FA description found at 8:02

Yes! Thanks for doing this topic Brian and Jason. I'm changing all my passwords today.

Came for XKCD reference. Time 3:50. If you do it XKCD's way, and use four truly random words, your password will be nigh invulnerable.

Very clear explanation of the new guidelines!

For even bigger security freaks, I suggest not using lastpass because it send all of your password (I know they are encrypted but still) to the cloud. I' d strongly suggest a local based password manager, like KeePass or PasswordSafe, they store them in a file on your computer or smartphone. Then you eigther manually keep the latest verion of the file on your computers over usb or sync them but using your own server. Your server don't has to cost you a single more dime as file sharing servers can run on your computer in background and so your password will only be synced over your local network. I'd also suggest checking out YubiKey. It's like a usb stick that's made specifically to store your passwords and can send them to your phone using NFC whne you need to log in somewhere. PostScriptum 2FA is often a good way to get your phone number as it shouldn't be required for the 2FA setup. Many sites don't ask it. Those are good sites. Some like facebook apparently can't do without... Just sayin'

Two factor verification: Having two different keys, one being the handle lock, the other being the top lock.

An IT person once told my friend "think of a song and use the 1st letter of the word of lines" so you can sing the song in your head and type the 1st letter. I dont use that but thats one way of remembering long passwords

My new password is just gonna be the tragedy of Darth Plagueis the wise

This about this nightmare scenario: You have created a 36 characters password, completely random, actually you wrote a random number generator in your favourite programming language, on a laptop, that was freshly formated and never connected to the internet. You have used it, to protect your cryptos, now you have forgotten it.

Take a mixture of 3 either words or names, make it 4-6 characters long combining the words, then take a random number generator to get 4-8 characters, through in some random allowed symbols and put it through a jumbler. Rinse and repeat for every password with different words and numbers, get lastpass and store them there, you'll eventually remember them over time but it does take a long while

My childhood best friend used the word Dragon in every password he would use. It was always his favorite Yugioh card at the time, which was always a dragon.

What about KeePass? It has the password management without the online repository.

You literally devoted a whole episode to the sponsor... Crazy man

Anyone else gonna mention the fact that the website that they just entered their "actual" passwords into wasn't https secured specifically at 14:30

3:48 I disagree that this is a good way to make a password "correcthorsebatterystaple" would be the similar as a 4 digit(word) password if the hacker is using dictionary hacks

two factor is the worst in the way it works in most cases, where if you have acces to the phone or sometimes even phone number, you can use that to reset a password and get in the acount that way, essentially making 2 factor just 1 factor. i work in IT and i have a pretty good ground in cyber security and the amount of people that got their acounts compromised because they had set up 2 factor you wouldnt belive, so if a site offers 2 factor please make sure its for login only and you cant just reset the acount password with the phone number or phone, if this is the case DONT USE 2 factor, in that case just a storng password or as they would call it in cyber a passphrase is the better option, and ofcourse never repeat a password and make sure you have as few acounts linked as possible so if one gets hacked in to or compromised the others are likely to be safe

Been using LastPass for years, Its a great tool to keep track and make secure passwords. PRO TIP: when you sign up for Lastpass or any password manager. Use a "Privet Email account" an account that you never give out, this will make it twice as hard to get in to. IT won't stop hackers but it will make it a lot harder

Next episode: Brian demonstrates how to use a keylogger, using Jason's passwords as demonstration.

Top tip: Never re-use passwords. This is very important. It's unlikely your password will ever be brute-forced if you have a decent one. These days most password leaks are done through website vulnerabilities or phishing. Use nice unique passwords for everything and one super impossible one for your email.

In the end when they put their own passwords I got very worried for them, cause exactly these kind of websites are used to spoof you, because the password you enter you have used once, are using or will use in the future. As an analist here this is very scary.

I would recommend using a password generator, and store all of your passwords locally, in a text file, preferably on a flash drive. also, use 2fa ALWAYS

Lolz... My first email's password was "starwars". Hahaha!

Remember that Brian said "UNLIKELY to rip your eyeballs out"

Another tip for using password managers. Back the passwords up in another password manager (KeePass for example). Or have a backup on a usb. Maybe make two backups.

Coming back to this episode after a while. I don't use 2FA unless something makes me. My passwords are all weak. Most of the safety guidelines are more aggressive than they need to be and I'm doing okay without them. It isn't hard. 1. I try not to keep anything valuable online. 2. Anything I have online that is valuable to me is linked to a separate email. 3. I don't tell people squat about myself (on a security question level). 4. I use Wi-Fi at home and mobile data everywhere else. 5. I don't sign in on anybody else's devices for any reason. Standards don't keep you safe. Using your head does. Same thing goes for not getting yourself hurt, not having things stolen, and not getting viruses on your computer.

"1Password is the only commercial password manager I recommend, but I'll go further than that when it comes to LastPass and say: I really think you should avoid LastPass, and, if you're using it, migrate to something else. I'm not going to go into details, sorry." - Thomas Ptacek, a well-respected security expert. Take from that quote what you will, but I personally know that he has a much more experience with password security than I do, so I take he advice on this one.

I always make sure to get really drunk and high when I make a password, and save it to my password manager, so literally no one knows any of my passwords. Ha!

The modern rouge and last pass talk on the phone. Last pass: we want to sponsor you, heres our plan, scare your audience, then tell them we are the best solution. Modern rouge: sure, sounds good.

A note, if you are going to use thins relevant to your life in your password, use obscure ones. For example, my old password was the name of a street I passed everyday when I was in a different state. It's so obscure that even if you saw the name, you wouldn't have any idea what it meant to me

Good password creation tips are one of those things that disappear when they are observed. If good advice is given to large numbers of people it becomes bad advice. Except length, the longer the stronger. Make it something easy to remember and simple, because then you can make it long The ending of the messages is what clued the allies off in where to start looking for patterns, but the fundamental flaw in the enigma machine's algorithm was that there was regularity in its ciphering- it couldn't not randomize every letter to a new letter. That is to say you could guarantee that if a letter of a word started out as an 'a', that it wasn't going to be an 'a' when encoded. I love the irony/tragedy of not being able to not randomize being the key to seeing the pattern

One of the major flaws with the Enigma code however was technical in nature; it couldn't encode a character as itself. So you might have a garbled string like, "fjkhdfauyuiwopqpfvlkuehjkassdoguoiui," but you could be sure that if you saw "f" that the original character could not have been an f.

How did I know before the video started that this was an ad for LastPass...

Saw in a movie, guy had a magazine subscription and changed his password to the number/ letter code on the mailing label every month the latest issue came out. Sounds like it might work.

Passwords with words, a symbol between them and a number at end is easy to remember but hard to brute force, for example: Disk-Nails-Container-Coconut-2