Comment

Comment on How Quickly Can AI Crack Your Password?

slazer2au@lemmy.world ⁨2⁩ ⁨weeks⁩ ago

Oh, AI has nothing to do with it. It grabs the RockYou password list and guesses a password based on frequency of use.

This is nothing new.

source

Sort:hotnew top

adminofoz@lemmy.cafe ⁨1⁩ ⁨week⁩ ago
Here is the thing, does the corporate entity you work with use Microsoft? Then your password is stored as an NTLM hash in NTDS.dit. That means you are using MD4.

Has anyone in your organization clicked a phishing link? It only takes one weak link to get in. Then it only takes one (Maybe 2) bad configuration for a malicious actor to escalate privileges. Then dump the whole organization passwords from the Domain Controller.

Hope you aren’t reusing passwords anywhere.

The article isnt bullshit.

source
- slazer2au@lemmy.world ⁨1⁩ ⁨week⁩ ago
  We are all running password less with passkeys so our Entra passwords are all 128 length randomised that even we don’t know because why should we?
  
  Corporate phishing tests are a joke, you can bypass them by filtering for Phishme or kb4 in the email header.
  
  source
  - adminofoz@lemmy.cafe ⁨1⁩ ⁨week⁩ ago
    [deleted]
    source
    slazer2au@lemmy.world ⁨1⁩ ⁨week⁩ ago
    From something i read a while ago when you enable passwordless entra resets your password to something that stupidly long I don’t actively make them that long even in my password manager.
    
    I’d never heard of bypassing a corporate phishing test using an email filter.
    github.com/postmodern/phishing-training-sigs
    Add a rule in outlook/thunderbird if any of those are in the email header toss it to a folder specially for phishing emails. Doing it org wide makes no sense as you say but if you know enough about emails to read the email header you likely aren’t the target for the phishing training.
    
    I am well aware of evilnginx :D
    
    source