That way they have to spoof a designated MAC address before they can even access the password feature. They’ll most likely head to someone else’s router first.

Are you paying for a chance to crack it, or for the crack? If you’re paying them to crack it it seems ridiculous to pay for the more expensive one because if they fail then they haven’t lived up to their obligations and it should be their responsibility to make the matter right. If you’re paying for the chance then it seems ridiculous NOT to pay for the more expensive one since if the smaller database fails then that’s money wasted.

Perhaps when every password is guessable, no matter how cryptic, we’ll have to make them so long that they’re no longer memorizable, so then you’d have to carry your password around on a thumb drive, and transmit your password when needed. This, of course, kind of violates the first commandment of system security, which is to keep them in your head, not your pocket, but I would think an unidentified thumb drive with some .txt files on it would be no less secure than your car keys.

Another good password tactic I’ve found is using a phrase you can remember, but only the first and last letters of each word. “dtyuwtmebydtyuwtmeoh” would be an example.

/!\ http://www.cracker-wifi.com/ /!\

enjoy!

S

If you’re doing that, something like an RSA SecurID token, which generates clock-based one-use passphrases, is probably a better option. (In the software-token form, it’s essentially as you describe, except instead of sending the actual secret, you send a hash based on it.)

My favorite trick for generating a passphrase is to take the nth letter of every word in a familiar phrase I’m unlikely to use in daily conversation and throw in some numbers and special characters for flavor.

GRC’s Ultra High Security Password Generator

https://www.grc.com/passwords.htm

Alpha Bravo Charlie Delta Echo Foxtrot Golf Hotel Inigo Juliet Kilo Lima Mike November Oscar Papa Quebec Romeo Sierra Tango Uniform Victor Whisky X-ray Yankee Zulu Niner Zeh-ro.

And for hexadecimal, one only needs the first six of the above.

That’s why I use ‘letmein’.

Hang on a sec… d’oh!

> You can run your job against half of our CPU cluster for $17 US, or you can run it against the entire cluster for $35 US. The half-mode will take at most 40 minutes…. the full-mode will take at most 20 minutes.

So the $35 is for 20 minutes; the $17 is for 40.

This is really rad.

It’s still not strictly random, letter frequencies in English being what they are. But it’s a lot harder to crack than a dictionary or semi-dictionary password. And it’s easy to remember — just sing the song, recite the poem or the quote to yourself, and you’re good to go.

The trick is remembering a different one for each place you need a password/passphrase. I’ve resorted to a password-keeping program. Of course, that means my passwords are now only as secure as my computer. One does what one can. (And it’s better than keeping them written on paper or in a plaintext file, which I have seen otherwise intelligent, techy people do.)

And less techy people? They’re still struggling with the idea that their computer login, Gmail account, Facebook account, and bank account are not all linked by the One Password To Rule Them All. It’s not just that they choose to use the same password everywhere — it’s that they don’t even grasp that they could use different ones. They just have a computer password, so it should work for all that computer stuff, right?

The analogy of keys helps for many people. They grasp the concept that they have different keys to their home, car, office, toolshed. Once they understand that different computers and websites are actually different “places,” they grasp that they might want to use a different “lock and key” for each.

Of course, it doesn’t stop them using obvious passwords. My husband works in IT and has stunned users who can’t remember their passwords by telling them “Try your dog’s name.” It invariably works, and they stare at him in terror. “How did you know? Are you psychic?”

A list of the most common dog names would probably save even the time of a dictionary attack…

“WPA Cracker is a cloud cracking service for penetration testers and network auditors who need to check the security of WPA-PSK protected wireless networks.”

So, it’s only for people testing or checking their own security. Whew! I can stick with using “password” on all my accounts!

If they CAN be traced or identified, what’s to stop some righteous person from hacking into them and destroying their systems? Not like they don’t deserve it. Bastards.

And yeah, I totally believe they’re just for penetration testers and so on. Just like the old Blueboy magazine was for women. It said so on the cover!