I recently had created on WLFriends.org which is presented by Wikileaks, I noticed a big thing there that the process of signing up at WLFriends was very distinct from the other normal sites. There, they asked my language, place, contact details, my short bio and email and after completing these tasks they provided me a key, which was having the mixture of both capital alphabets and numbers, So I want to ask that that isn't there is any risk of getting my ID hacked if someone randomly try to put any numbers or letters. By chance if someone tries to randomly type any letters or number wouldn't the hacker would be able to acquire mine or someone else key?
Asked
Active
Viewed 158 times
0
-
Are you sure it's not a honeypot? – Deer Hunter Jan 08 '13 at 09:44
1 Answers
2
How long is the key they provided? The strength of that key is the strength of any alphanumeric password of that length. Theoretically, anyone that random types characters may be able to guess your gmail password or any other password, but because the number of possible values is very large, the chance of doing so is very small (unless your password is "12345").
By having a key consisting of only letters and numbers, the possible password set is reduced, but if the key is long enough and random enough, you should be ok.
The strength of the password protection is actually given by many factors, the password strength being just one of them. A few others are:
Does the account block if you try a lot of keys? Are the keys associated with usernames, or they are the single information you need to access the website? Is https used (I saw that it is)?
Dinu
- 3,166
- 14
- 25
-
The given key has 16 alphanumeric characters with few spaces, And another thing in WLFriends is that while I login to my account it only asks for my key, nothing else. – Saharsh Jan 09 '13 at 04:34
-
If the key has a fixed length of 16 characters then there are around 62^16 possibilities, a pretty large number. I don't think that using just a key to access the website is not the best option, but it depends a lot on the options you have while you are logged in, to decide if this is a problem or not. If, for example, you can just read some articles using this account, then if someone else would guess your key, he would not have access to any of your data. – Dinu Jan 09 '13 at 09:39