Facebook Hacking....worst recovery system ever

[UNSTUCK]

I'm curious how that'd work for you. I'll try other things

In all seriousness though, why would one 20 digit password be better than another? I know nothing about hacking. Is a guy randomly entering 20 digits? Even if it’s some computer program trying passwords, the probability of guessing right should be the same?

 

[mbryson]

In all seriousness though, why would one 20 digit password be better than another? I know nothing about hacking. Is a guy randomly entering 20 digits? Even if it’s some computer program trying passwords, the probability of guessing right should be the same?

You've made a good argument. Mathematically, I don't think you're wrong at all on the probability.

 

[Cody]

I can get back into Instagram but the hacker has their meta account linked to it and I can't delete the hacker's email or meta account without access to their 2 part authentication app.

Any suggestions?

 

[Herzog]

In all seriousness though, why would one 20 digit password be better than another? I know nothing about hacking. Is a guy randomly entering 20 digits? Even if it’s some computer program trying passwords, the probability of guessing right should be the same?

If it's based on any dictionary word or combination of dictionary words they can be brute forced pretty quickly now days. Even if there is a number or two at the end. Commonly people will use passwords that are a dictionary word or name along with a couple numbers or special character at the end. The pattern is what is easy to attack. You'd be surprised how fast a letter only password of any length can be attacked and found. Computers are FAST now days...

Password managers help with this because they are truly random with multiple special characters inbetween upper and lower case letters and no words are discerned.
Because most sites block brute force attempts (including RME) hackers will sometimes find a site that doesn't block attempts and eventually find the right pw for a user. They then operate on the assumption that the password they found is re-used on many other sites for the same username.

OR his re-used password was divulged in a previous breach and was posted online with the millions of other passwords and accounts. (this is most likely)

TL;DR - Don't re-use passwords for important sites. You might not think FB is important until grandma is getting dickpics (or bitcoin junk, same thing) in her DMs from your account...

 

[Herzog]

I can get back into Instagram but the hacker has their meta account linked to it and I can't delete the hacker's email or meta account without access to their 2 part authentication app.

Any suggestions?

I'm guessing you already went through this process: https://www.facebook.com/help/1306725409382822?helpref=faq_content
I have no idea, I just joined FB again a couple years ago because all our county stuff is only posted there.

 

[shortstraw8]

Offline password store like keepass and good strings
strings /dev/urandom | grep -o '[[:graph:]]' | head -n 30 | tr -d '\n'; echo
Many methods of the above for any OS, just ensures it is random and not tied to some online generator that who knows what is tracked.
Keepass has a good generator also with a ton of cryptographic options to generate strong passwds.

Only log in from limited devices. If the site does not support special characters or 25+ characters don't do anything important with it. 2fa is alright with 16# pin and ubikey makes pretty solid protection, key pair is great (if you generate with a good crypto algorithm) but not every site supports that.

 

[N-Smooth]

I use Keeper. It has a “generate random” function so all of my really important passwords are total freakin’ jibberish. Can recommend