In order to check that the new password isn't a derivative of the old password, don't they have to compare it to a saved, clear-copy of the old password? That seems like a violation of security protocols already. Isn't the rule to just keep a hashed, encrypted version on the server?
I know what your password is and you are an idiot
- Thread starter rjh01
- Start date
rjh01
Gentleman of leisure
That was my thought too. They do not even enforce basic security, yet want people to change their passwords. A procedure that even further weakens security.
ComfySlippers
Banned
I'm glad I finally found this thread.
I use Tapatalk and when the thread was started I got a notification pop up on the iPad saying "I know what your password is and you are an idiot" which I dismissed too quickly.
Captain Paranoia was briefly sitting on my shoulder
I use Tapatalk and when the thread was started I got a notification pop up on the iPad saying "I know what your password is and you are an idiot" which I dismissed too quickly.
Captain Paranoia was briefly sitting on my shoulder
ComfySlippers
Banned
Rats. How about this. Make all the passwords the same. That way, although the hackers would know the universal password, they wouldn't know whose password it was.
Also, I recommend using English words for your password. That will defeat Russian and Chinese hackers who don't understand English. If you want to protect against ISIS though, put "pork" or "pig" in there somewhere. If Christians are a concern, use "IloveSatan" as your password. They can't type that.
I'm surprised no one has thought of these useful security tips yet. Perhaps I will see about getting something published on the Malwarebytes blog.
Also, I recommend using English words for your password. That will defeat Russian and Chinese hackers who don't understand English. If you want to protect against ISIS though, put "pork" or "pig" in there somewhere. If Christians are a concern, use "IloveSatan" as your password. They can't type that.
I'm surprised no one has thought of these useful security tips yet. Perhaps I will see about getting something published on the Malwarebytes blog.
catsmate
No longer the 1
- Joined
- Apr 9, 2007
- Messages
- 34,767
Most corporate filters wouldn't allow that anyway.
Here we have length and complexity rules, plus a system attempting to break the hashes of users passwords; if it succeeds they're automatically required to change it on next authentication.
jeremyp
Philosopher
rjh01
Gentleman of leisure
Agreed. Something similar is likely to happen if the police want to look at the contents. Just depending on a password would not be enough.
Trebuchet
Penultimate Amazing
Reminds me of when I left the passenger door of my car open and somebody got in and stole all the loose change off the dash. Lesson learned: If I'd simply locked that door, I could have had a broken window like everyone else on the block.
xterra
So far, so good...
Another vote for KeePass. The advantage over some other password generation and storage programs is that it is NOT online.
At the minute, I have about 145 entries in the file, and not many use the same password.
As for the xkcd "correct horse" cartoon, I do occasionally use a variation of that strategy, with the substition of special characters for some letters. These passwords are for sites I might need to access when I don't have a computer handy. (I don't have a smart phone, so I can't access the sites via the phone's browser.)
ETA Didn't we recently have a thread about using password programs?
At the minute, I have about 145 entries in the file, and not many use the same password.
As for the xkcd "correct horse" cartoon, I do occasionally use a variation of that strategy, with the substition of special characters for some letters. These passwords are for sites I might need to access when I don't have a computer handy. (I don't have a smart phone, so I can't access the sites via the phone's browser.)
ETA Didn't we recently have a thread about using password programs?
Last edited:
rgbeard
Student
Fortunately, for me, I'm okay.
j/k. Carry on.
- None of my passwords are on the list.
- I didn't use my real name. I used the name: Richman Longcock.
j/k. Carry on.
The Central Scrutinizer
Penultimate Amazing
- Joined
- Dec 17, 2001
- Messages
- 53,097
Mine is all 7's, but I spell it backwards.
If I had used any of those it would have been pepper. But way too many people know I love hot foods to do that. Same for bacon as a password.
Hey, that's my password.
ETA: Was may password. Spent the last hour changing them all from B4c0n to something even more delicious!
ETAA: No, that was a lie. There is nothing more delicious.
Quite so!!!