|
I started to do that. But when microsoft started directing me to outlook for my hotmail, i locked myself. Im just hoping I wont repeat my mistake if yahoo mail decides to switch to being called verizon mail.
|
|
|
|
|
Countless examples, countless hacked world-wide services, countless users affected (including myself) and we still believe that we are safe behind a hash? Yeah, right!
|
|
|
|
|
Alternatives, like biometrics, are much worse. At lease it is possible to make password system secure. I mean you have to be conscious to give away your password.
|
|
|
|
|
I don't keep the passwords in my mind, other than those really crucial like my email and social media. Everything else is secured in my KeePass. I think this is a good practice.
On the other hand, My bad practice is, I always keep few sites logged in. Specially, the blogs and tech sites, even CodeProject, is always logged on in my computer(and I don't remember the password if I accidentally logged out and need my tiny USB to use the KeePass).
|
|
|
|
|
I believe in the practice you are promoting, and I would love to have a system that "fills in" the passwords: basically, only one password with two-step verification, is needed to be known (to get into the vault of passwords). Unfortunately, there is no company that I trust sufficiently to hold that vault.
|
|
|
|
|
Greg Lovekamp wrote: I would love to have a system that
Greg Lovekamp wrote: Unfortunately, there is no company that I trust sufficiently to hold that vault.
Code your own
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
I think that next survey question should be :
" Would You like the World without passwords ? "
and possible answers
" Yes "
" No "
All the best,
Perić Željko
|
|
|
|
|
|
That being, what about the user names used?
When you look at uid/password pairs, I could claim I essentially never reuse anything. Along with a different email address for each place I give any information of any kind.
And, except when required by law, nothing else is true or repeated, either.
Along with rapid email notifications of transactions for almost everywhere.
Philosophy -> Best place to hide a tree: in a forest.
Ravings en masse^ |
---|
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein | "If you are searching for perfection in others, then you seek disappointment. If you are seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010 |
|
|
|
|
|
Likewise, I create a new proxy address for almost any account I activate online. Along with creating more complexity to hack other accounts, it also means that when someone has a breach and I start receiving spam to a particular address, I can usually determine exactly who leaked it.
|
|
|
|
|
My CP Password is one I've not reused, even in a a derivative, elsewhere.
Am implication of value!
(And, if I'm not lying, a security breach.)
Ravings en masse^ |
---|
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein | "If you are searching for perfection in others, then you seek disappointment. If you are seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010 |
|
|
|
|
|
because, when one database is stolen the attackers can try to use the data on multiple services.
PS: because about 10% are reusing...
Press F1 for help or google it.
Greetings from Germany
|
|
|
|
|
Can try is understatement, they will certainly try
I do not fear of failure. I fear of giving up out of frustration.
|
|
|
|
|
I almost agree with you but you should be describing this in the past tense.
I'm retired. There's a nap for that...
- Harvey
|
|
|
|
|
You are right, I am supposed to say 'they are doing it'
I do not fear of failure. I fear of giving up out of frustration.
|
|
|
|
|
KarstenK wrote: when one database is stolen the attackers can try to use the data on multiple services.
Reputable services do not keep passwords in a database - just a salted hash.
|
|
|
|
|
There are certain things you ask, and certain things you don't. This survey classifies as one of those things you don't.
|
|
|
|
|
I'd say it's not: it's a wake up call to those who voted "I use insecure passwords".
It's the same as publicising Bobby Tables[^] - I'd make T-shirts explaining how to do it and give them away for free if I could afford it.
If you don't think about password security - or SQL Injection - you don't do anything about it. And if this survey persuades one person to think about it, and change their behavior then it's a good thing
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Ok... so here is my argument. Lets say that The Code Project is like every other scum of the earth company and they are into selling people's information to other companies or hackers or whatever. Now imagine them having the user's password and a answer of a forum he voted in where he states he never changes his password and uses the same for all accounts.... they have his password and they have his account password behaviour... they also have his email address where code project sends there daily news to. What more do they require.
Ok, ok... lets say they are not scum... (e.g. they're a free site for all who makes no money whatsoever and who pays their employees from the billions they've inherited from their rich parents and never have to work for the rest of their life but they do coz they just love the world and its people so much)... what happens if they get hacked and the hacker stumbles across this information?
|
|
|
|
|
So the sooner they find out that it's a dangerous procedure, the better no? Before they come across a "bad" site, or a hacked one?
If there is nothing to say "you did this wrong", how will they know until it is too late?
This survey adds no risk: emails aren't shared as a matter of course, and the site owners don't know your password - it's salted and hashed rather than encrypted, just as it should be - so there is no risk added by this survey.
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
I get your point... and the point of this survey. Which is awareness maybe. But I don't know the owner from a bar of soap. The things you claim happens on the security side is hear say.
My point is that, One: it is ignorant to share information about one's password. Two: It is not a question that should be asked.
That is just my opinion in any case. You can agree or disagree. I do feel however that your opinion might be bias as you work for Code Project.
|
|
|
|
|
R. Erasmus wrote: I do feel however that your opinion might be bias as you work for Code Project.
Then Chris has been very remiss with the wage cheques - I better have a word with him...
I'm just a member, like you - I do not now, and have never have worked for CodeProject. My opinions are my own, and do not necessarily reflect those of the website or it's owners. All I have received from CP in the eight years I've been here is a T shirt, a laptop case (I don't have a lappie), and a couple of Bob stickers. And a lot of knowledge. Loads of that!
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
lol, ok. My bad... you can't blame me for that mistake though.
|
|
|
|
|
OriginalGriff wrote: ...All I have received from CP in the eight years I've been here is a T shirt, a laptop case (I don't have a lappie), and a couple of Bob stickers. And a lot of knowledge. Loads of that!
And the points. Don't forget the rep points.
I'm retired. There's a nap for that...
- Harvey
|
|
|
|
|
They are virtual: what the hamsters giveth, the hamsters can taketh away.
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|