tag:blogger.com,1999:blog-4167684119478977136.post9513200802894511..comments2024-03-22T08:23:38.715+00:00Comments on Trouble At T’Mill - a wargaming blog: Kickstarter and passwords....Mike Whitakerhttp://www.blogger.com/profile/02165272678144625943noreply@blogger.comBlogger9125tag:blogger.com,1999:blog-4167684119478977136.post-1559187092501302832014-02-17T14:07:59.929+00:002014-02-17T14:07:59.929+00:00There are many sites that I do not use regularly (...There are many sites that I do not use regularly (nor expect to) where I don't try to remember the password.<br /><br />Just rely on the password reset email everytime!Piscatoreshttps://www.blogger.com/profile/09993952341776678764noreply@blogger.comtag:blogger.com,1999:blog-4167684119478977136.post-488782127177561282014-02-17T13:15:49.929+00:002014-02-17T13:15:49.929+00:00The problem is that it's not just a question o...The problem is that it's not just a question of remembering a few passwords. Virtually every site now wants you to have a password I literally have hundreds of sites that need a password. I've changed my Kickstarter one but I have no idea how many other sites I have used it on. legatus hedliushttps://www.blogger.com/profile/17078980742683576345noreply@blogger.comtag:blogger.com,1999:blog-4167684119478977136.post-79288336132478694202014-02-17T09:38:33.367+00:002014-02-17T09:38:33.367+00:00Salting doesn't make it that much tougher, and...Salting doesn't make it that much tougher, and if you restrict yourself to the 500 worst list you probably still get a ridiculous number of hits :DMike Whitakerhttps://www.blogger.com/profile/02165272678144625943noreply@blogger.comtag:blogger.com,1999:blog-4167684119478977136.post-3422360431884498702014-02-17T09:36:16.819+00:002014-02-17T09:36:16.819+00:00Password reuse - http://xkcd.com/792/
Strong passw...Password reuse - http://xkcd.com/792/<br />Strong passwords - https://help.ubuntu.com/community/StrongPasswords<br />"Enough computing power" - especially gamers with powerful GPUs - modern brute force search against simple hashing is scarily fast: http://www.codinghorror.com/blog/2012/04/speed-hashing.html https://password-hashing.net/<br /><br />Kickstarter passwords were at least salted before repeated hashing, so you can't compare against the whole list, you have to do them one at a time.<br />(Yes, I know you said you were oversimplifying. And yes, it's more than some developers manage - Adobe for example: http://xkcd.com/1286/ <br />http://nakedsecurity.sophos.com/2012/11/15/cracked-passwords-from-alleged-egyptian-hacker-adobe-breachegyptian-hacker-allegedly-breached-adobe-leaked/ )Alan Bragginshttps://www.blogger.com/profile/11011018735846420368noreply@blogger.comtag:blogger.com,1999:blog-4167684119478977136.post-15672358343792843792014-02-16T22:08:00.664+00:002014-02-16T22:08:00.664+00:00Passwords are a minefield.
We expect everyone who...Passwords are a minefield.<br /><br />We expect everyone who is not in IT to be able to form and remember strong passwords.<br /><br />But we also expect everyone to have and use the wonders of the Internet. <br /><br />Surely the time has come for a better solution to security on the internet.<br /><br />Even banks give us the appearance of security by making the process complicated.<br /><br />This again just encourages poor behaviours.<br /><br />Finally how many computers have you seen with post-its stuck on them and wonder why a national database of patient records is doomed. <br /><br />Remember even biometrics are just a string of data that can be intercepted and copied! Piscatoreshttps://www.blogger.com/profile/09993952341776678764noreply@blogger.comtag:blogger.com,1999:blog-4167684119478977136.post-60995359728893318562014-02-16T20:02:20.569+00:002014-02-16T20:02:20.569+00:00Hence my point about most websites still working a...Hence my point about most websites still working at the simpler end of things. :DMike Whitakerhttps://www.blogger.com/profile/02165272678144625943noreply@blogger.comtag:blogger.com,1999:blog-4167684119478977136.post-53269294475517399742014-02-16T20:00:05.219+00:002014-02-16T20:00:05.219+00:00This was a distressing email to read this morning,...This was a distressing email to read this morning, and a helpful blog post to read this afternoon. Changing my PW as soon as I finish this,<br />It's distressing how frequently this sort of thing now seems.Mad Padrehttps://www.blogger.com/profile/00410143683610813671noreply@blogger.comtag:blogger.com,1999:blog-4167684119478977136.post-53333082921342488562014-02-16T15:40:33.998+00:002014-02-16T15:40:33.998+00:00A good modern hashing algorithm is reasonably resi...A good modern hashing algorithm is reasonably resistant to dictionary cracking by requiring significant computational effort, but mostly people don't use them. See <a href="https://en.wikipedia.org/wiki/Key_derivation_function" rel="nofollow">Wikipedia on KDFs</a>. And yeah, there are still sites out there using clear password storage.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4167684119478977136.post-70167216616277818392014-02-16T14:54:19.363+00:002014-02-16T14:54:19.363+00:00The good news is, as soon as you log in, they have...The good news is, as soon as you log in, they have a big button at the top of the page to take you to their "Change Password" page. It also says that they highly recommend you change it due to the data breach.AHunthttps://www.blogger.com/profile/08148857673973402238noreply@blogger.com